Age Verification Without Surveillance on AI-Driven Social Media: How Purpose-Bound Cryptography Resolves the Online Safety Paradox

About this paper

This paper argues that the conflict between online protection and privacy is not inevitable. The real problem is that most current systems wrongly treat compliance and identity as the same thing. The proposed VI + CJT framework separates them. It allows platforms to receive only the minimum lawful compliance result they need — for example, whether a user falls below the relevant legal age threshold — without learning the child’s name, date of birth, address, biometric profile, or broader identity. In that sense, the paper’s central theme is age verification without surveillance through purpose-bound cryptographic enforcement.

How AI Makes the Problem Worse

AI makes the children’s online safety problem more serious in three distinct ways. First, it changes exposure from passive to active. Harmful material is no longer merely available on a platform; recommendation and optimisation systems can identify vulnerable users, rank harmful content more aggressively for them, and progressively amplify it based on engagement signals. In that environment, a child is not simply finding harmful content — the system is learning from the child and serving more of it.

Second, AI makes weak age-verification methods more dangerous. A false self-declared age is no longer just a wrong entry in a sign-up form. Once accepted, it becomes operational input for recommendation, advertising, and behavioural optimisation systems, which then treat the child as an adult user profile. This means the error is not static; it is continuously acted upon by AI systems that optimise for attention and engagement rather than child protection.

Third, AI encourages platforms to solve the problem through more surveillance. In practice, this often means AI-based age estimation using faces, voices, or behavioural patterns. But this approach creates a new harm while claiming to solve another one: it turns child protection into biometric and behavioural monitoring, and can generate datasets that may later be reused for additional profiling or model training. In other words, AI can make age assurance both more intrusive and less accountable.

A further difficulty is that AI systems are often opaque even to their operators. As your draft correctly notes, policy rules alone may not be enough, because platforms may not reliably know how their own recommendation systems are treating minors in practice. This is why the problem is not only one of age verification, but also one of enforceable control over AI behaviour.

That is precisely why the VI + CJT model matters. It does not ask AI systems to infer age or interpret law for themselves. Instead, it provides a minimal, authoritative compliance signal and machine-readable constraints that can limit recommendation, advertising, and profiling behaviour toward minors without exposing identity.

Current Solutions 

• Self-declaration is easily bypassed. A child can simply enter a false age, and the platform’s AI systems then treat that false declaration as valid input for recommendation, targeting, and optimisation.
• Identity-linked verification creates major privacy risks. When age assurance depends on sharing civil identity information with commercial platforms, the result is unnecessary exposure of family and child data to entities with strong incentives to collect, retain, and monetise it.
• AI-based age estimation introduces biometric surveillance. Estimating age from face, voice, or behaviour may appear convenient, but it creates new harms by collecting sensitive personal and biometric data as a side effect of child protection.
• Current systems collapse compliance into identity. What platforms usually need is not the full identity of the user, but only the legally relevant compliance fact. Existing approaches fail because they demand far more data than is necessary for that purpose.
• Policy rules alone are not enough in AI-driven environments. Even where legal obligations exist, platforms may not reliably translate them into enforceable constraints on opaque recommendation and engagement systems. As a result, compliance may remain declaratory rather than technically enforced.
•  

Proposed Solution

• Use VI + CJT as a purpose-bound cryptographic layer. The framework converts verified civil identity held by trusted authorities into a minimal compliance credential that reveals only the relevant age-threshold result for the applicable jurisdiction.
• Avoid disclosure of identity data. The credential contains no name, no full date of birth, no address, and no biometric data. Each credential uses a fresh random identifier, making it unlinkable across sessions.
• Keep the credential under user control. The credential is stored on the user’s device in secure hardware rather than on platform servers, reducing centralised exposure and retention risks.
• Use zero-knowledge proof for age compliance. When access is requested, the platform receives only a yes-or-no compliance result, without learning the underlying identity attributes or credential contents.
• Encode law into machine-readable CJTs. The Compliance Jurisdiction Token expresses the applicable legal rules, including jurisdiction-specific age thresholds and AI-related restrictions such as limits on engagement optimisation, advertising targeting, or behavioural profiling for minors.
• Constrain platform AI without making it identity-aware. Recommendation engines and other AI systems receive only the compliance signal necessary to adjust behaviour for minors, allowing them to become jurisdiction-aware and age-aware without becoming identity-aware.
• Replace probabilistic AI age estimation with authoritative attestation. Instead of guessing age through opaque models, the framework provides deterministic, government-signed, legally relevant compliance proof.
• Enable auditability and cross-border enforcement. Regulators can test whether platforms respond correctly to compliance signals, and the applicable child-protection rule can follow the user across borders through jurisdiction-bound credentials and tokens.

Core Message

The paper’s core message is simple: platforms do not need to know who a child is in order to know what protections the law requires. By separating compliance from identity, the VI + CJT model offers a path to child safety that is enforceable, privacy-preserving, and better suited to AI-driven digital environments.