Recently, the ESRB and digital identity firm Yoti filed an application to the FTC. The application details a design for “Facial Age Estimation,” used to guess the age of users using the front-facing camera of a cell phone. Reports of this application soon followed, speculating that the ESRB might use this technology to scan children’s faces and verify their ages.
However, the ESRB recently responded to these statements, saying it would not be used for this reason. Instead, the ratings board says this tech is going to be used for parental consent when signing up for new games.
ESRB Responds to Reports about FTC Application
In an email sent to IGN, the ESRB clarifies the claims being made about their application for “Facial Age Estimation.”
For those unfamiliar, the program allows users to scan their faces with their cellphones, in a similar manner to unlocking your phone with a scan. Reports about this application speculated that it might scan children’s faces to verify their age, before they tried to purchase an age-restricted title. However, the ESRB has come out saying this would be used as part of the parental consent process, clarifying this in an email to IGN:
“First and foremost, this application is not to authorize the use of this technology with children. Full stop. Nor does this software take and store ‘selfies’ of users or attempt to confirm the identity of users. Furthermore, this application makes no mention of using age estimation to prevent children from purchasing and/or downloading restrictively rated video games, nor do we intend to recommend its use in that way.“
The ESRB continues its email by claiming that the “verifiable parental consent mechanism” is only to be used by parents as an alternative to previous methods. This will not use any technology like Apple’s FaceID scanners on iPhones; rather, it only verifies via a facial scan. The image itself will not be stored, but rather, pieces of the image are cross-referenced between a pre-existing database. The program could then determine if the face scanned is over the age of 25, to prevent older-looking teens and children from spoofing the scan, and spit out a binary “yes or no”.
The ERSB says the facial scans are live, and not “facial recognition” which is used to determine identity. The representative goes on to describe a scenario in which this technology is used.
“When a child attempts to sign up for a new service (website, application, video game, platform, etc.), by U.S. law, they will be prompted to provide a parent’s or caregiver’s email address or other contact information. The parent is then usually sent an email asking them to confirm their consent for the collection of certain data from their child. If the company collecting the data is using Yoti technology, the parent will be asked for their consent and prompted to use their front-facing camera to scan their face (which must be live and in person). Yoti’s technology encrypts the information gathered from the scan, then breaks down portions of this scan to accurately estimate the parent’s age. Our application to the FTC recommends that the age threshold be set at 25 to prevent teenagers or older-looking children from pretending to be a parent.”
The ESRB asserts the data used in the process will not be stored. Nor, will it be used for AI training, or shared with anyone. With it being a cut-and-dry way of verifying if the consenting parent is over the age of 25, the ESRB claims that it’s a “highly privacy protective solution for VPC.”
While the claims about “carding” young gamers when purchasing restrictively rated titles seem to be debunked, much is still unknown about how this is going to be used. The application and the ESRB email are largely theoretical, at this stage. However, where and how it will actually be used remains to be seen.