Stanford Security Lunch

Abstract: Jurisdictions across the world have started to require websites, services, and even devices to perform age assurance for their users, with the intent of excluding users outside of certain age ranges. Current age assurance technologies are highly imperfect and present challenges in terms of accuracy, availability, circumvention resistance, and privacy. Moreover, many age assurance mandates are written in ways that impose large burdens on vendors, platforms, and users, and may not even achieve their own stated goals. We examine the capabilities and limitations of the most common age assurance technologies and architectures, as well as some of the ways in which age assurance mandates can go awry. This talk is based in part on joint work with Alissa Cooper and Zander Arnao: https://kgi.georgetown.edu/wp-content/uploads/2026/01/Age_Assurance_Online_Technical-Assessment_Report_KGI.pdf

Bio: Eric Rescorla is a Palo Alto based technologist with a focus on privacy and security for Internet communications. Eric has contributed extensively to many of the core security protocols used in the Internet, including TLS, DTLS, WebRTC, ACME, and QUIC. He is the former Chief Technology Officer, Firefox, at Mozilla and recently served as Chief Technologist for the Center for Forecasting and Outbreak Analytics at the Centers for Disease Control and Prevention.