 Thanks John. I'd like to thank Berkman and the Attorney's General. I'd like to thank Task Force members and all of the others who just had to join us today as well as the the other folks who submitted presentations throughout this process. I'm going to try and do this in five minutes like everybody else start your watches. Overall our kids safety approach at Microsoft falls into three buckets. There's we provide tools to parents to try and keep kids safe online. We provide educational materials to help parents with that process and to help educators of that process and we collaborate with with law enforcement in in their in their processes. The the pieces that I want to share with you today fall into the tools bucket and tools to tools that can empower parents to to help keep their kids safe. But I want to underscore at the outset that we were really firm in our belief that no tool is a substitute for for parental supervision and guidance. At the end of the day parents need to be to be involved and we can only do so much to help them keep their kids safe. I'd also like to say at the outset we don't have all the answers. This is a this is a concept not a solution. I'm not trying to sell you a product. I'm trying to forward the discussion and there's some technology that we think might help with that but this is not a product pitch or or a sales sales job of any kind. So none of this is part of a launched or an existing product. So conceptually we have we've heard a lot this I guess this morning about identity and at Microsoft we think that this larger question of age verification is rooted in this in this issue of identity. We've heard we've heard from a number of different groups today talking about sort of talking around how the identity the identity issue can help age verify kids and in turn perhaps make make kids safer on the internet. Let me just let me just step through sort of a taxonomy to frame this up and then and then we'll move forward. Conceptually we have a couple of kinds of sites. We've talked about adult sites and we can use identity or age verification to perhaps keep kids out of adult sites at one end of the spectrum. We have general audience sites that perhaps everybody can participate in and then we have this notion that I think people have been been sort of dancing around which is this these age verified digital playgrounds that perhaps only kids if we could somehow age verify kids or perhaps kids and authenticated adults trusted adults could get into. And so the discussion that I want to have you know the next 15 minutes is around this notion of walled gardens for kids that are you know safer ecosystems that kids could get into you know if they had the right the right verified credential and that perhaps the authenticated adults could get into if they had the verified credential. I want to table and not address discussions of the general audience sites which probably shouldn't be subjected to this kind of regime and I don't want to discuss the adult sites either. So in order to verify the age of a kid you have to know a fair amount about them it's it's it's really an identity verification process or to verify the age of anyone is really an identity verification process. On the internet today there are lots of ways to try and get to a high degree of likelihood that you're dealing with a trusted individual or a trusted person there are their reputation engines there are there are other kinds of online processes but they all they generally you can't say with a very very very high degree of certainty that you're dealing with you're dealing with you know the person that you that you want to be dealing with or that you think you you're dealing with. And so I guess that the core issue here is how to separate kids or humans into different groups and separate them into different groups based on age. And our position is that that in order to really truly do this you have to be able to look at the person in the face and have some kind of offline documentation in hand and say is this is this who who they claim to be. And it's this notion of reusing offline trust the kind of offline trust that's created in different events in society that exist today so events like school registration that we've talked about briefly events like getting a passport events like getting a driver's license these are all times in our society where we've sort of sanctioned a human or an individual to look at some documentation to look at birth certificate and social security number perhaps a utility bill perhaps you know some combination of these documents to look at a child and to look at an adult you know who was handing those documents to them and saying okay you are 16 you can get a driver's license now okay you are five you can register for kindergarten now okay you are who you say you are we're going to issue you a passport for travel abroad there are all these these offline moments in our society where we've sort of said we've said to people in society you are credentialed to issue a driver's license or a different kind of very secure offline document and our position is that that to create these walled gardens that only kids can get into the key thing here is to harness that existing trust that existing offline trust that occurs when you have this kind of a ceremony in the offline world when a passport or a driver's license or a registration event occurs at a school to harness that trust and allow it to be formed in a digital credential in the same way that it's formed into a driver's license today in the offline world and then once you have that kind of a digital credential you know use it in such a way that it's interoperable between sites so that a relying party like a social networking site or a relying party like a any commerce site can look at that credential and say oh that actually has been verified by this offline institution that we trust this offline institution that we that that's been sanctioned by society you know over the course of history or perhaps actually in law depending on the context and the the relying party the the website or web service can can then go forward and and and give the services that that have been asked for a metaphor that I think is really valuable here is there is a level of trust that exists inside some of these spheres so if you think about the school environment there's a level of trust inside the school environment that society has already sanctioned the the people who work in the school have you know gone through some vetting process and society has said those people are okay to be with my kids the people that the kids that are in that in that school have gone through this registration process and society has said those kids belong there so there's this level of trust louder no shorter shorter any questions so there's this level of trust inside the school that you that you have and the question is how can we extend that bubble or inside the school or inside the set of you know people that will accept a driver's license as a credential how can we extend that bubble of trust from that offline space into the online ecosystem and how do we sort of catalyze the market to allow online providers to accept these kinds of identity cards so let me just close very quickly before getting to all the questions is the there's a set of technology called information cards that is actually the plumbing that that can make a lot of this possible and it's an interoperable set of plumbing that you know a couple of companies in this room and a number of other you know companies have collaborated on and it works on max and on windows and on Linux and it's the kind of thing that that is it's highly secure and we can talk at length about the technology but notionally it's this this use of embedding offline trust in digital certificates that can be used in a in a robust and secure way online I'll pause for questions at that point there are a lot of caveats that I'll throw in during the question session but that's sort of the general concept thank you I don't mean to be rude you know I love you Jules but I just want to try to be fair across the board it's okay Philip Hallen Baker's hand up we'll start there and then to the gentleman here and please do just keep saying who you are for the record that would be great Phil Humbaker very sorry in terms of building an ecosphere I was wondering if we could co-opt other parts of Microsoft here in the other moment we're focusing on the problem of protecting the kids and see if we can get that part to work but in order to get the schools involved or whatever we have to have an incentive that the schools can realize so can we get Microsoft's content providing production group that I presume we'll be producing computer-aided learning tools in the future can we get them involved can we get access to site licenses for that computer-aided learning material so that little din here and get so to answer your question is that there there are lots and lots of people inside and outside of Microsoft who would necessarily need to collaborate on these kinds of solutions and honestly Microsoft may or may not you could do this without me but I'd like to help the the AGs are great partners in this process because you know they have relationships with all the school districts because they're state institutions that folks in this room are great partners in this process because we have relying parties who would accept these kinds of IDs we have people who could play the role of identity providers in some cases we have other companies with other technology and similar interest so it's a collaborative process that could all be involved in before going to next question I just want to point out one thing that someone noted to me earlier if you're in your book and if anybody doesn't have the book of all the presentations there are more out there each presentation has functional goals listed here I think one just interesting thing as we're going through this is what problem are we seeking to solve and I take Phil's question to be a little bit like the more broader we get bring other people in you might be able to solve different aspects of the problem Jules has noted to have you know limit harmful contact between adults and minors and others prevent minors from accessing particular site for digital playgrounds and for each one I just want to have everybody bear in mind there are some sets to this problem the different kinds of solutions might or might not might or might not be addressing depending on how it's implemented sir yeah Robert Patrick from eGuardian what's Microsoft's position on doing the actual age verification itself I understand you guys have an underlying infrastructure for the delivery of the digital identities what's your position on the age verification itself so let me parse out the sort of the pieces there there's a there's the the folks who who support the IT infrastructure that could you know make the the credentials move from one party to the other and then there's the folks that could issue the the credentials and then there's the folks that would actually do the actual moment of in-person proofing and I think it's the last piece that you're asking about our position is that that's that's a function that we really need to look to our partners in government to solve industry can you know fill lots of parts of this ecosystem but you know drivers licenses are issued by government because they play that role in our ecosystem you know school registration occurs generally and in the same hands as they issue in passports the really really robust credentials that we rely on in you know the highest level of assurance pieces of our society are generally issued you know from those folks the thing just to note in Jules's presentation you referenced the iCard foundation that's been relatively recently formed is there anyone else who wanted to either from iCard or wanted just to jump in to talk about that we'll give a moment with the mic if that's useful Paul or others maybe Paul Trevathik per second so the information card foundation which is what we're talking about here is a group of many vendors it's not just Microsoft it's also Google it's doh telecom it's Intel it's Oracle it's Novel it's Equifax it's a lot of people and a lot of individuals also some of them are in this room have come together to build a technology that will allow a claim kind of like train tracks move from one place to the other it doesn't solve you know verifying the person's age we're not talking about that this information card technology is the transport that is very intuitive user interface very easy for little Johnny to use and for his mom to use and something that's a part of the solution it is not the total solution that's correct others for Microsoft and Jules Cohen Jeff Schmidt right behind you former Microsoft person in fact former Microsoft love you Jules thanks so to be based on the the common we just had to be clear the info card railroad would still require me to potentially give a bunch of sensitive information about my kids to some identity provider in the sky not you but to some identity provider in the sky let me let me answer I appreciate you asking that question so privacy is one of the things that we've sort of touched on today but we haven't really delved into it one of the things that you could do in the model that I that I have in my head and that we've talked about a little bit here is keep the personal information about the kids inside of the existing silos where it is today so for example if you're using a school or school district to identify a kid the school can keep all that personal identifiable information and simply put the age of the kid onto the card and and and the card is what's you know you know transmitted around the ecosystem and people who get the card the relying parties only see the age the same the same model what could occur with the driver's license issue or or a passport issue or similar but the the personally identifiable information can easily stay in its existing silos and not leave them so in this model you you have a world where no you know single third party is creating a large honeypot of kids data rather it staying where it is and we're making use of the technology to just move the claim about the kid around rather than the actual information about the kid very helpful thank you've got at least three more here brief from John Morris I just want to confirm my understanding that that the the token or the credential that that you guys can provide you know there's nothing inherent in your technology that would prevent that token from being given to somebody else in other words if I qualify for it I could then sell it to somebody else in a black market transaction is that am I right I'm glad you asked that question John so the way I would I would I would suggest folks think about this and this is actually a metaphor that the Jeff Jeff talks about is that the first time the first time the the token is issued you know that you're giving it to the right person and your question is the second time it's used is this the same person who was who was given to you know the first time that that person actually still have it and I think that the way I would answer you is that there's a spectrum of security security implementations that we could put we can attach that token depending on how secure we want it to be so at one end of the spectrum we could just say once we've given it to you we trust you and at the other end of the spectrum we could say another in-person proving event is required each for each subsequent use of the card and there's a huge you know there's a huge gap between those two things and then there are any number of sort of intermediary steps in between and as a society and as a group of policy makers and technologists we need and and and and folks from government and and children's development experts we need to think very carefully about where on that security spectrum we think we need to place that that that that lever so one example is I'll just give you one example of a more a more a more secure solution that isn't way off on the extreme which is perhaps for each subsequent use of the card I log in with my info card to a site and the site sends me a text message with a pin in it and if I've got my phone with me I can get the pin and then I log in with that seems pretty secure in order to actually have the the complete login experience I actually have to receive a text message or perhaps I lock it down so I can only use my home computer and my school IP range you know there's any number of any number of things within that spectrum that as a society as a group we could we could we could place that we could be on that spectrum Jules thank you we'll take a couple more and then we're gonna get e-guarding up here Jody from ideology Jody from ideology and I didn't really have a question I just wanted to add something about the information cards and for anybody that is interested I'm sure Jules will probably point this out but at the last presentation we gave a demonstration of how age verification would work issuing an info card and then how that could be used to protect your privacy and go to other places other relying parties and use it and Mike Jones at Microsoft has walked through that hole on his process on his blog so if you are interested you can actually go see how the information cards is working they did a great demonstration at the last at the last session okay we've got too many to take before the next group but then thank you for passing we'll take one more of the TAB members you guys can do get out over there and then thank you for passing so this seems like a really ambitious plan which I don't mean that in a bad way but I think we like ambition at the Harvard Law School let's be clear big dreams yeah no and I think it's great I actually like the general idea I think somebody already mentioned that our schools in this country are pretty overwhelmed and adding one more burden on to them seems like asking a lot so is there a sense of what the government can do and how much it will cost us as a society to implement something as ambitious as this so let me answer that question in two ways there's a resourcing question and if our folks in government our friends in government want to be involved they can perhaps help you know sort some of that resourcing but the way I would think about it is it's it seems like a reasonable approach to pilot something like this in a small in a small you know a district or a couple of schools see how it works and if it works then we can get a good sense of the costs and we can decide whether you know it's the right thing we want to take it more broad or not I wouldn't recommend a vast deployment of this today I would recommend you know walk crawl walk run so that we can learn about the costs and we can learn about whether the kids actually want to use it what are the incentives right to actually get kids into the ecosystem have we got the right sort of policies around what the actual moment of proofing needs to look like have we got the right revoking policies in place have we got the right policies in place such that if something goes wrong and something probably will go wrong because none of these systems are foolproof there's no silver bullet but so if something goes wrong can law enforcement ask the right person with the right more nurse opinion or whatever is appropriate and get the appropriate you know the information about the issue and such that they can go after the person that did something wrong there's lots and lots of things that need to be thought through in this kind of a model and I would have another day I would advocate talking about that another day in a pilot tools you're wonderful thank you for getting such ambition into 20 minutes like to welcome me guardian up here I did want to know one thing by just by way of disclosure I think you some people may have read this in the newspaper yesterday but our colleague Dana Boyd one of the co-directors of the task force is just joined Microsoft research here in Cambridge and we've been working with them this by way of disclosure we're excited for Dana and her next step anyway just want to put that in in the record so the last of our age verification related presentations for the day you guardian good afternoon I'm Rod Zayas and I'm the CEO of E Guardian thanks for having us out here E Guardian it provides the foundation for a comprehensive way to verify children and to protect them online we do this through a unique system that verifies the age of children through the cooperations of their schools and we've heard throughout this about putting a burden on the schools know that we pay schools to do this we see ourselves as being a source of resources for schools we can verify a child in any public charter or home school in the U.S. or Canada today and will soon expand beyond North America and we do this we do this whole verification process only at the behest of parents and we never ask schools to release information only to verify the information that's provided to them so along those lines first let me explain what we are not E Guardian is not a site blocking software although we work with leading site blocking softwares for example with net nanny we are not a content provider our service is designed to provide media social networking and children sites the information they need to implement effective children protection safeguards finally we don't see ourselves as limiting what children do online that wasn't our goal our goal was to create a safe playground where children could do more than what they were doing today for example one of our partners is woogie world which is the online curriculum provider for 50,000 schools across U.S. reaching more than 14 million students as an E Guardian member those children are able to do more than their non E Guardian verified peers and because of that they actively want the E Guardian protection not just limiting what they can do we're also not about compromising privacy we collect information we need to securely verify a child that's their age their gender and their their geographic location and we provide only those three components to our partners we do that through the use of a secure header we never sell rent or divulge identifying information to any company for any reason we protect our information with financial grade security and identifiable information is archived once it's verified and then it's transferred to an offline database a non-public database thus even if our public-facing database of E Guardian IDs where we're compromised they would contain non identifying information which would be negligible in value and certainly of no interest for identity thieves by providing a unique ID and verifying through a trusted third party like schools we're allowing for children to play in safe online playgrounds we make social networking sites safer instant messaging and email become great communication tools while blocking out adults from talking to children some will say that the degrees of online dangers of online predators are exaggerated and they may be but many people disagree with that also in our society as Microsoft had just spoken about a moment ago we have created these environments for children ways of separating adults from children and that's what E Guardian does by having things like movie ratings minimum ages for drinking and for getting into a club these type of tools give parents the freedom to decide where their children will interact and will they will not interact E Guardian extends this to the online world finally unique E Guardian ID promotes good online citizenship and discover discourages cyber bullying while we do provide identify while we do not provide identifying information and I E Guardian ID is tied to a child should that child ever be abducted should that child ever be acting in a way that is not appropriate for sight or that E Guardian ID should ever become compromised we can trace it back to who was using it who provided it and who authorized it making it safer for the child alright so a brief explanation of what we do as far as how we do this we explained our system early on to many of the ages that help drive the creation of this group most members of this committee are familiar with our technology and we even have access agreements in place with many of the organizations represented today most sites today have implemented safeguards protect children but without a practical way to verify the age of children these safeguards often go unused E Guardian can work with any site our distribution model includes charging parents a nominal one-time fee or in many cases no fee at all in fact many of the organizations we had spoken to are looking to provide E Guardian and no cost to parents let me say again that no parent that wants E Guardian will ever be able to not be able to afford it we make our money through the partners and our model ensures that we make our money only when our partners make money and increase their revenues by using E Guardian best of all we're a potential source of hundreds of millions of dollars for schools giving a much needed revenues our technology is based on open ID and web services and we utilize industry adopted open standards so integration is easy is so easy that many of the major sites in this committee have already learned by signing an access agreement trying our software we are compatible and complementary with the solution the Microsoft just presented our technology is already adopted by or is being reviewed by major ISPs mobile phone providers social networking sites child sites and even OS providers so our verification process allows parents the information they allow them to give us the information that we need to verify the child's information through the school the school then uses our simplified online system to quickly verify that information including the signature of the parent so we know who's the parent who's the legal guardian and how old this child is once that information is verified E Guardian can issue a unique E Guardian ID our process includes the ability for schools to earn thousands of dollars each while helping to protect children members of the committee we have a service you can implement today that will go a long way toward protecting our children and giving parents an easy to implement choice we hope that you like the PTA Apple MB AOL web wise kids many and others will take a serious look at age verification by E Guardian thank you very well done very well done all right would you like to answer the standing question that Bart had and then we'll pass the mic over to Chris Siglian I'd also like to invite my co-founder up here to answer some of these questions what is the biggest problem that we run into it's verification it's it's sites wanting to understand how this benefits that I think that almost everybody we talked to six months ago was saying we don't want to do this I mean if I'm a big social networking site and I start verifying children I'm going to add one click or two clicks for a child to be able to play in this and I don't want to discourage anybody from doing that lately we haven't been running into that problem we've had social networking sites coming to us and saying you know what this is a tremendous begins to make further recording we've had a social networking sites like pixel like Yville like woogie world coming to us and saying wait a second not only can we monetize this but more importantly we can do things that other people that we couldn't do without this type of security in place that is starting to be the the talk track we're hearing more of so our biggest marketing obstacle getting the partners online has been greatly facilitated and I think a lot of that comes from this committee does that answer your question sir or did Chris tell us who you are Chris Sagoian I'm blog for CNET blogger network so you're collecting large amounts of data about children which you are then going to anonymize in your online databases and then store extremely in an extremely secure fashion your offline database given that banks also store extremely secure information in offline databases and lose their backup tapes what is your solution to this problem and how are you going to be dealing with potential insider theft in your own company thank you great thing is I'm not the IT guy so he gets answer that that's what a cow co-founder is for right well first off our offline database is extremely secure come from a financial background use financial grade security all the industry level protections we need in place are there furthermore there's nothing in there that could constitute identity theft we try to keep the information very basic and what we collect in order to enroll a child so we're not exposing social security number anything to that level so worst-case scenario if something did happen that database is exposed somebody couldn't take that information and start to do identity theft or impose as that child great Brian Levine I'm Brian Levine from UMS Amherst and a member of the TAB so you talked a lot and I really congratulate you at the end you had a litany of companies that you were working with including I forget the list but it was Apple PTA organizations and so on so I have two parts of the same question have there been schools that have turned you down at your request to be involved in this process and what schools have not turned you down just to be very clear high schools is where we've had the issue elementary and middle school have been very excited about our solution again number one because we compensate them as a fundraiser program because it's a very easy process that they're already doing today so we've had great success in that space once you get to the high school level 16 years and up we've found some kickback there's you know in the early stages of what we've done it's been geared towards elementary children with the concept that they would grow into the high school level and it naturally moves from there but that's where there are schools that are that are doing this with you and if I may give a clarification to that it isn't so much the schools where we put the schools we've never had a school turn us down for doing a verification and again there's already a process that exists for this private schools aren't on the hook and we've never had any of them turn us down it's the parents at the high school level that are they just don't want to sign up their kids so when the high school level has done a fundraiser it doesn't do very well but even the high schools where we've had children verify bless you have verified children we got to cover all bases we can still be polite have been able to verify children so we've never had a school not verify a child and when you use the word kickback do you mean that in financial terms or was that meant to be pushed back okay great great just want to figure out the financing scheme we have going here that's only for investors yeah I'm not gonna go there before I go to John Morris just to make sure others have Donna Rice Hughes has not yet had the mic so Teresa if I might I'm gonna go to Donna first and make sure we get all new voices in thank you I'm Donna Rice Hughes the president of enough is enough and I'm on the task force on what type of information do you collect on the child so our registration process is fairly straightforward the parent puts in their name their address the child's name and birthdate and email address so nothing compromising it's a it's a very quick process for the parent to enroll and again that information as soon as it's been verified we take it offline the only thing that we leave and what we call our web-facing database is the the gender the age and the geographic location of that child so it's it's anonymous data effectively there's also a parent signature that's good John Morris than Teresa Polaris if I understand the system correctly the after the verification process then the parent gets a password that the parent can use to add other services or authorize things for the child is that is that verified and they let's say they have three children they get a unique e-guardian ID for each one of those children how that gets communicated depends on how it's being done for example with one of our OS partners you'll be able to put it directly into their parental controls on the profile of that child and now that information is being sent through a secure header if you're using net nanny a very great site blocking solution you could type the e-guardian ID into there and that information is being sent directly from the net nanny application so it depends on the part one per customer that John really sure I'm not I'm not sure my question really is if the child is able to figure out the parents password will the child be able to add new authorizations for the child and why not just elaborate on what Ron said there is a what we call parent activation account and that's what allows the parent to activate this profile at the website level so they can go into whatever the site may be and say I'm gonna I'm an e-guardian protect this child so if the child was to obtain that account all they could do is protect themselves at additional websites which is really not a bad thing there's no escalated privileges that would be tied to that go ahead to reset I think Oliver and can you mind just identifying yourself for the record thank you University of NYU I wanted to have more clarification on the verification process that you're using how is the adult and the child information that they give verified and when you send that information to the school how do you know that the school is properly validating the signature and the other information good question on that how's the process being done I mean some of this is gonna you know it's part of our secret sauce so let me tell you what I can't say on the front end the parent fills out an online form whether it's coming whether they're doing it at the point of purchase at the website or they're doing it through the school fundraiser however they fill out the information online they give us the information they then print out a sheet that has a number or barcode on it they sign it and now they can either mail it or fax it into us it's a self-mailer and there's nothing but a barcode on there once that information comes to us then we're contacting the school schools always have a procedure and they always have a person who's bonded within the office who has access to the emergency cards that's really the key what's going on here we have a unique way of getting them that information where that individual can then compare the information on the emergency card against our online information and either tell us that's a hundred percent right or it's wrong they don't correct information they don't provide information they look at it they look at the signature they look at the information that's been provided the name of the parent the address everything else on it and they say this is correct that becomes a verified kid or they say that's not correct and they hit it from over there so yes there could be somebody at the school who has you know who's been a predator but generally there's a background check for people who have access to this information there's already a process in schools and even though no process is perfect we think that's the best offline product process that we've been able to find to identify children safely thank you please actually she that was my question okay would you like to ask another one please tell us sorry Kelly Maloney red star HS I think this is a wonderful solution I'm just wondering about a lot of these solutions have the parents involved which is great and that's perfect but there are cases where there may be someone in the household who may not have the child's or the child's friends best interests in mind do you have any solution around that any way to guard against that yeah in our process really technically we don't stop in the household you know malicious activity but our process leads right back to that household that that that parent that child are identified we know exactly where it's coming from so it really you know mitigates the risk of them doing this knowing that that it's very easy to track them back we do work with the Center for missing and exploited children and and we have the ability to you know report that kind of activity our partners also have various things that catch that activity so we catch it on multiple levels go with Wendy Seltzer in the back sorry just if you don't mind and then we'll take one more to my passing I saw Wendy's eyebrows going up from the back row and there's who would come with a question thanks so I was interested to to hear that your comparison relies on emergency cards in school offices do parents who are giving that information get told that it may be used to verify identity well the only reason the parent is giving us you mean for emergency cards the the emergency cards themselves are only used for the school when the parent enrolls through our end they know specifically what they're doing it for and in fact part of what they're giving the school permission is to say I want you to verify this information and give it to e-guardian without that parental not only them being aware of it without them initiating that there is no process to verify a school will not give us out information provided that it's the same person making the request as filled out the emergency card I'm concerned a bit when I hear things that sound like a mission creep of information collected for one purpose even if it's being used merely to verify that's always a concern but again we are measuring we're taking the signature from the parent along with the address and the information along with what's there so even if it's a non custodial parent it won't match up we believe that this is the best process to be able to get that information out I also want to make one more clarification something my partner said we don't have a formal relationship with the National Center for Missing and Exploited Children what we have done is follow their guidelines and use them as a resource but we don't have a formal relationship thank you for the clarity okay last question then we'll go to the peer-to-peer category hi I'm Braden Cox with the Net Choice Coalition not a member of the Task Force so please excuse any basic questions I ask here I mean it sounds like a solution for getting parents involved but how does verifying a child actually make a child safer while they're online if you can answer that basic question for me really I'll answer that kind of going into the technology a little bit once we've done the age verification that equates back to a digital ID for the for the child they either have a username and login they can use or a digital ID that's embedded into something like card space or one of the site blocking software partners anytime that child logs in with their profile on the computer or is using one of these these pieces of software a header information is sent up to our partners so they immediately know they're working with an e-guardian child now we never give the partner identifying information but the partner can do what we call an identity peeing over to us and we tell them yes that's a valid account it's in good standing and we give them the you know the age gender and geographic location so now the partner can protect that that child appropriately with that information to the microphone be awesome and really quick now you can say and let it instead of letting that child talk now that you know it's a child instead of letting them talk to the rest of the world only let them talk to other verified children or people that their parents allow them to and don't allow them see things that are not age appropriate for it please join me in thanking you guardian okay so as we make a switch of presentations here just two quick notes in the interim one is raised by our last speaker was the notion that everything here is public just to be very very clear the task force has an IP policy posted online everything presented to the task force whether in this public session or otherwise is non confidential non proprietary material and we're grateful realize that's a handcuffing to some some presenters here but it's crucial to us to be able to do this process in public the other note I wanted just just to make is I think this question now been asked a few times is an important one for us all to bear in mind which is the key goal here is keeping kids safer online and I think as we hear each of these technical presentations to do that tethering to what problem is this actually going to solve what subset how do we actually make kids safer is a crucial job of the task force so now we're going to go to a new category roughly the the first series of presentations were age verification we should shift to a category we're calling peer-to-peer although we'll hear more about what that really means from assert ID thank you very much Kevin thanks a quick since I got the dreaded post lunch slot just wanted a quick poll who uses LinkedIn in the room here and who's accepted contacts on LinkedIn probably most of you build networks who's accepted a contact from somebody they didn't know one okay so big drop-off great thanks I just want to first thank for the invitation to present assert ID and reduce ourselves and to join this very important conversation assert ID is a new early-stage technology company as mentioned we're in the patent-pending phase and in product development as we speak and so this is our first public disclosure of what we've been doing and we've been thinking about this problem for for quite a while and it's really a good opportunity for us to meet up with you and share thoughts when we started looking at this problem we came to the conclusion of that a lot of us in this room already have is that you the big problem we have with protecting children is how do you identify those children online and positively verify their identity and you know there's a number of approaches we've talked about and you know those all have limitations to some degree whether it be coverage whether it be you know the adult versus the child or whether it be you know in creating this new data source the time it would take to actually build that data source and so we really took those elements together and really thought about a way that this could be solved over the long term and hopefully in the short term one other element that we really felt was interesting is that this is a social network problem we're looking at and what's interesting about social networks for all of us as individuals is that we are creating our identity online we are disclosing who we are in our profiles we're telling people who our connections and friends are we're doing other elements of interaction that could be considered behavioral characteristics of who we are a certain ID recognize that as a potential source for consumer identity and what's very interesting about this is that it's global it's all ages and it's continually growing and as people build profiles about themselves and maintain that and use it more it inherently accumulates trust and that's the concept that we are looking at so that the concept that we have is that a social network can become a core consumer identity credential and what's interesting about social networks is this concept we've all heard about called the social graph or the relationship layer and within that relationship layer you have elements on how to look at a particular credential and determine if it is trustworthy or not finally as we talked a little bit about the third element is that there's ways to enhance this with selective third-party processes and so those are the core elements that I'll explain in a moment but again I want to clarify that we were looking at this problem from an unencumbered fashion there's no existing product that we had today that we were trying to reshape or retool so we're really looking at a way to solve that in a way that I mentioned of being all ages and global getting to scale quickly so not the period of years but may potentially months you know to be able to address something and something that's universally applicable to any social network around the world more importantly in the US and for the context of this discussion and we all talked about privacy there's obviously a very key element of privacy and the data question of what we store is a very important thing as a third party so let me explain the concept so go back to that one a second so the element is that the reason why I entered with the question that I did was that every time that you create a relationship on a social network someone gets an email that says hey Kevin Trilley wants to be a contact with you and you make a decision at that point whether or not you want to be a relationship with that person so that could be I want to network with the person or I'm a friend but more importantly do I know who this person is in effect there's an identity verification happening at that point whether you know it or not consciously there's a construct in the security world called web of trust which is another way of community verification of each other and elements of our solution take that construct in a way of creating a trusted identity credential for a social network profile the construct is just extended beyond first name last name it goes to first name last name photo location or an age claim and other elements of social networks that can be utilized in this case is also this grouping concept where you're part of different communities and different groups and those groups can also provide integrity for the elements of its groups so for example if somebody went through this process created a false profile and then try to use it in an appropriate fashion that person could be you know reported on by the community which then go back to the system and and correct it so our concept is basically a verification process within the social network itself and our intellectual property is a method by which we quantify that into trust and it's similar to like a FICO score for your credit report or a page rank construct where you look at the popularity of a particular website we're able to take that process within your social graph and turn it into an identity credential that can be trusted to some degree of confidence and again that the applicability of this can be for any attribute of your identity which initially is self asserted on your profile this brings in confidence to that self assertion we have a concept also called trusted anchors and the I had a really good birthday cake kind of stack diagram which explains this but basically you have your social network profile as a foundation the relationship layer that sits on top of that a thin layer which we are the assert ID trust layer and then on top of that you can use selected processes like school registrations or databases or whatever it may be to in the specific niche opportunities of those things present and they're readily available today but our concept would be universally applicable to all those systems that are not quite achieving full coverage so just in terms of a quick status again as I mentioned we're just in the product development stage and we have our first beta test coming up in the early November with a Bay area high school we're going to run our first what I would call quantitative test on the approach and we built our first system as a website but the first deployment on a social network is as a Facebook application where it's completely intrinsic within the social network profile and we'll go to questions and answers that point I'll invite our for any technologists we've got our chief scientist with me JC that we can answer any question great thank you very much and just ask if you both could speak into the mic even though it's really it's a challenge to get everything on the record Teresa will start with I know John Morris has a question and the mic is coming up but just to be clear on the Facebook note that's a third party after you've developed not a partnership with Facebook absolutely no affiliation could you Teresa Dolores from Polytechnic University could you elaborate a bit on the IC program and how the school registration process would work to enhance the verification process so that the basic construct construct is that and I'll JC explain the the science of it in a second is that as you accumulate more connections and verifications the trust in your profile will increase essentially if a process and I'll explain what that process is it's basically a school registration process but if there's an existing process that could be used to seed the network for example you have a credential issued at school that could be implemented directly into the assert idea system which can then just merge together and propagate outward the reason why we feel this is necessary is that school registrations extremely highly trusted it's manual it who's going to pay for yet that hasn't figured out there's some great ideas that are being socialized but it takes time and the coverage is not a hundred percent so what we're saying is we can provide a fundamental universal layer which then could then be built upon by school registration or third party databases John Wars if I understand the system the users can essentially vouch for other other users what is to prevent an ethos within a social network for developing that says hey if a cert ID ever asked you to vouch for something just say yes because that will then maximize the ability of everyone on the community to participate in communication is what incentive do the people you're all asking have to be truthful so I guess I'll take this can you hear me yeah I guess I'll take this question and before answering your wonderful question I just want to reiterate that our social network profile really has two types of data one type is the data on the profile about like how old they are where they live and so forth another kind of data is the social network graph who's connected to whom and so forth the idea is to use the social network graph to kind of verify the other kind of data on the social network profile and so that profile has all the data you need to kind of verify people's ages for instance now specifically to your problem the question I think you kind of nailed the major question in the head you have a system where people are vouching for each other based on the pattern of vouching vouchings for you can kind of assess how valid the self-asserted identity is for instance how well they are now what you're asking is what if there becomes an ethos where people just vouch for each other for instance I have a friend whose picture is listed as big Ben and another friend who says she's 99 like what if it just becomes kind of a fun kind of thing and there's really two ways to kind of prevent this kind of thing happening first within our algorithm we have included included user feedback there are always going to be some users who vouch for their friends no matter what and there's going to be other users who say look this is against the principles of the system it is based on something that you might have heard as the term radical trust the idea is that your responsibility as a responsible net community member to try to keep things clean and safe and what our algorithm does is look at what proportions of yeses and nos you have regarding somebody's identity not everybody will vouch for not everybody will vouch against and based on our proprietary algorithm that analyzes that pattern we can gain we can assess with the highly likely of confidence that somebody's going to be saying somebody's actually who they assert they've something to be great Brian Levine from UMass keep going yeah it'll work unless check the bottom just make sure first question is first question is can't this peer reputation system be used for bullying so can't a group of real kids from a from a school get together and say this one kid over here is actually an adult and should be kicked off the peer system so that's my first question okay so the other question is can I validate myself by creating thousands of fake identities and saying yeah this really is an adult or this really is a kid I'll take the first one you can take the second one so the key element of this thing is as JC mentioned is that there's an accountability with everything in the system so if those things happen you know maybe people are trying to test the limits of the system there's ways that anybody can report to the system or to the company you know meaning if necessary it could be a human being that's going to interact as my point so much of what the system does is work on an algorithm basis it's a process but there will be cases that pop up that need human intervention and that's just the nature of any kind of system so at that point an investigation could be assessed you know if there's a complaining party or a reporting party on a specific user there's and on that point if somebody reports to a specific user kind of the opposite problem that you're asking not only is that person investigated the people that vouched for that person are held accountable for that also and they are investigated so we're looking to propagate our responsibility but the more the more false identities I register the more more work I'm creating for you to actually that you know to investigate so if I create thousands and thousands your process will never end so thank you for that wonderful question and I really liked your question because that's what exactly one of the problems our algorithm is designed to solve so what you can what you're saying is that somebody might create a gazillion fake profiles we have an ancillary algorithms and processes that kind of detect limit somebody's ability to create additional profiles for instance we there's a lot of virtual tokens lying around like for instance somebody's email address you'd have to create you could create a gazillion email addresses but what we do is combine that and in our upcoming 2.0 version we're going to be like monitoring IP addresses and using some of the best technology that identity world has to offer to prevent like people from creating a gazillion fake profiles but I spammers have gazillions of false IP addresses and botnets for instance are available to get IP addresses galore botnets are available for rent so there's a small price to circumvent the system and although it is certainly possible I'd like that we could probably take this like offline if you will have further questions sure great very fruitful line of questioning now thank you Brian and we look forward to more back and forth on that we'll go back to Chris Segoin here and Chris in addition to your your scene at affiliation do you have others that the group about to know about yeah sorry I'm actually a student fellow here at Harvard in the Berkman Center and I'm a PhD student at Indiana University in their cyber security program at the beginning of your presentation you you asked the question you know how many people here on LinkedIn and how many have accepted a friend who they didn't know and that while that's I think an informal or useful example I think that that your group is slightly uh non-accurate and that most high school students and students younger than high school students have a different uh sense of risk there seems to be an arms race amongst many young people to collect as many friends as possible and and so do you really think that young people will not accept profiles or requests from people they don't know thanks is great question it's a clarification for what what our approach is we layer on top of the shall we call the social connection process so assert ID is a verification process that selects subset of your social graph for verification you don't have to select you can have a thousand friends that you've never met before but there are certain people that will be part of your identity circle this web of trust that will be selected as people you only know so you can have as many friends you want and we'll actually score your network on that basis but that's not the core element there'll be people that verify you're at any specifically that will be within this specific system so it'd be a subset of your overall friends we're not trying to change that behavior it's the subset of that that you want to have within this process thanks Kevin I've I hold on one second and I'd love to I just want to make a quick data on the spot here about the research just a clarification actually most teens operate like this room and do not actually engage in collecting behavior collecting behavior is most notorious amongst adults namely politicians bands those who are playing games with the system and those who can't remember whether or not they went to high school with that person teenagers are far more likely to engage with the people that they already know and in fact if the whole sort of panic around predators did anything it was to encourage teens to really lock down and so at first some of them were actually more likely to collect but collecting behavior has actually decreased dramatically thanks Dana all right one last question of any sort and did you want to I didn't mean to cut you up I just was trying to get the why not you have the mic no it was just a quick follow-up how do you identify that web of trust those selected few is it random user does so the user so it's like an opt-in thing yeah so think of it this way you create your your profile you use it like you normally would today and then the third step is you have a special process where you select people for your web of trust it's just like the third step of your profile management and have you determined how popular that step will be to social networking users well popular meaning what to get verified how much opt-in what percentage of people would actually opt-in yeah that is going to be a oh no we haven't we're that's our first beta test we've we got on high school going and again that's this November right yes correct great just in time for our report to come out in December fabulous deadline and thank you very much and please join me in thanking the assertive yeah we don't have any horsepower for a booth but we've got some data sheets if anybody would like when I'll have I'll be in the back corner here awesome thanks so much Donna Rice Hughes would like to say a word or no are you saying it only to me yeah yeah we're on the camera so why do we have a conversation tomorrow we're ending at three maybe a few minutes before if we're really really tight great so if I could yes please thank you so much we are moving to the last presentation before a little break two to two fifteen and we're moving to a category that we've here called biometrics I'm going to mispronounce the name of your company so I'm going to let you do it Dan thanks for being here okay thank you so yeah I'll pronounce the name right I hope so my name is Dan Liechtenfeld I'm CTO of Verificage and we have developed a unique biometric online age verification solution which I'm pretty excited to talk about today so just wanted to thank Task Force for inviting us to this very interesting venue well throughout today we've heard about a number of different technologies for online age verification most of which have been revolving around brokering information back and forth between public databases and analyzing that database and improving the sorry information most of these solutions as we've seen were pretty suitable for verifying adults or verifying adulthood and we're pretty lacking when you're trying to verify a child for a number of different reasons overall we kind of categorize these reasons or challenges into three main concerns that we've aimed to deal with with our solution the three main concerns are mostly privacy or how do we keep all this information private and how do we maintain the privacy of children okay the second challenge here is the availability of information we've seen a number of creative ideas ranging from you know asking parents to join the quest and asking schools to join forces and you know the third and foremost challenge could be actually just initiating the process by involving the parent okay so these are all challenges that are kind of in the way of verifying children and knowing for sure that a child is a child and not a predator posing as one okay so that's where our technology comes to play our solution is called AGR AGR stands for age group recognition and what we try to do is focus on one simple issue whether or not the user of our device is a child or an adult okay this is the device by the way I have a pretty mouse-like USB PC peripheral and as I said we focus on recognizing whether or not the user of this device is a child or an adult and that data can then be used to enforce any type of policy whether it be content access or peer-to-peer communication or you know access control to a site we've actually kind of coined the phrase that we think is quite unique to our solution which we call contact filtering and we've heard about something similar here with some of the solutions that were presented basically what we're proposing is kind of like you know the rule of thumb for most parents they tell us as young kids don't talk to strangers okay don't allow people that you're unfamiliar with to interact with you and that's kind of what we're trying to enable through our technology we're saying basically when parents say don't talk to strangers they usually mean don't talk to adults you don't know they are less concerned with us with young children talking to other children they assume that children pose less of a threat so our technology enables children to basically interact with other children who are verified without imposing any limits whereas they don't let adults interact with those same children okay the device itself uses a one-time measurement it's completely anonymous we don't maintain any data so we overcome all the privacy concerns related to that that challenge of basically proving whether or not or asserting whether or not you're a child or an adult can be conducted many times it's not a one-time deal so basically anytime somebody wants to interact we can issue a challenge and it's as easy as just you know holding the device in your hand and basically using your hand to kind of read whether or not that person is a child or an adult okay we're already available the device has already been commercially deployed and right now we're scaling up our distribution for the solution we've tested the device quite extensively in order to get to where we are today and kind of tried to validate and refine the algorithms involved with identifying the age groups and right now focused on the target group that we're you know working against basically have a pretty pretty high level of accuracy of identifying children under age 14 and under and close to 100 accuracy rate in identifying adults so not letting adults in in a peer-to-peer interaction is something that we can be pretty confident about okay the device itself is basically uses a low frequency ultrasound scanner in order to assess a number of physiological parameters that dictate whether or not that person is physiologically mature or not that's why we're back to around the under 14 age group and we feel that that's the most pertinent audience to kind of target okay in terms of how we actually create safer environments the device itself or the entire solution is meant to integrate either with existing websites social networks IM platforms or local parental control or internet security software in order to enforce the policy that you know an age group might dictate so you could use it in order to avoid any peer-to-peer contact you can use it in order to either close down certain services filter content and whatnot we are basically joining forces with existing solutions in order to provide an end-to-end solution in that regard but our focus is on the age verification aspect of the of the process okay the process itself as I mentioned before is something triggers that agr that that challenge of what age group that user is from okay the trigger can come either from a website or from a local parental control software the user would then be requested to basically place their fist the part that we tried to gauge okay into the device it takes a couple of seconds ultimately you receive the answer whether or not you were verified as a child or an adult and the site can proceed from there and deciding you know what the user is able or not able to do from there on the idea that we have in terms of integration patterns would be for sites to implement this both in their access control in their login process or registration process and also in any any initiation of any peer-to-peer interaction and actually what we've seen partnering with with some children's oriented website is that there's another opportunity for them to enable kids to issue the challenge on demand okay so that's another aspect what we see here is kind of a demonstration of a partner website that we've already deployed with it's an Israeli children's portal who decided to take the awareness issue one step further and basically use our verification platform as a means of asserting some more trust between the kids and increasing awareness so kids actually wear the icon of whether or not they're verified on their clothing here in this visual chat this kind of one one demo screen but throughout the site everywhere where kids can see each other whether there's avatars or you know just nicknames we try to show whether or not they're verified and kind of engage the kids in the process okay another aspect we'd like to talk about which is something that you know this is coming in for landing yeah great great another aspect that we're very excited about is actually partnering with the parental controls software in order to try to provide an end-to-end solution and here we think there's a huge opportunity for the social networks and the ion platforms to join forces basically as was mentioned earlier there is a gap between what parents want to invoke as policy and and what a site can do in order to enforce that policy in most cases sites don't really have a direct relationship with a parent they might have the direct relationship with the child we think that if you tie all these components together using agr in the process in order to you know accurately identify whether or not you're talking to a child or an adult sites would be able to know what the policy the parent wanted to dictate would be and would help in enforcing that policy right now there is no tie usually and we see that you know kind of an integrated solution would bring forth that type of capability and basically make the idea of digital playgrounds or safe zones that more real okay i'm done i guess excellent i'm available for questions um dan thank you thank you all right some hands are up i see him adam has not yet had the mic in the back progress for freedom foundation what i really like about your product is that of course it does not collect any personal information and that's very unlike every other product we've heard here today so that's i think important and exciting note that there are solutions like that but i have a question about the potential for deception here because what about someone who wants to a use a friend's finger or fist in that device to get in number two a lot of the verification that we're seeing sites or lawmakers asked for today is very precise about a very specific break in age above this age or below that age so you said in parentheses around age 14 on average yeah how can you be more precise about that and then third what about kids with potential developmental disabilities abnormalities you know so all very good questions um i think you know much like any other solution we don't uh pitch our solution as being a hundred percent foolproof and and pertinent but we do think that for the um tender ages that we're most concerned with those kids that don't really have the ability to gauge the the danger uh that we can do a pretty good job of protecting them that being said you mentioned you know the the actual legal age if you will or the chronological age that were usually more concerned with we can't because we're dealing with physiology we can't really get to a very high resolution chronological age so we're dealing again with maturity more than we are with what we legally call age okay with regards to abnormalities or or physical you know discrepancies yes of course that there may be kids that cannot use the system for those reasons we think that again when you're trying to deploy such a widespread policy site owners or service providers or anybody who decides to deploy this type of technology would need to provide additional measures in order to overcome those small minute you know portions of the you know the user base but i think you know as a whole we have a pretty solid solution thank you can tell us who you are and then can drive fact from linden lab thank you for the presentation um quick question apologize if i missed it how would the usb devices be deployed would they simply be mailed to to parents that request them or would there be would it be through the schools or other intermediaries just logistical question second second second part would would they be managed as you envision it by would it be site specific or would there be some centralized okay so and can did you say where you're from just yeah linden lab we operate second life okay so um yes in terms of distribution they would be sold or mailed to parents on demand obviously that's part of the how you contain the business model so we aim to sell these devices we are speaking with a number of different parties who are willing to subsidize some of that and and basically try to provide that to the parent at either for free or highly subsidize can you give us a sense of what category people might do the subsidy or is that proprietary and i'm not trying to push you anywhere but if you're able to well you know much like any other um i guess positive um impact type of technology i think there are a number of brand name retails who would love to join forces and put their brand on this type of solution and say basically hey we're doing something for the good of mankind okay please credit us for it and and that could help in uh in distribution um in terms of um you're just reminding the second question i'm not sure i recall it uh the second question would it be with the the identification the identifiers be managed kind of site specifically or would there be kind of a centralized database as you envision well here because it's a one time um um measurement basically and it's done on demand uh you could decide in terms of your site whether or not you choose to actually store that information or it's used on demand you know as a whole the entire concept because it's biometric means that um we don't propose to store that information we think it's actually better to be um you know used on demand and and therefore be fresh and i believe i was asked before what happens if somebody chooses to use another child to identify for me that way you overcome those factors so at least with regards to age that would be something that you could you know totally um do on demand and not store at all okay we'll go to Larry and then honey is that your hand up in the lawn and after okay Larry hi well first of all very creative uh if it works it sounds like an interesting idea uh some of my questions were answered so i'm gonna phrase these as concerns but they really are kind of a question i'm concerned about the lack of granularity because i think that a lot of these issues really have to do is compliance with specific laws a 17 versus an 18 year old a 12 year old versus a 13 year old tie in the very specifically a law uh i'm concerned about the price whether you could get it to the point where there would be basically no encumbrance that anybody who needed it could get it at essentially very little or no cost and i'm also concerned about the the issue of the some sites encourage adults and minors to interact or certainly allow it to certainly facebook and my space there are areas where that is okay yeah and then finally one of the things we've heard over and over again by the researchers is that predation is often less of a problem than the way in which children act and peer to peer forms of harassment or bullying and it seems to me that and correct me if i'm wrong that this would do nothing to prevent the kind of peer to peer activities where we see youth harming themselves and the youth um i think you're correct in all the concerns and also the you know framing where we're good and um less focused on uh we're not yet we i think we overcome predation pretty well uh because we're able to separate between adults and adults posing as children you know as opposed to verified children so that we do quite well except for the research shows that that's a very very small problem um with regards to um you know um cyberbullying and the like um we can only provide uh the age factor uh and and you know other policies and other technologies might be more useful in that regard and i believe that's also where we're uh joining forces today with you know companies i mentioned before pure site which is a partner of ours um they have complementary technologies that could deal with filtering content you know recognizing additional policies that aren't necessarily aid related but we we uh serve to provide that age um uh issue quite well and that's that's the chief concern with regards to um i believe you asked me about bringing the price down that's really an issue of scale i mean prices will go down as as we scale uh i don't know if they'll uh necessarily be completely you know free but uh for sure we're seeing a lot of positive feedback from other parties that are interested in joining with us on distributing uh the solution and bringing down the barrier to entry okay so and and we too uh choose to kind of uh support that obviously when we're working with governmental agencies or schools i think we'll be more accommodating and and look to uh make it more available thank you looking to the clock here we're almost at two and i do want to stay on track but lamuin from tab uh had one more and i apologize that is it okay if we maybe in other sessions uh lamuin with uh straws freedberg my question goes to the uh technical efficacy of your product i know that in your proposal you talk about some success rates and you've quoted some success rates from your own testing uh is there uh any plans on or have you done any independent testing of how many false positives you're getting how many false negatives and how uh when submitting this information as a yes-no answer to a particular website can that easily be uh spoofed or hacked in somehow when the information is transmitted okay um so first to the testing uh issue uh we haven't had any independent testing as of yet but we've conducted extensive testing in order to refine our algorithm so we went through uh you know tens of thousands of of measurements in order to see whether or not the the data was reproducible and dependable and we've managed to fine-tune that with regards to spoofing we have a number of implementation schemes you know ranging depending again on the partnership type deal if we're working with a website for instance some of our safeguards would mean that most of the analysis is actually done on the server side and not on the client side the client's only measuring raw data and sending it back and forth uh we use a number of additional hardware oriented safeguards all the um communication with the device back and forth even to the server is encrypted so uh we have you know thought deep and hard on how to overcome hacking and spoofing and whatnot but ultimately you know IT security uh constraints you know are still applicable great apologies to the gentleman from chat safe and net nanny and uh Cornell uh we're gonna I think for the moment just take our break till 2 15 please join me in thanking Dan