Microsoft proposes age-limited digital playgrounds

Microsoft has an idea for keeping children safe online: create "digital playgrounds," sites where visitors have to prove their age using digital identity credentials.

The idea was detailed in a paper Microsoft was set to release early on Wednesday as part of its Trustworthy Computing initiative. The concept builds on a notion called "End to End Trust" that Microsoft first proposed in April at the RSA Security conference.

The company is tackling the challenge of how to make the Internet safer not just for children, but also for adults wanting to conduct business, make transactions, and communicate with the confidence that the people they are interacting with really are who they say they are. A big concern is how to add more identity authentication without compromising the privacy of the people involved.

"I started thinking about how we identify people in the physical world three years ago, when my wife had a (baby) boy," Scott Charney, Microsoft's corporate vice president for Trustworthy Computing, said in a recent interview. "I was in the delivery room, and out he came, and the doctor said, 'What's his name?'"

"It occurred to me that all identity is based on social custom and derivative identity. Parents name the child, and the name is put on the birth certificate," which then becomes the irrefutable proof of that person's identity, he said. "We haven't done that on the Internet."

Microsoft proposes using existing identity verification systems, such as schools that register children for classes, post offices that verify identities for passports, and motor vehicle agencies that issue drivers' licenses, to help create digital credentials that people would use online.

"For example, I could produce my driver's license, stick it in a card reader, and prove it's really me," Charney said.

Under the scenario related to children, digital identity "cards," or credentials, could be based on either national identity documents created at birth or on identity documents schools use to determine age and identity for school registration, with parental permission. The data could be limited to age and proof of authenticity, and the credentials should be encrypted and require use of PIN numbers.

The Microsoft paper, entitled "Digital Playgrounds: Creating Safer Online Environments for Children," acknowledges that attempts at creating children-only online environments haven't quite taken off and cites the kids.us domain as an example.

"But there are reasons to believe that age-limited online services could be appealing," the paper states, mentioning that some sites might want to use age authentication as a feature to attract parents who want to keep their children away from predatory adults and teens who might want a more discreet experience than most dating and social-networking sites offer.

Interactive Web sites could be categorized into three areas: "general audience," for all ages, and "children only" and "adults only," both of which could require proof of age. The paper provides no specifics on how adults-only sites would authenticate, though it's likely that they would use the same digital credential system envisioned for children's sites.

Microsoft submitted its digital-identity approach, as outlined on its Web site, to the Internet Safety Technical Task Force, led by Harvard University's Berkman Center for Internet and Society, as well as to the European Commission, which is looking at online age verification concepts.

Digital information card infrastructure, such as Windows CardSpace or the open-source Higgins project, could be used in conjunction with the in-person proof.

Improving user authentication on the Internet isn't something that can be realized anytime soon, Charney admits.

"We'll get there, but it will take time," he says. "People work (on issues) for years and years, and suddenly, like a snowball rolling down the hill, it takes on critical mass... We're at the pushing-the-ball stage."