Proof of personhood at submission

Tools that can generate and lodge submissions at unlimited volume are now widely available, so as automated submission grows, a consultation process must be able to separate input a real person was involved in from input produced entirely by automated systems. This is distinct from identity verification (knowing who someone is): proof of personhood asks only whether a human was involved, without necessarily identifying them.

World ID (formerly Worldcoin). World's proof-of-personhood system uses iris scanning via custom biometric devices (Orbs) to generate a unique encrypted identity marker. The Semaphore protocol enables zero-knowledge proof of uniqueness, proving membership in the "verified humans" set without revealing identity. By early 2026 nearly 18 million people had verified at an Orb, with consumer integrations including Razer, Tinder (Match Group), Zoom, and Docusign. It is privacy-preserving in theory but raises serious concerns about biometric data collection, centralized control, and accessibility. See Gate Learn, world.org, and AMBCrypto.

CAPTCHA and its successors. Traditional CAPTCHAs are increasingly ineffective against AI. Google's reCAPTCHA v3 operates invisibly via behavioral analysis, but its scoring is opaque and declining in accuracy. Privacy Pass (Cloudflare and Apple) offers token-based proof of humanness without tracking.

The US Comment Integrity and Management Act of 2024 (H.R. 7528). This bill passed the US House of Representatives by voice vote in May 2024 but never passed the Senate and lapsed when the 118th Congress ended in January 2025, so it did not become law. As a House-passed bill it nonetheless evidences legislative intent: it sought to address the flood of AI-generated comments on Regulations.gov by requiring "human verification to ensure that the comments are coming from a real person." It did not propose to block AI-generated comments outright but would have established a management framework, including how mass "form letter" comments must be published. It is the most direct legislative precedent for requiring proof of personhood in a public submission context, even though it never came into force. See Congress.gov, Nextgov, and CSG.

The FCC net neutrality comment crisis (2017). The FCC received 22 million comments on its net neutrality repeal; the New York Attorney General estimated 9.6 million may have used stolen identities. A 19-year-old submitted 7.7 million comments via automated software; another 1.6 million came from fictitious entities. The crisis demonstrated that volume-based comment systems are trivially gameable and that the damage is retrospective, with fake submissions identified months or years later. See IAPP, The Hill, and the ACUS final report.

Medium transferability with serious access trade-offs. Proof of personhood addresses the "unlimited volume" half of the problem directly, and the Comment Integrity and Management Act provides a direct legislative analogue for Australian consultations. But the spectrum of mechanisms involves difficult trade-offs:

A tiered approach lets agencies set requirements proportionate to the stakes and vulnerability of the process. Low-stakes consultations might accept email verification; high-stakes regulatory proceedings might require verified identity. The critical design decision is whether personhood verification is binary (submit or don't) or gradient (submissions carry different assurance signals visible to analysts).