California Age Verification Law
If you live in Cali, please call Newsom and make your voice heard.
I found the news initially from here, linking to an article from Engadget giving a short overview. Here is the full bill from the International Centre for Missing and Exploited Children if you’d like.
The TL;DR of this bill is that it would require age verification at the OS-level, then requires the creation and implementation of a standardized API for the OS to communicate the user’s general age group (<13, 13-16, 16-18, or 18+) to app stores, apps, and websites. It’s at least a smaller attack surface since you wouldn’t give your ID and face to every app or website you want to use… but come on.
Do you really want to give your ID to Microsoft, Apple, and Google? Or maybe Samsung and OnePlus? These are just the tip of the iceberg. Are you ready to have your age verified by Roku? What about your smart TV? You know, the one that is famous for spying on you, whose industry is set on tracking your every single move. You want to watch R and M rated media, right? Or what about your Kindle?
To be clear, the bill does not require that an ID be the preferred form of age verification. However, looking at the trends elsewhere, we can all agree that it’s what will be used anyways, right? Additionally, what happens to tourists? If you visit California from another state, do you need to verify your age? What about tourists from another country? As far as I can tell, this is not specified in the bill.
They also have a fairly strict definition of mature content, referencing “18 U.S.C. 2256(2)(A) [or a state analogue]”. The referenced code has a pretty strict definition of mature content as effectively just porn, but that second bit makes me nervous. What if the state creates their own, broader definition later down the line? It could include anything as “mature content”, with potentially the most obvious being LGBT information.
And the punishment for not complying? Up to $10,000 per violation. That will add up quickly! And what about the cost of implementation? This is going to be a massive hurdle for smaller companies and put a damper on competition.
Crucially, section 4(d) stipulates that a “website, application, or online service with actual knowledge that a user is under 18 years of age” must implement parental controls. While good parental controls are always a nice thing to have, most of them are not good. But most importantly, THIS IS NOT A TECH ISSUE - IT IS A PEOPLE ISSUE! Making parental controls available, even good ones, does absolutely nothing if the parents don’t know what they are or how to use them. We should be focusing our efforts on public - and specifically parental - education and giving parents the time away from their jobs needed to properly raise their children; NOT on dystopian age verification.
Notably, only service providers who “make available” mature content are required to recognize and use this new API. However, nothing would stop more “family friendly” service providers from utilizing this new API. It’s a great data point, which I’m sure data brokers and ad agencies are going to love.
This is just yet another example of our devices that we bought and own being limited arbitrarily. And the real kicker is that this will do absolutely nothing to protect children. Kids are resourceful; they will find a way around this - hopefully by learning about Linux! So at the end of the day, all this does is place even more power in the hands of big tech, give the government even greater surveillance capabilities, bypassing our fourth amendment right, and make it harder for normal people to live their lives.