At first I thought what I read was click bait, the state of California quietly passed a law that requires every operating system provider in California to collect age information from users at account setup and transmit that data to app developers via a real-time API. Called California’s Digital Age Assurance Act (AB 1043), will be taking effect on January 1, 2027.
Of course this law is under the guise of protecting children that are using computers online, however, not only is this law ambiguous, it carries some serious consequences. Penalties for non-compliance run up to $2,500 per affected child for negligent violations and $7,500 for intentional ones.
This may work with an OS that have centralized account infrastructure (ex: Microsoft’s), however, how is this going to work with an open source based OS such as Linux? The problem is, because it is open source, who is responsible for compliance? Some distros are maintained by a group of volunteers or a single individual as a hobby. Being ‘Free & Open Source’, these distros are not owned by or ‘sold’ to anyone, also, being open source, anyone can just disable or remove that code.
Even if these distro maintainers somehow figure out how to make this work and comply, what’s stopping these law makers from then taking it to the next level? Remember, this API only reports what the end user enters as an age or birth date. What’s stopping users from just lying? Now if the API infrastructure is in place, the next step is age verification and how is that going to be done?
Governments have this backwards; I believe that this is not the responsibility of the OS, the onus should be placed on the businesses that provide the online products or services that are age sensitive. Have a system like they have for the movie industry (ex: this content/service is rated 18+); Parents/guardians then can set limits/filters on their devices and have the responsibility for the children under their care. Fine them for negligently allowing children to access content or services that they should not have access to.
Now you are probably wondering why I care about what a state in another country is doing, and I do have a good reason. Other states and other countries are watching as this unfolds, and if this law sticks, they are going to adopt similar if not the same law. Now California is the most populated state with the largest economy in the US, so whatever they can get away with, the others will follow. If the whole nation then adopts this law, then other nations will also do the same. This will destroy privacy, the open source OS and community (Microsoft would love that), and make the internet a police state.
If you live in California, you need to contact your political representative and voice your displeasure in this law and let them know that it is broken and how it will ruin lives. Let them know you are not voting for them in the next election if they don’t fix this. Everyone needs to pay attention to what their political representatives are doing, don’t let them sneak in bad policy/laws. Remember, they represent YOU and you need to make sure they are doing what is right in the right way. Also, make sure everyone in your social circles are aware and know what’s going on and how important it is to hold their political representative acountable.
this is an incredibly well written and very informative article. this covers a very prevalent nuanced topic because when people are presented with the concept of “protect the children” it is a no brainer people will want to support that cause. however when it comes to the internet and our, along with children’s usage of it, many people are not educated on the nuances that come along with the internet and how restrictions to the internet as a whole are incredibly harmful. yes children would benefit from not being able to access the entirety of the internet at a young age, but adding age verification is NOT a good way to achieve this. I hope this article has good reach because this discussion is very important.
You bring up great points and it’s nice seeing someone outside of the US care about laws like this when it affects its citizens. I would also like to add that this also is dangerous for adults because there’s always a third party somewhere that are collecting all the data from age verification, there’s SO much examples of this happening of all types of “age verification”. At this point it just seems like another word for free use for data miners. In Texas, where I’m from so I personally been affected, they already have a bunch of sites on lockdown that age verification can’t even by pass because they also don’t believe in age verification, so there’s no win, either you follow through and give out your information or they just completely shut you out. Innocent adults shouldn’t have to suffer because people don’t want to parent anymore. This law they’re trying to pass is NOT OK, because you’re right, who would be held responsible for that hefty fine? Should it be the company that failed to verify their age or the parent for allowing the child on the internet and have them lie and by pass the system? People fail to realize how smart and crafty children are, most kids can already find ways around age verification. This doesn’t stop them, it only harms adults. I personally think they got this all wrong and that this is not the way to protect children from the internet.