California age verification bill backed by Google, Meta, OpenAI heads to Newsom

74 pointsposted 14 hours ago
by heavyset_go
(politico.com)

71 Comments

LorenPechtel

13 hours ago

Age gate means identification of the individual. Of course big tech loves that.

You can have age gating or you can have privacy. Same as you can have porn filtering or you can have privacy.

tzs

10 hours ago

The privacy implications for this bill for adults seem to be about the same as the privacy implications for the "Click if you are 18+" button on many websites.

If you are under 18 there is no checking to stop you from saying you are are 18+

The only people it seems might have their privacy slightly reduced are people under 18 who are using a computer or smartphone/tablet that had parental controls set up by presumably a parent or guardian before giving the minor access.

The bill requires that the parent be able to enter the minor's birthday or age in one place, and then provide a way that the age range (under 5, 5-10, 10-13, 13-16, 16-18, 18+) can be given to apps/sites if they ask for it.

Thus, if you are a minor using a device that was set up with parental controls and you try to use an app or site that is restricted, that app or site will find out your age range.

Eddy_Viscosity2

an hour ago

Is there irony in the fact that Americans will pass privacy invading laws to protect kids from porn, but not gun laws to protect them from being shot at in school? How many kids die from porn exposure every year?

nicce

12 hours ago

Porn sites have been there almost 20 years. Why it is problem right now? Is there extensive recent research about it? Or now we just have the capability?

user

11 hours ago

[deleted]

nick__m

11 hours ago

I remember pop-up porn adds started to appears around 1995 or so and 1995 is 30 years away...

privatelypublic

11 hours ago

I ember them showing up and then being limited to super shady sites PDQ.

Which makes sense- since exposing minors to pornography was a crime, and got even more illegal somewhere in that time frame, along with the web becoming "professional" (whitehouse top level domain mixup stories anyone?), the honest pornography sites all started self-regulating and asking if somebody is an adult before anything naughty gets shown.

betaby

9 hours ago

> Why it is problem right now?

Push from the different generation? Late boomers got very puritan with age, also see themselves as more moral, again with age.

burnt-resistor

9 hours ago

Nope, not here. Perhaps you live in some totalitarian shithole where you lack privacy or haven't figured out how VPNs work.

kristopolous

11 hours ago

My favorite is Montana where you have to provide more identification to view a naughty jpeg then buy a firearm.

zelse

13 hours ago

In practice, 100%. In theory we could likely design "good enough" anonymous systems that work like buying alcohol or tobacco in most countries (buy a scratch token in cash at a corner store after showing ID, picked at random from a box of them - contains a number, possession of which is theoretical proof that you had your ID verified at purchase)...but of course, the real purpose of age-gating is exerting a chilling effect, so we'll never hear about privacy-preserving methods.

(NB: I am firmly opposed to any of this. The solution for parents concerned about their kids is parenting and parental controls, not giving authoritarians of all stripes the means to snoop and ban whatever they decide is obscene or troubling.)

dh2022

9 hours ago

This approach could create a black market where,say, high school seniors would buy these tokens and resell to high school sophomores/juniors.

readams

12 hours ago

Big tech has generally not loved this because they know that adding friction like id checks massively reduces attach rates. This is watered down enough that it's likely seen as a lesser evil.

BoredPositron

11 hours ago

A new account on Facebook, Instagram or Google/YouTube will usually instantly get restricted and triggers either ID or Phone verification anyways.

jart

12 hours ago

No one ever explains why it's so important that everyone always conceal their identity on the web, as though it were some global red light district. The most successful tech platforms all succeeded by getting people to be trusting enough to say who they are, like Twitter, Facebook, etc. It's worth billions of dollars to create any online space that isn't anonymous.

filchermcurr

11 hours ago

It's important to conceal your identity because the internet is forever. Your comments, opinions, beliefs, embarrassing moments... all recorded (essentially) for life. This happens through administration changes, different jobs, life changes, belief shifts, different friends and partners, etc. Without anonymity, anybody can comb through your entire history to make any point they want. To justify any accusation about you they want using 'evidence' from years past. To stalk or harass. To fire you for daring have an opinion about something. Depending on your government, to arrest you for what you've said in the past.

A huge issue with the modern web is that everything is seen as a profit motive. I don't care how many billions of dollars tracking everything we do and tying it to our person is worth. I don't want it.

burnt-resistor

9 hours ago

And hostile regimes can surveil, harvest, and buy up data to murder their opponents. "It can't happen here" is always naive "logic".

jart

11 hours ago

That's a good thing since it means we have the opportunity to be remembered for eternity. Information is permanent. Also don't think that just because the system doesn't reveal who you are to other users today that your identity and life activities won't be decloaked later on should culture or policies ever change. If you're open, trusting, and use your real name today, you'll at least get the benefits and glory of eternal fame while you're alive.

burnt-resistor

9 hours ago

Except the right to be forgotten and not doxxed.

serf

11 hours ago

OK.

Here's an easy explanation.

Someone you don't like somehow gets voted into power and begins trying to enact changes towards a social group you belong to.

Building anonymous systems is one way to avoid Bad Actor X from having Big List Y, leading to Atrocity Z.

Having a really successful social network isn't a goal post, it's just a result.

Great -- it made a zillion dollars, meanwhile we've built the biggest leakiest information trove on individuals, for individuals to be exploited, ever imagined.

jart

11 hours ago

Already happened with USG. You know who doesn't discriminate against my group? Big tech companies. If they can step up and take on more responsibility for identity verification in our society, then my social group will be less oppressed. The California Republic must lead the way.

16bitvoid

11 hours ago

They may not themselves, but they'll happily sell your info or give it up to avoid losing money to someone who would.

user

11 hours ago

[deleted]

heavyset_go

10 hours ago

> You know who doesn't discriminate against my group? Big tech companies.

Yes, they just give megaphones to, and make bank on, the propagandists that are responsible for the current moral panic that's resulted in the US government discriminating against LGBT people.

These are the same companies that facilitated propaganda that led to hate and violence like this[1]. A deeper look with plentiful citations is here[2] from the Harvard Systemic Justice Project.

To give you an example that happened here in the US, a friend recently moved back to the city because his neighbors felt emboldened to constantly call him slurs on Facebook when they disagreed with him. He couldn't use local Facebook groups without bigots following him around and calling him slurs. They felt emboldened after this[3], knowing Facebook would do nothing about it. Discriminatory harassment over Facebook after their policy shift drove him from his own home. Facebook's policies allowed a community to successfully rid itself of a minority it didn't want to see or hear.

[1] https://www.pbs.org/newshour/world/amnesty-report-finds-face...

[2] https://systemicjustice.org/article/facebook-and-genocide-ho...

[3] https://www.nbcnews.com/tech/social-media/meta-new-hate-spee...

jart

7 hours ago

The first amendment protects free speech. The people must have their say.

heavyset_go

7 hours ago

We both know that the First Amendment binds the government and doesn't bind private entities.

jart

6 hours ago

What do you want tech to do? Use agents to deploy an apparatchik to every man woman and child? Wouldn't that leave people like you out of a job? What would you do all day? Tech platforms should take no part in the social disagreements of the people. They should be neutral unbiased providers of digital space.

_heimdall

11 hours ago

You may be combining or missing a few factors.

Tech platforms are valued at billions of dollars because they found ways of convincing their users to give up anonymity. That has nothing to do with whether the anonymity was important.

corytheboyd

11 hours ago

> No one ever explains why it's so important that everyone always conceal their identity on the web.

I live next to idiots with gigabit and guns, that’s why.

no_wizard

11 hours ago

Reddit stands out against this wave. I reckon that Reddit is worth at least a billion

fortran77

11 hours ago

I think they love it to because it will be another barrier for a little small start up from entering the market. You'll need to spend so much on regulatory issues and compliance that only the biggest, established companies can have a business.

ranger_danger

12 hours ago

The text of this bill would be satisfied by a website simply having a "Yes, I'm over 18" button on the front.

polyomino

13 hours ago

The MPAA's argument against this bill is a complete joke:

>MPA urged state lawmakers to reject Wicks’ bill this week in a letter, obtained by POLITICO, claiming device-based age checks may sow confusion; for example, if parents and kids had separate Netflix profiles under one account that’s logged in on multiple devices.

To the point where I'm asking if someone needs some token opposition to frame this obvious bill a political win?

_heimdall

12 hours ago

There are legitimate arguments that can be made against this bill...that is not one of them.

avarun

13 hours ago

This bill is a strictly better version of the age gating initiatives that have been passed in other states and countries like the UK and Australia. If age gating is inevitable, and it seems as though it is, this is the least bad way to do it — enforcing the onus on device manufacturers, who can do verification one time and then throw away the information.

_heimdall

12 hours ago

> If age gating is inevitable

What could possibly make it inevitable? We are either okay with those with authority forcing us to ID ourselves in some form or we aren't.

userbinator

13 hours ago

and it seems as though it is

Only with that attitude will it be.

g-b-r

11 hours ago

It would easily mean that you're required to have an unmodified device, running a locked down system, to be able to access any service that uses age verification.

Although, a much more sensible alternative, would be to have parents (that do want the control) give their sons devices that send the "minor alert" signal, and have the services detect that.

g-b-r

11 hours ago

Of course all these measures risk making identifying minors trivial for any website and app, which is... not really ideal

g-b-r

11 hours ago

And this specific proposal seems to let anyone know if your kid is:

(A) Under five years of age.

(B) At least 5 years of age and under 10 years of age.

(C) At least 10 years of age and under 13 years of age.

(D) At least 13 years of age and under 16 years of age.

It seems a menu, I wonder what could go wrong....

GeneralMayhem

12 hours ago

Bill text: https://legiscan.com/CA/text/AB1043/id/3193837

This seems... not terrible? The typical counter-argument to any "think of the children!" hand-wringing is that parents should instead install parental controls or generally monitor what their own kids are up to. Having a standardized way to actually do that, without getting into the weirdness of third-party content controls (which are themselves a privacy/security nightmare), is not an awful idea. It's also limited to installed applications, so doesn't break the web.

This is basically just going to require all smartphones to have a "don't let this device download rated-M apps" mode. There's no actual data being provided - and the bill explicitly says so; it just wants a box to enter a birth date or age, not link it to an actual ID. I'm not clear on how you stop the kid from just flipping the switch back to the other mode; maybe the big manufacturers would have a lock such that changing the user's birthdate when they're a minor requires approval from a parent's linked account?

That said, on things like this I'm never certain whether to consider it a win that a reasonable step was taken instead of an extreme step, or to be worried that it's the first toe in the door that will lead to insanity.

ndriscoll

12 hours ago

The language suggests to me that GitHub would be a covered app store and a FOSS Linux distribution without an age gate API would be illegal in California (along with all programs that don't check the age API, e.g. `grep`), so it seems quite a bit worse in terms of killing free speech and culture than requiring adult sites to check id to me.

Notably, a "covered app store" doesn't seem to need to be... a store. Any website or application that allows users to download software is covered. There's no exemption for non-commercial activity. So every FOSS repo and programs like apt are covered? The requirement is also that developers will request the signal. No scoping to developers that have a reason to care? So vim is covered? Sort? Uniq?

Honestly I can't believe big tech would go along with it. Most of their infrastructure seems like it would clearly be illegal under this bill. Either there's something extremely obvious I'm missing or every lawyer looking at this bill is completely asleep at the wheel.

derbOac

11 hours ago

This is what worries me a bit, that this will be used as an excuse for walled gardens and so forth.

"We can't allow side loading because that would be illegal in terms of age verification".

I would love to be wrong about this though.

g-b-r

11 hours ago

It's beyond obvious that it will, and it's why Google and Apple support it

samrus

7 hours ago

Article says apple hasnt said anything about it yet, neither for nor against

samrus

7 hours ago

So the proposal is that parents just input the age on their kid's device, and apps pull the age range to limit content.

Thats actually reasonable. Does not personally identify anyone, can be opted out of as easily as those "i am over 18" buttons. The only freedom being lost is by minors to their parents, which is already how things work. I like this

ranger_danger

13 hours ago

The bill doesn’t actually require any real age verification... it just asks people to provide a (any) birthdate for the purposes of categorizing their access by age bracket. It doesn’t say anything about the information having to be accurate, and gives no penalties if you lie.

I'm still against age verification in general, but I don't think this particular bill warrants the massive outrage similarly being made lately about more serious age verification laws, as it does not require any facilities for actually verifying, well, anything.

https://trackbill.com/bill/california-assembly-bill-1043-age...

sigmar

12 hours ago

>to provide a developer, as defined, who has requested a signal with respect to a particular user with a digital signal via a reasonably consistent real-time application programming interface regarding whether a user is in any of several age brackets, as prescribed.

Summary reads to me as this bill requiring calls to an API to verify the user's age.

ranger_danger

12 hours ago

> requiring calls to an API to verify the user's age

By simply asking for their age. There's nothing about requiring that the age is actually attempted to be verified as accurate at all. And the "age bracket" is specifically defined as nonpersonally identifiable information.

And it still gives no consequences for wrong/fake information.

Interestingly, they also define a "developer" simply as "a person that owns, maintains, or controls an application".

Wouldn't that inherently include all users of a computer in general?

nl

11 hours ago

> There's nothing about requiring that the age is actually attempted to be verified as accurate at all.

To quote: requires a business that provides an online service, product, or feature likely to be accessed by children to do certain things, including estimate the age of child users with a reasonable level of certainty appropriate to the risks

"Reasonable level of certainty" requires some kind of attempt at verification. In Australia for example they allow facial estimation software (which I agree is not good, but it provides some kind of estimate the government is happy with)

> And it still gives no consequences for wrong/fake information.

Where are you seeing that?

To quote the bill:

> This bill would punish noncompliance with a civil penalty to be enforced by the Attorney General, as prescribed.

And:

  line 17 A person that violates this title shall be subject
  line 18 to an injunction and liable for a civil penalty of not more than two
  line 19 thousand five hundred dollars ($2,500) per affected child for each
  line 20 negligent violation or not more than seven thousand five hundred
  line 21 dollars ($7,500) per affected child for each intentional violation,
  line 22 which shall be assessed and recovered only in a civil action brought
  line 23 in the name of the people of the State of California by the Attorney
  line 24 General.

tzs

10 hours ago

From the bill section 1798.501(b):

> (2)(A) A developer that receives a signal pursuant to this title shall be deemed to have actual knowledge of the age range of the user to whom that signal pertains across all platforms of the application and points of access of the application even if the developer willfully disregards the signal.

> (B) A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer that indicates that a user’s age is different than the age bracket data indicated by a signal provided by an operating system provider or a covered application store.

> (3)(A) Except as provided in subparagraph (B), a developer shall treat a signal received pursuant to this title as the primary indicator of a user’s age range for purposes of determining the user’s age.

> (B) If a developer has internal clear and convincing information that a user’s age is different than the age indicated by a signal received pursuant to this title, the developer shall use that information as the primary indicator of the user’s age.

https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

nl

9 hours ago

I think you are agreeing with my interpretation, right?

tzs

7 hours ago

Nope. The bill says that a developer that receives the age signal is deemed to have actual knowledge of the user's age range.

As long as they don't willfully disregard clear and convincing contradictory information from somewhere else the signal is good enough.

anenefan

14 hours ago

The bill is a bad idea. Of course big tech likes it, more id equals higher value data they can scrape. When (if?) it arrives it'll be two seconds before some places on the web will need more to be sure the person who set up the entire phone or app is actually not under age, thus the person setting it up will have to provide id ... the bill is a anonyphobes wet dream come true.

klysm

13 hours ago

It’s also regulatory capture. Harder for competitors to meet regulatory barriers

syntaxing

12 hours ago

This bill seems reasonable according to the article? It allows the device to state the user is underage and the site must act accordingly rather than gating users to a site and must prove their age. But then again “the road to hell is paved with good intentions" so no clue how it’ll play out in reality.

yepitwas

12 hours ago

This is almost an amazing thing. Some common top-level way to set parental controls across systems would be a godsend. That’s all a giant pile of time-wasting shit right now.

However, any system that just uses age is useless. They’re always excessively cautious, so you may as well just not provide access at all for kids between the ages of 6 and 12 or so, if that’s all you have.

No, block all + allow lists are still where it’s at. Please make those work better.

(If anyone knows the magic to make Minecraft [java] work with macOS allowlist-only network access, I’d love to know what it is. The fucking launcher wants to talk to a half-dozen bare IP addresses to work, and the addresses change seemingly every single launch, from a pool of what must be many hundreds, at least, it’s completely unusable)

akersten

12 hours ago

How does the government mandating the way an operating system works seem reasonable?

theossuary

12 hours ago

It seems very reasonable to require a feature in an OS, like requiring seatbelts in a car. Of course, it depends on the feature though.

nicce

12 hours ago

I could also mean that if you don’t have TPM on your computer and the OS is not in the ”allowed” list, you can’t access anything. I hope that this is not the path we will see.

theossuary

11 hours ago

Agreed. But talking in generalities like "the government should be allowed to mandate a feature" leads to silly arguments like "government can't mandate airbags." We should be having the discussion about what the goal is, what the mandate would be, and what the side effects could be. Otherwise the conversation is too high level to mean anything.

nicce

12 hours ago

How to verify that device is not faking the age? I bet here comes the remote attestation…

syntaxing

10 hours ago

I think this is more of a liability thing. If the parent set the age as underage and the kid does a bunch of stuff to circumvent that, it’s on the kid and parent and not the website.

user

12 hours ago

[deleted]

user

12 hours ago

[deleted]

burnt-resistor

9 hours ago

Technofeudal Big Mother is here to deanonymize you and steal your personal identifiers to sell to data brokers because "Think Of The Children™!" Fuck age verification with 240 VAC.

mouse_

13 hours ago

Regulatory monopolists.