- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
AB-1043 “Age verification signals: software applications and online services.”
Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043
California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.
Edit: altered title from “ID check” to “Age Verification check”
I’m not sure how this is going to be enforceable. So, in essence:
The OS should have an accessible API that returns the age bracket of the user, presumably for the purposes of eliminating a lack of compliance on apps using children’s data for advertising. That’s not necessarily a massive problem, though I don’t like the idea of age brackets, I’d prefer it if it’s just a “Adult” vs “Child” bracket.
It doesn’t seem to be asking that the age be verified through some external provider, so simply stating the age of the user is enough.
App developers are expected to always request that information on launch/installation, which is simply not going to work because how would you enforce it for software made before this law came into effect?
The definition of “covered application store” is way too broad and covers basically anywhere you can download software, including things like public docker hubs or Github, so no that’s never going to work out. Apple and Google can maybe include the request for age brackets and provide that information by default as part of the SDK, but legacy software? Good luck getting WinRAR to request that information. You’ve essentially banned all software made before 2025.
So… The OS-level stuff isn’t a huge deal, but the requirements on app developers are way too strict and would be unworkable. If I were to re-write the bill, I’d make it so the age bracket must be available at the OS level, but not required by the app developer to actually use it. I would then add more strict requirements on sites to not use children’s data for advertising, with the reasoning being that they could have asked for the age bracket from the OS at any time, and the fact that they didn’t even bother means they actually wanted to use children’s data.
So the “age verification” boils down to the same level of security as that pop-up on PornHub asking if I’m over 18? And Newsom wants to create a legal precedent that can open the way to mandated State-controlled malware on every electronic device in the State just for that?
I mean, he’s a politician. He’s very aware that people can and do lie all the time. Which means that the stated goal of this legislation is very obviously not its actual goal.
The bigger problem IMO is the implication that a device/OS must have a defined “account holder” that is associated with an actual person with an age. Nevermind that there isn’t any verification happening that could de-anonymize a user or be breached - as an administrator, am I responsible for ensuring users only use a specific account with the correct age identified? What about google or apple? Are devices meant for children to be locked down so that new users or accounts can’t be created to circumvent restrictions?
This law is too vague to have any meaningful impact on child safety, and the implications behind it make future erosion of privacy far more likely.