AB-1043 “Age verification signals: software applications and online services.”
Text https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202520260AB1043
Other info https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=202520260AB1043
California AB 1043 signed. Mandatory os-level, device-level, app store, and even developer-required age verification for all computing devices.
Just ranting
I get that at least some amount of lawmakers may just really and truly want to protect children and jump to creating laws that involve lots of things that they have no real understanding. And blowback that can and will be created by hyper focusing on a micro level (even if they think they are thinking macro) points. But there are far more of them that just want to keep one-upping other lawmakers in being “the most proactive” or “tough on crime” compared to other folks in power because of all the money they get ever election cycle (which never end).
I know why it would be a massive shitshow (the “antichrist” crowd turns every little thing into a “sign”), but kind of wondering when they will just push for laws to put pet style GPS chips in all children at this point. I mean it isn’t really much of a jump that they could require phones used by children to be forced to have GPS (and data) be registered to state level tracking (just like all the stuff collected by NSA already). But that wouldn’t be enough for the one-upping shit, and GPS chips would be usable if the devices aren’t with the children (or ones that don’t have devices yet). All extreme levels of shit, but eventually seems like they would be the only levels that could “go further to protect children” at some point.
I really look forward to seeing all the “fuck privacy even if you don’t have children” crowd catch literally all possible bad things that their own laws create happen to them personally. We already know that basically all the previous efforts to have kids only versions of things end up just creating massive targets for the very predators to get to the kids. And that automated flags can turn into so much false reporting without any real ways for the flagged accounts to speak with actual people to correct those false reports (YT being a great example even without anything involving children).
The government already slashes funds for things that aren’t police/military (things like the already existing social services that are for kids/education/families never have money for even general staffing). And the private contracted (for profit) companies already find ways to make more than the government contracts by making paid tiers and constant ads. So those private entities shouldn’t be trusted with data on children in the first place.
Read the bill. It’s not the horror show you are imagining.
Interesting, it’s vague, and obviously going to go through legal hurdles. Windows, Google, and Apple will just do it. Ubuntu might, but what about Debian, or any number of server OS’s? Will users need to verify their age logging into a server? What about forks? Forks of forks? OSes developed outside of the US?
Where this could be an opportunity, and hear me out, is that this could pave the way for privacy-friendly age checks to shut them up about “what about the children”. The bill says that all it needs to check is age - nothing else. If the OSS community can come up with a way to privacy-friendly validate age, then this whole thing could be solved. Websites wouldn’t need to store IDs, they could ask the browser who would check the OS. In fact, that might be the purpose of this bill, to curb all the “Just collect their IDs” with the websites. If the OS had a check stored securely that you’re over 18 and nothing else, then all other age checks could be cut.
Also interestingly, it reads like they might be angling against Microsoft and Google for collecting private information on minors because “We didn’t know they were minors, how could we?”.
I don’t like it one bit and it’s going to be completely unenforceable - and OSes like Arch will say “You can’t use this in California”, but if that’s the angle they’re trying to do, it might work.
Yeah it’s so good damn vague, you can say a simple checkbox of “I am above the age of majority” would suffice, or a full actual ID check whenever you make an account at Microsoft.
I think Linux distros will have to either make a check/declaration on their website or just block IP addresses from California.
I don’t know how far this will go, or if it means anything different by the start of 2026, when make laws here go into effect.
Yeah reading through the bill I’m feeling better about it.
Provide an accessible interface at account setup that requires an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
Where an “Account Holder” is:
(1) “Account holder” means an individual who is at least 18 years of age or a parent or legal guardian of a user who is under 18 years of age in the state. (2) “Account holder” does not include a parent of an emancipated minor or a parent or legal guardian who is not associated with a user’s device.
The way I read this, this bill actually assumes the person installing it is over 18 and an adult. (Let’s not argue with them on that). It’s simply saying that "You need to provide a way to create child accounts, and your app stores will need to respect that).
What I do not see is that OS’s must validate IDs or anything.
provide an accessible interface that allows an account holder to indicate the birth date, age, or both, of the user of that device for the purpose of providing a signal regarding the user’s age bracket to applications available in a covered application store.
“Mom or dad need to set the age bracket for junior so that apps rated NSFW can’t be downloaded”
This title does not require the collection of additional personal information from device owners or device users other than that which is necessary to comply with Section 1798.501.
Honestly, rereading it, this is how I would do age protection if I were to do it. Rereading this multiple times now, this might be the most privacy safe way to validate age, shut up lawmakers who cry “what about teh children!!!” and let us adults move on in peace.
You buy jr a laptop, it’ll ask on account creation how old they are. That’ll be a flag they can’t modify that will be passed into browsers and app stores. That will prevent children from accessing content they can’t. Adults then continue on. Jr grows up and either buys his own device, or mom and dad swap their account to adult.
This seems way less insane than the ‘let’s model online age verification on pubs’ laws we’ve seen in places like the UK and France.
If parents want nanny software they can install it on windows, no need to forcefeed this bullshit on everyone else.
It’s going to be a drop-down that a parent can select on account creation. No one is being forced into it, unless mom bought your device.
Hopefully you’re right, and the law doesn’t allow for an expansion of this to include “just give google your id bro”.
You can read it, it’s in your link. From what I read it explicitly says they cannot gather more info than they need.
Oh I know, but I’m hoping that Google can’t find another law that enables it. They have money for good lawyers for these things.
Google could do it right now if they wanted to. It’s not against the law to require your customers to provide PII to use services. It just opens them to bad press, liability for mishandling the data, and potentially liability for knowing a user is a minor and showing them mature content anyway.
