US state laws push age checks into the operating system • The Register

Many web sites, social media services, and other platforms require age verification on the theory that it will protect kids from seeing inappropriate content. But now some US states want to require the operating system itself to check your age and that could cause big headaches for FOSS vendors.

The top line of California’s Assembly Bill No. 1043 says: “AB 1043, Wicks. Age verification signals: software applications and online services.” It was approved last October, but it’s hit the headlines this week. In brief:

To summarize: OS vendors must collect and store the age or date of birth for each user account, and the OS must inform app stores. In a way that is not anti-competitive, of course. Yay, capitalism.

It’s not alone. Colorado’s Senate Bill 26-051 [PDF], titled “A Bill for an Act Concerning age attestation for users of computing devices,” requires OS vendors to collect and store age brackets for users, and tell app stores if they’re underage – and developers must check for it. If you fail to do this negligently, there’s a $2,500 fine; if you do so intentionally, it’s $7,500. That’ll intimidate all those dotcom billionaires.

New York Senate Bill S8102A goes further. It “requires manufacturers of internet-enabled devices to conduct age assurance” to check all users’ ages, and provide this info to “all websites, online services, online applications and mobile applications” – as well as app stores.

For commercial OSes, this is not such a big problem. Yes, it’s government-mandated snooping and snitching, but recent versions of most Microsoft and Apple OSes demand some kind of online account, and Apple wants you to add a payment method too.

It’s a bigger problem for FOSS OSes, though. Some are taking pre-emptive action. FreeBSD distribution MidnightBSD has added a clause to its license:

The DB48X scientific calculator app has done similar, banning users in California next year and Colorado in 2028.

It’s causing wider concern, and there are discussions in the Fedora Project as well as in the Linux Mint forums. Even the FreeDOS Project is discussing it, although since FreeDOS doesn’t have user accounts, or a web browser or an app store, there’s little the project is able to do. Canonical’s VP of engineering, Jon Seager, who talked to us last November, said in the Ubuntu Discourse that the company has its lawyers looking into it.

Around the same time, we reported from the Ubuntu Summit on the news that the COSMIC desktop was coming soon. That speaker has also published one of the more nuanced takes we have seen on the subject so far. System76 on Age Verification Laws, from the company’s CEO, Carl Richell, argues against the bills, saying that they’re too loosely specified and wide-ranging, and also that they won’t work because kids will easily circumvent them.

This isn’t just a US problem. The EU also has guidelines for protecting minors that could have wider ramifications. In the meantime, we only wish that more governmental bodies were as clued up as those in Norway. ®

Bootnote

The Reg FOSS desk has had an Apple account since about 1996, before the NeXT deal was even on the cards, and back then Apple had no payment mechanisms. These days, he finds considerable amusement in watching various bits of macOS throw errors at him because he literally can’t pay for anything. We haven’t tried, but there are reportedly ways around this, and Macworld has steps to remove your payment method.