A Bad Idea Done Badly
Imagine being the proprietor of a convenience store or liquor store.
Then, imagine being told by the government that you not only need to check the identification of all of your customers under the age of 21, but that you need to retain a copy of all of their identification on the premises for inspection at any time.
Not just your current customers, but anybody who came into the store and made a purchase before the age of 21.
Think about the mechanisms for storage you would need to retain this data.
Then, think about security. Think about the threat vector having all this information within your store or offices would represent to scammers, data brokers, and other people who wish to do ill. Contemplate the liability implications of somebody getting their hands on the data you're warehousing or of an entry-level employee being fooled by a fake ID.
Now, think about what it would be like to face a five figure fine for each instance of non-retained identification from a customer.
This is roughly the scenario that smaller social media companies are facing thanks to age verification laws being adopted in some countries and by state legislatures in the US. In a classic version of “First They Came for…” these laws first popped up on the media radar when they were instituted in Utah targeting adult websites in 2023.
The UK adopted a similar law in 2023 that went into effect this year. The result? People trying to access mundane services like YouTube and Spotify were forced to turn over their IDs, face scans, or other biometrics to massive corporations to just hold onto (and definitely not use or sell). The privacy implications are awful.
Now, as a part of an ongoing moral panic about young people and the internet and as part of the intentional conflation within conservative circles of any queer oriented materials with pornography, these age laws are being adopted across the US. Below is a map of US states showing where the verification laws have been proposed, adopted, etc.
Recently, Bluesky, my social media service of choice (for the moment), started denying access to their servers from IP addresses originating in the state of Mississippi in order to avoid compliance with the state's age consent law (and the data security nightmare described above).
Additionally Dreamwidth (DW), a company founded by former programmers and execs at Livejournal, decided to block Mississippians from accessing their service. They laid out their reasoning, and I think it's worth quoting a length:
The Mississippi law is a breathtaking state overreach: it forces us to verify the identity and age of every person who accesses Dreamwidth from the state of Mississippi and determine who's under the age of 18 by collecting identity documents, to save that highly personal and sensitive information, and then to obtain a permission slip from those users' parents to allow them to finish creating an account. It also forces us to change our moderation policies and stop anyone under 18 from accessing a wide variety of legal and beneficial speech because the state of Mississippi doesn't like it.
The penalties for failing to comply with the Mississippi law are incredibly steep and include the potential for fines of $10,000 per user from whom DW doesn’t have age verifying documents.
Don't even get me started on what it would be like to operate a Mastodon Instance or some other decentralized form of social media with these onerous laws in place.
Small website and hosting companies don’t want to be responsible for this data and the oligarchic mega corps like Meta and YouTube are salivating at the idea of getting all of it.
It's possible to do the right thing the wrong way. But I honestly think this is an example of doing the wrong thing the wrong way. Yes, I would prefer that young people not have access to these materials but preventing that is called parenting and that’s a job I have done everything in my power to avoid.
It's also indicative of a trend within US society where rather than regulating corporations we regulate users. These laws put the onus on users to either turn over their identities to corporations or to lose access to Spotify, jus so kids don’t hear the word “F**k” in a song. It’s an absolute bassackwards way to protect children which in the end is really just going to further erode political speech.
I have dedicated numerous blog posts and newsletter editions to my concerns about young people having exposure to too much internet. But these laws are not a solution.
I am 45 years old and my Gmail account was established in 2004. It’s almost old enough to rent a car. Why in the hell should I have to upload a copy of my identification to be held in perpetuity by some corporation (with likely non-existent privacy and data protection policies) in order to watch soccer highlights or follow European transfer rumors?
Most of my adult life, conservatives have at least paid lip service to free speech. The arguments were always disingenuous, but it has never been clearer than now how hollow they were. With these laws, GOP-led legislatures are pushing laws that would make the internet less free and less open for all of us.
—
On the most recent episode of the podcast we have another in our Running a Small Biz in Tacoma series with Chris Langston of Proof. Check out that conversation and the entire series here.
As always, if you have any thoughts or feedback about the newsletter, I welcome it, and I really appreciate it when folks share the newsletter with their friends.