Why I Emphatically Oppose Online Age Verification Mandates

I’ve posted a new paper, “The “Segregate-and-Suppress” Approach to Regulating Child Safety Online.” If that phrase sounds familiar, it’s because I’ve been referencing this paper on the blog for months. The paper details my extensive and multi-dimensional criticisms of mandatory online age authentication laws, which I consider one of the greatest threats to a free and functional Internet today.

(Caveat: the Trump Administration’s authoritarian and fascist moves in areas beyond Internet Law pose an even greater and more immediate threat to our society and the Internet. But if you oppose the Trump administration’s lawless authoritarianism and blatant disregard for due process and Constitutional rights, I urge you to reflect upon how mandatory online age authentication will give him and other authoritarian governments even more power to target and suppress dissent and critics. Freedom Protip: don’t give authoritarian fascists more legal or technical ways to control Internet speech).

I hope you’ll take a look at the paper, but I caution that it’s probably not a fun read. Like many of my papers nowadays, readers are likely to come away angry about the legal system’s dysfunction–and especially how little policymakers seem to care about making good policy that actually protects children.

* * *

Mandatory online age authentication isn’t a new policy idea. It dates back at least to 1996 when Congress passed the Communications Decency Act (CDA), which imposed an implicit age authentication requirement on virtually every website. The Supreme Court struck down the CDA in 1997 in Reno v. ACLU. Following the judicial flameout of the CDA’s successor, the Child Online Protection Act (COPA), mandatory online age authentication as a policy initiative largely went dormant for over a decade.

In the wake of minors’ heightened Internet use due to the COVID pandemic shutdown, mandatory online age authentication roared back as a policy priority in a big way. I don’t have a complete census of U.S. laws that now mandate online age authentication, but it’s in the dozens. The laws are hard to inventory or track because they are multitudinous and have heterogeneous structures and definitions.

In my view, any law that requires online age authentication is unambiguously unconstitutional per the still-governing CDA and COPA precedents. Legislatures don’t care about that obvious problem. For example, Texas passed a law extremely similar to the CDA and essentially dared the courts to strike it down. The Fifth Circuit, being the Fifth Circuit, thought the law was swell; I expect the Supreme Court will reverse that, at least in part.

Because of this rapidly changing and chaotic legal situation, I decided to sidestep the constitutionality questions in the paper. Instead, my paper focuses on the policy problems with the law. That way, no matter what the Supreme Court does in the Free Speech Coalition v. Paxton case, my paper will still have value to the policy discussions.

I hold uncompromising views on this topic. For reasons I explain in 63 anguished and tear-stained pages, I am a categorical “no” on all online age authentication mandates. To me, it doesn’t matter what the laws are called, how the authentication duties are styled, what sales hooks the vendors use to obfuscate their solutions’ deficiencies, or what hypothetical fantasy outcomes policymakers think will materialize if the technologists just “nerd harder”–I oppose them all. As the EFF explained:

[Authentication] methods don’t each fit somewhere on a spectrum of “more safe” and “less safe,” or “more accurate” and “less accurate.” Rather, they each fall on a spectrum of “dangerous in one way” to “dangerous in a different way.”… every solution has serious privacy, accuracy, or security problems

Due to this obvious fact, I’m baffled by the near-universal belief that mandatory online age authentication is a legitimate tool in policymakers’ child safety toolkits. I wonder if the advocates don’t understand the consequences, in which case their ignorance should disqualify them from working on child safety policy altogether. Worse, perhaps the advocates do understand the terrible policy consequences and nevertheless are using “the kids” as a “get-out-of-critical-scrutiny” card. The paper calls out and condemns both categories of policy advocates. The paper ends with a request: stop characterizing pro-authentication advocates as “well-meaning” or “well-intentioned.” Anyone who proceeds blindly with respect to child welfare or uses kids as political props is neither.

* * *

I’ll close this post with a special request to privacy advocates. I am also baffled by the privacy community’s response to laws imposing online age authentication mandates. Many privacy advocates simply note the developments dispassionately and without any criticism, and a small but vocal segment cheers for the laws “because kids.”

If you care about privacy and aren’t resisting these laws with everything you’ve got, then (as Alexander Hamilton says in Cabinet Battle #2) “You must be out of your goddamn mind.” Age authentication mandates pose one of the greatest threats to consumer privacy we’ve ever seen. (If that’s not obvious, my paper explains why). If we lose the battle against these mandates, then every other privacy policy win will be overshadowed by this loss. If there is any hope for online privacy in the future, we must make a stand here.

* * *

Blog Posts on Segregate-and-Suppress Obligations

• California’s Age-Appropriate Design Code (AADC) Is Completely Unconstitutional (Multiple Ways)–NetChoice v. Bonta
• Another Conflict Between Privacy Laws and Age Authentication–Murphy v. Confirm ID
• Recapping Three Social Media Addiction Opinions from Fall (Catch-Up Post)
• District Court Blocks More of Texas’ Segregate-and-Suppress Law (HB 18)–SEAT v. Paxton
• Comments on the Free Speech Coalition v. Paxton SCOTUS Oral Arguments on Mandatory Online Age “Verification”
• California’s “Protecting Our Kids from Social Media Addiction Act” Is Partially Unconstitutional…But Other Parts Are Green-Lighted–NetChoice v. Bonta
• Section 230 Defeats Underage User’s Lawsuit Against Grindr–Doll v. Pelphrey
• Five Decisions Illustrate How Section 230 Is Fading Fast
• Internet Law Professors Submit a SCOTUS Amicus Brief on Online Age Authentication–Free Speech Coalition v. Paxton
• Court Enjoins the Utah “Minor Protection in Social Media Act”–NetChoice v. Reyes
• Another Texas Online Censorship Law Partially Enjoined–CCIA v. Paxton
• When It Comes to Section 230, the Ninth Circuit is a Chaos Agent–Estate of Bride v. YOLO
• Court Dismisses School Districts’ Lawsuits Over Social Media “Addiction”–In re Social Media Cases
• Ninth Circuit Strikes Down Key Part of the CA Age-Appropriate Design Code (the Rest is TBD)–NetChoice v. Bonta
• Mississippi’s Age-Authentication Law Declared Unconstitutional–NetChoice v. Fitch
• Indiana’s Anti-Online Porn Law “Is Not Close” to Constitutional–Free Speech Coalition v. Rokita
• Fifth Circuit Once Again Disregards Supreme Court Precedent and Mangles Section 230–Free Speech Coalition v. Paxton
• Snapchat Isn’t Liable for Offline Sexual Abuse–VV v. Meta
• 2023 Quick Links: Censorship
• Court Enjoins Ohio’s Law Requiring Parental Approval for Children’s Social Media Accounts–NetChoice v. Yost
• Many Fifth Circuit Judges Hope to Eviscerate Section 230–Doe v. Snap
• Louisiana’s Age Authentication Mandate Avoids Constitutional Scrutiny Using a Legislative Drafting Trick–Free Speech Coalition v. LeBlanc
• Section 230 Once Again Applies to Claims Over Offline Sexual Abuse–Doe v. Grindr
• Comments on the Ruling Declaring California’s Age-Appropriate Design Code (AADC) Unconstitutional–NetChoice v. Bonta
• Two Separate Courts Reiterate That Online Age Authentication Mandates Are Unconstitutional
• Minnesota’s Attempt to Copy California’s Constitutionally Defective Age Appropriate Design Code is an Utter Fail (Guest Blog Post)
• Do Mandatory Age Verification Laws Conflict with Biometric Privacy Laws?–Kuklinski v. Binance
• Why I Think California’s Age-Appropriate Design Code (AADC) Is Unconstitutional
• An Interview Regarding AB 2273/the California Age-Appropriate Design Code (AADC)
• Op-Ed: The Plan to Blow Up the Internet, Ostensibly to Protect Kids Online (Regarding AB 2273)
• A Short Explainer of Why California’s Social Media Addiction Bill (AB 2408) Is Terrible
• A Short Explainer of How California’s Age-Appropriate Design Code Bill (AB2273) Would Break the Internet
• Is the California Legislature Addicted to Performative Election-Year Stunts That Threaten the Internet? (Comments on AB2408)
• Omegle Denied Section 230 Dismissal–AM v. Omegle
• Snapchat Isn’t Liable for a Teacher’s Sexual Predation–Doe v. Snap
• Will California Eliminate Anonymous Web Browsing? (Comments on CA AB 2273, The Age-Appropriate Design Code Act)
• Minnesota Wants to Ban Under-18s From User-Generated Content Services
• California’s Latest Effort To Keep Some Ads From Reaching Kids Is Misguided And Unconstitutional (Forbes Cross-Post)
• Backpage Gets Important 47 USC 230 Win Against Washington Law Trying to Combat Online Prostitution Ads (Forbes Cross-Post & More)
• Backpage Gets TRO Against Washington Law Attempting to Bypass Section 230–Backpage v. McKenna
• MySpace Wins Another 47 USC 230 Case Over Sexual Assaults of Users–Doe II v. MySpace
• MySpace Gets 230 Win in Fifth Circuit–Doe v. MySpace
• Website Isn’t Liable When Users Lie About Their Ages–Doe v. SexSearch