California's Digital Age Assurance Act, and FOSS

Posted by todsacerdoti 6 hours ago

California's Digital Age Assurance Act, and FOSS(runxiyu.org)

91 points | 70 commentspage 2

shevy-java 5 hours ago|

So how does it apply? Is that the mandatory age verification clause that forces everyone into becoming a data sniffer?

California is kind of strange - on the one hand giving rise to open source; on the other hand being a lobbyist's paradise.

bee_rider 4 hours ago||

IIRC there wasn’t anything about the OS needing to validate the info, just ask for it at setup and provide it when requested. Part of me wonders if this was just an attempt to stake out a position as to what a law of this sort, that still respects privacy, might look like.

I dunno. I don’t love it. But if a dumb age-range flag became “the thing” to check, well, that’s be less invasive than uploading an ID or something.

cvhc 2 hours ago|||

If you actually read this law, it does exactly the opposite to avoid every random app/website from having to do age verification (like traditional age verification laws requires). It requires that only the OS to ask the user's age (not even verify it). Individual apps should use the age buckets signaled by the OS.

I don't even get why people think lobbyists hijack the law. It might be too left/progressive/socialism/or whatever. But, basically, the only major org opponent of this law is Google: https://calmatters.digitaldemocracy.org/bills/ca_202520260ab...

staplers 4 hours ago||

As Disney took open source IP (fairy tales, etc) and pulled the ladder up behind them, so too are tech companies.

hyperion2010 4 hours ago||

Annoyingly? Ironically? The best technical implementation of this law would be to make it possible for the "device owner" to tell the OS to set a flag that the user was under age. Never send the age, never send anything else. Just have a global variable indicating that the user is under age that can be accessed by the browser.

Now what would happen after that?

First oses would have to implement the above in a way that could not be bypassed, pretty much impossible if the child has access to the device.

Then you would need to require that websites honor that token or any similar token no matter how it was implemented ... https MITM etc. good luck with that.

Finally once all the implementation and enforcement hurdles are complete every website out there would immediately know that the user browsing was a child and all the trackers and ad networks on the web would immediately start targeting those users because children are marks.

Now you need even more laws and regulations to protect the children from being targeted by advertising companies, and good luck with enforcing that.

ares623 4 hours ago|

This is what I was hoping for when I read one of the comments. It's okay if the child can technically bypass the flag. That's what the parent is for, to regularly monitor their child's device. But I am a parent with a technical background so this works for me, selfishly, I have no idea how it will work for everyone else.

But once again, I'd like to bring up my preferred solution for this problem. Ban "smartphone" (precise meaning TBD) for minors in public spaces. My belief is that it will disrupt the dopamine hits enough that it doesn't become addicting and kids don't rely on it completely to function socially. And just having it in legislature will serve as a starting point for parents to discuss the topic more openly, which will help with the network effects. Parents don't have second thoughts on why cigarettes or drugs or alcohol is bad for children, they just are, and whole groups of parents can collectively agree that their children and friends of their children should not be using them. I hope to see the same for "smartphones".

dmitrygr 5 hours ago||

"It probably does not apply to you" and "Laws are usually applied as intended" and "You'll probably be ok" is what i keep hearing.

None of that addresses "if you get unlucky and some prosecutor decides to help his career by prosecuting you as an enabler-of-child-inappropriate-whatever-it-is". YOLOing away one's freedom on "probably" seems risky, and there is no reward to be had for doing it.

The only sane solution is to simply add "not for use in california" to all OSs, until California gets its collective head out of its collective rectum.

bluehex 4 hours ago||

"Designed by Apple in California, not for use in California" would be quite the statement.

lokar 4 hours ago|||

FWIW, only the attorney general can bring cases, not district attorneys or individuals.

wtallis 3 hours ago||

And the state AG can only bring a civil case, with fines limited in proportion to the number of actual children affected by the non-compliance.

And for most applications, compliance is as simple as calling the relevant API and throwing away the return value, because most applications aren't doing anything that is already required by law to have age restrictions.

dmitrygr 2 hours ago||

and you are 100% sure none of this will change suddenly, and are willing to bet you have the money to defend yourself in case you are sued wrongly, perhaps, but still need to provide a lawyer to defend yourself, on your own dime? ballsy move.

wtallis 2 hours ago||

> and you are 100% sure none of this will change suddenly

Yeah. We're talking about a law that's still over a year from taking effect. It's not going to be replaced by one having the opposite effects overnight with no warning.

> and are willing to bet you have the money to defend yourself in case you are sued wrongly

Since I don't develop or distribute applications or operating systems that are used by children, let alone software that would be legally required to behave differently when the user is a child, I'm quite confident that any lawsuit targeted at me by the State of California's elected AG would be laughed out of court at the first hearing, and I'd probably have plenty of offers of pro-bono representation. And I wouldn't even need a lawyer to help me ask to see the evidence that a child was affected by the non-compliance of the software I didn't write, and if a court did somehow get convinced, I could survive being fined the maximum fine for negligent violations with respect to at least several children. And I'm not at all concerned about receiving an injunction to not do something I'm already not doing.

Any law could be amended, or abused. Not having a law can make prosecutorial misconduct easier. I don't see anything in this law that seems more ripe for creative misinterpretation and abuse than is typical, and I don't think it likely that a California state court would cooperate with an egregious attempt to abuse this law.

You seem to be having a reaction to this law that would be triggered by being confronted with any law that isn't specified with the precise mathematical rigor necessary to appease a compiler.

IAmGraydon 4 hours ago||

Four of the biggest OSes (iOS, macOS, Android, and Chrome OS) are made in California by the companies who pushed this legislation through. Never going to happen.

Tyrubias 4 hours ago||

The Digital Age Assurance Act is a disaster both in concept and in its statutory language. Its author(s) seem to be entirely unaware of how software is distributed outside of walled gardens like Apple’s ecosystem. If I’m understanding the law correctly, then even software like Homebrew would have to implement some kind of integration with macOS to detect a user’s age. On a naive level, I’m surprised such an obviously flawed bill was passed and signed in California, where there are so many tech companies and lobbyists. The realist in me, however, realizes that tech companies don’t care about the privacy and software supply chain impacts and might even want these impacts to happen as a way of consolidating their control over the market. As an American progressive, it disappoints me that the only thing progressives and conservatives seem to agree is stripping ordinary people of any semblance of anonymity or privacy in the name of “safety”.

drnick1 5 hours ago||

Stallman was, once again, right. We need free software and hardware more than ever because of idiotic laws like this. Because of the decentralized development model, there is no single company or developer that can be unfairly targeted and coerced into adding anti-features such as age verification or encryption backdoors. California can shove its requests where the sun don't shine.

shevy-java 5 hours ago||

It is indeed strange that California suddenly became a lobbyist's paradise. Louis Rossmann doesn't have an infinite number of time available and he is more an East Coast person, even after having left New York, but it would be really interesting to see which lobbyists drafted that law. It will probably be copy/pasted to more states soon.

ux266478 4 hours ago||

I'm almost certain we will live to see "they can't fine all of us" get torn to shreds in real time as government language models patrol the 'net for software projects that lack an age verification call.

Why, we could even see a legal requirement for code repositories to run one themselves, constantly scanning for compliance. That way the compute cost is offloaded properly on the citizenry :)

hiprob 4 hours ago||

When will the AI bubble pop already? Things seem to just get worse

xvector 4 hours ago|

Incredible that California lawmakers choose to deliberately ignore the entire tech industry (that brings California its revenue.)

dismalaf 4 hours ago||

Did they? Or is it regulatory capture? MS is really pushing their online MS account thing, Apple and Google already have online accounts associated with your OS profile. It feels a lot like regulatory capture...

burnt-resistor 4 hours ago||

Sacramento legislature is a "small town", insular, corrupt lobbying crucible that mostly does whatever it wants and whatever people with money and social media followings say.