T
Ted Litchfield
Guest
As reported by Gaming on Linux, a new bill brought before the US House would require operating systems like Windows, Linux, and MacOS to verify users' age for installation and, seemingly, regular use. The "Parents Decide Act" has been referred to the House Committee on Energy and Commerce, and is cosponsored by New Jersey Democrat Josh Gottheimer and New York Republican Elise Stefanik.
The bill would "require any user of the operating system" to enter their date of birth to both "set up an account on the operating system and use the operating system."
OS providers would also have to "develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer." In other words, any program on your PC would have access to the date you entered, which I don't like at all.
The means of age verification and the extent of data required to do so is probably the most critical information here in terms of privacy and data security, but that's being left to the Energy and Commerce Committee to decide after the bill has been passed
It's not exactly clear if the law would simply require us to enter a date—just like how we all say we were born on 1/1/1900 when we want to look at an M-rated game—or if an actual verification step will be required. Some of the language in the bill heavily implies the latter, and, worryingly, that detail is seemingly one of a few that would only be figured out after the bill is passed—if it is passed.
"Not later than 180 days" after enacting the Parents Decide Act, the committee would determine the following:
Now I'm just a simple country games journalist, but this certainly sounds like a vaguely-worded privacy nightmare that would require OSes to not only store sensitive personal information, but share it with whoever—and you'll forgive me for not trusting some hastily drawn-up data protection scheme when these things always seem to fail, whether it's Discord immediately compromising IDs used in its own age verification, or some bush league people finder in Florida losing everyone's Social Security number.
That's not to mention that this bill seems to just assume that all operating systems are of corporate origin—how is an open-source fork of Linux supposed to securely process personal information at installation, startup, and, seemingly, every time it interacts with a third-party application?
The simple answer would seem to be that it's not, and this bill would blithely wipe out an entire mode of personal computing in order to project the appearance that Congress cares about children's wellbeing. A further wrinkle pointed out by PCG US editor-in-chief Tyler Wilde: Would this also require internet access just to use a computer?
OS-level age verification is the latest development in the generalized first world drive to wipe out what little remains of digital privacy in a panicked response to parents letting their children fry their brains on the internet. The government of California has already passed a similar law, and it's driving open source software developers to the brink.
Continue reading...
The bill would "require any user of the operating system" to enter their date of birth to both "set up an account on the operating system and use the operating system."
OS providers would also have to "develop a system to allow an app developer to access any information as is necessary, collected by the operating system to carry out this section and any regulation promulgated under this section, to verify the date of birth of a user of an app of the app developer." In other words, any program on your PC would have access to the date you entered, which I don't like at all.
The means of age verification and the extent of data required to do so is probably the most critical information here in terms of privacy and data security, but that's being left to the Energy and Commerce Committee to decide after the bill has been passed
It's not exactly clear if the law would simply require us to enter a date—just like how we all say we were born on 1/1/1900 when we want to look at an M-rated game—or if an actual verification step will be required. Some of the language in the bill heavily implies the latter, and, worryingly, that detail is seemingly one of a few that would only be figured out after the bill is passed—if it is passed.
"Not later than 180 days" after enacting the Parents Decide Act, the committee would determine the following:
- "How an operating system provider can verify the date of birth of a parent or legal guardian"—or, unmentioned in this entry but implied later, an adult user acting on their own behalf.
- "Data protection standards related to how an operating system provider shall ensure a date of birth collected by the operating system provider from a user, or the parent or legal guardian of the user … is collected in a secure manner to maintain the privacy of the user or the parent or legal guardian of the user; and is not stolen or breached."
- "Ensure an app developer can access information collected by the operating system provider to carry out this section …, to verify the date of birth of a user of an app of the app developer."
Now I'm just a simple country games journalist, but this certainly sounds like a vaguely-worded privacy nightmare that would require OSes to not only store sensitive personal information, but share it with whoever—and you'll forgive me for not trusting some hastily drawn-up data protection scheme when these things always seem to fail, whether it's Discord immediately compromising IDs used in its own age verification, or some bush league people finder in Florida losing everyone's Social Security number.
That's not to mention that this bill seems to just assume that all operating systems are of corporate origin—how is an open-source fork of Linux supposed to securely process personal information at installation, startup, and, seemingly, every time it interacts with a third-party application?
The simple answer would seem to be that it's not, and this bill would blithely wipe out an entire mode of personal computing in order to project the appearance that Congress cares about children's wellbeing. A further wrinkle pointed out by PCG US editor-in-chief Tyler Wilde: Would this also require internet access just to use a computer?
OS-level age verification is the latest development in the generalized first world drive to wipe out what little remains of digital privacy in a panicked response to parents letting their children fry their brains on the internet. The government of California has already passed a similar law, and it's driving open source software developers to the brink.
Continue reading...