The California Age-Appropriate Design Code Act is sailing through the legislative process and it’s worrying Mike Masnick of Techdirt.
Last year, the Canadian government was conducting what I coined a “fraudsultation” – a fake consultation about their online harms proposal where the outcome was predetermined by the government and any semblance of a consultation was thrown out the window and replaced with a demand that the public agrees with everything the government wants to do. In the process, I posted, out of protest, my response to it all knowing my response would get flat out ignored anyway.
In the process of it all, I was seeing my digital life flashing before my eyes. Here we have an impossible to comply with law being proposed that could very easily see me shutting down my website or risk getting fined millions because I stepped away from the computer for more than 24 hours. Along the way, I was thinking and thinking again how the heck I can work around this law and allow Freezenet to survive. Is there something cute I could do to allow me to retain my journalistic freedom and freedom of expression?
Do you know what one of the crazy as heck ideas I came up with in the background? Selling Freezenet to Mike Masnick of Techdirt so he (or someone else on his team that can be trusted) could play “host” while I continue building up the website via a VPN (because my site would inevitably get blocked by government censors in that scenario). I never approached Masnick of Techdirt about this simply because we aren’t exactly there yet in terms of desperately seeking a solution. We are heading in that direction, but we aren’t there yet. No, that wasn’t the only solution I had come up with, but it was an option I did come up with. It’s a viable option because the domain name registrar and the hosting company are both located in the US already.
Now imagine my surprise when it turns out that Masnick is dealing with a disturbingly similar situation. California is moving forward a piece of legislation known as the California Age-Appropriate Design Code Act. Like the online harms proposal of last year, Masnick is baffled as to how his site can even comply with it. From Techdirt:
The bill is a “for the children” bill in that it has lots of language in there claiming that this is about protecting children from nefarious online services that create “harm.” But, as Goldman makes clear, the bill targets everyone, not just children, because it has ridiculously broad definitions.
We already have a federal law that seeks to protect children’s data online, the Children’s Online Privacy Protection Act (COPPA). It has serious problems, but this bill doesn’t fix any of those problems, it treats those problems as features and expands on them massively. COPPA — sensibly — applies to sites that are targeted towards those under 13. This has had some problematic side effects, including that every major site restricts the age of their users to over 13. And that’s even though many of those sites are useful for people under the age of 13 — and the way everyone deals with this is by signing up their children for these services and lying about their age. Literally a huge impact of COPPA is teaching children to lie. Great stuff.
But 2273 doesn’t limit its impact to sites targeting those under 13. It targets any business with an online service “likely to be accessed by children” who are defined by “a consumer or consumers who are under 18 years of age.” I’m curious if that means someone who is not buying (i.e., “consuming”) anything doesn’t count? Most likely it will mean consuming as in “accessing / using the service.” And that’s… ridiculous.
Because EVERY service is likely to have at least someone under the age of 18 visit it.
Let’s use Techdirt as an example. We’re not targeting kids, but I’m going to assume that some of you who visit the site are under the age of 18. Over the years, I’ve had quite a few high school students reach out to me about what I’ve written — usually based on their interest in internet rights. And that should be a good thing. I think it’s great when high schoolers take an active interest in civil liberties and the impacts of innovation — but now that’s a liability for me. We’re not targeting kids, but some may read the site. My kids might read the site because they’re interested in what their father does. Also, hell, the idea that all kids under 18 are the same and need the same level of protection is ludicrous. High schoolers should be able to read my site without difficulty, but I really don’t think elementary school kids are checking in on the latest tech policy fights or legal disputes.
Given that, it seems that, technically, Techdirt is under the auspices of this law and is now required to take all sorts of ridiculous steps to “protect” the children (though, not to actually protect anyone). After all, it is “reasonable” for me to expect that the site would be accessed by some people under the age of 18.
According to the law, I need to “estimate the age of child users with a reasonable level of certainty.” How? Am I really going to have to start age verifying every visitor to the site? It seems like I risk serious liability in not doing so. And then what? Now California has just created a fucking privacy nightmare for me. I don’t want to find out how old all of you are and then track that data. We try to collect as little data about all of you as possible, but under the law that puts me at risk.
Yes, incredibly, a bill that claims to be about protecting data, effectively demands that I collect way more personal data than I ever want to collect. And what if my age verification process is wrong? I can’t afford anything fancy. Does that violate the law? Dunno. Won’t be much fun to find out, though.
I apparently need to rewrite all of our terms, privacy policy, and community standards in “clear language suited for children.” Why? Do I need to hire a lawyer to rewrite our terms to then… run them by my children to see if they understand them? Really? Who does that help exactly (beyond the lawyers)?
But then there’s the main part of the law — the “Data Protection Impact Assessment.” This applies to every new feature. Before we can launch it, because it might be accessed by children, we need to create such a “DPIA” for every feature on the site. Our comment system? DPIA. Our comment voting? DPIA. Our comment promotion? DPIA. The ability to listen to our podcast? DPIA. The ability to share our posts? DPIA. The ability to join our insider chat? DPIA. The ability to buy a t-shirt? DPIA. The ability to post our stories to Reddit, Twitter, Facebook, or LinkedIn? DPIA (for each of those, or can we combine them? I dunno). Our feature that recommends similar articles? DPIA. Search? DPIA. Subscribe to RSS? DPIA. DPIA. DPIA DPIA. Also, every two years we have to review all DPIAs.
Fuck it. No more Techdirt posts. I’m going to be spending all my time writing DPIAs.
Here’s the thing that’s particularly stupid about all of this. The underlying premise of the bill is completely disconnected from reality. It’s premised on the idea that most websites don’t have any incentive to be careful with children. Are there some egregious websites out there? Sure. So write a fucking bill that targets them. Not one that wraps in everyone and demands impossible-to-comply with busy work. Or, JUST USE THE AUTHORITIES THAT ALREADY EXIST. COPPA exists. The California AG already has broad powers to protect California consumers. Use them!
It reminds me of a time back in the mid 2000’s when someone was freaking out about new copyright laws that were overbroad and ridiculous. I didn’t have an answer at the time and I responded, “You know, I normally don’t recommend something like this, but have you considered moving?” I’m honestly getting flashbacks to what a lot of people thought was a hilarious response. At the same time, I can feel my heart sinking reading this because the situation is apparently not any better over in California in terms of internet breaking legislation. It’s just wrapped in a different flavour of badness.
There is one critical difference between Masnick’s situation and my own. For me, a self-inflicted election held things up and the online harms proposal is still in the background. For Masnick, it sounds like the legislation is just sailing through the legislative process with virtually nothing slowing it down. If Masnick’s assessment is accurate, then it sounds like California is more or less speedrunning the whole process of basically either driving every website out of the state or forcing them to shut down.
If the level of seriousness is as severe as I am reading into this, if I were in Masnick’s situation, I’d probably be doing what I was doing last year and seeing my whole internet career flashing before my eyes. There is a certain level of astonishment when a career you had for such a large portion of your life is suddenly potentially being taken away from you. The question of “what the heck am I going to do with my life after this?” is one of many questions that would be running through my head.
It’s unclear if Masnick would consider shutting down Techdirt should this law pass in its current form, still the comment that the law is impossible to comply with kind of hints at that. It’s either that or consider something drastic to keep the lights on. What sucks in all of this is seeing someone in a completely different legal jurisdiction having to put up with the same stress as we are with the prospect that, sometime soon, an overly broad law could see the shutdown of their site. It’s probably the same kind of stress working for a company that seems to be on the verge of going bankrupt. The only question is when it’s all going to happen. Here’s hoping that doesn’t actually happen to Techdirt.
Drew Wilson on Twitter: @icecube85 and Facebook.