Tag: digital id

US Bill Mandates On-Device Age Verification

A bill introduced by Representative Josh Gottheimer in the House on April 13 would require Apple, Google, and every other operating system vendor to verify the age of anyone setting up a new device in the United States.

The legislation, H.R. 8250, travels under the friendlier name of the Parents Decide Act, and it is among the most aggressive surveillance mandates ever proposed for American consumer technology.

We obtained a copy of the bill for you here.

The press releases describing it lead with children. The text describes something much larger. To confirm a child is under 18, the system has to identify everyone else, too, and the bill builds the infrastructure to do exactly that.

This is child safety as a delivery mechanism for mass identification. The pattern is familiar by now. A genuine harm gets named, a sympathetic victim gets centered, and the solution proposed reshapes the digital lives of three hundred million people who were not the problem.

The Parents Decide Act follows that template with unusual precision. It takes the real suffering of real children and uses it to justify building a national identity layer underneath every device sold in the country, administered by two private companies, with the details to be filled in later.

The mandate sits in Section 2(a)(1), which obligates providers to “Require any user of the operating system to provide the date of birth of the user” both to set up an account and to use the device at all. Adults included.

There is no carve-out for grown users, no opt-out for people who simply want to turn on a phone without handing a date of birth to Apple or Google first.

The age check is the entry fee for owning a computer. What happens to that data afterward gets handed off to the Federal Trade Commission to sort out later. A federal bill that mandates identification as a condition of using a general-purpose computing device represents something the United States has not previously had, which is a national ID requirement for turning on a device.

Gottheimer framed the proposal at a Ridgewood news conference on April 2, standing outside the local YMCA with a coalition of allies. “With each passing day, the internet is becoming more and more treacherous for our kids. We’re not just talking about social media anymore — we’re talking about artificial intelligence and platforms that are shaping how our kids think, feel, and act, often without any real guardrails,” he said.

His diagnosis of the current system is accurate enough. “Children are able to bypass age requirements by entering a different birthday and accessing apps without any real verification. Kids can bypass age requirements by simply typing in a different birthday. That’s it. That’s the system,” he said.

Keep reading

Brussels’ New Age Verification App: Hacked in Two Minutes

The European Union’s age verification app arrived on Wednesday with a promise that it was “technically ready” for deployment across the bloc. Within hours, security researchers had torn it apart.

Commission President Ursula von der Leyen presented the tool in Brussels as the answer to a continent-wide push to keep minors off social media and adult websites. “It is fully open source. Everyone can check the code,” von der Leyen said. Researchers took her at her word. What they found has turned the launch into exactly the kind of security embarrassment that should make anyone think twice about digital identity systems.

Security consultant Paul Moore published a widely shared post on X documenting what he discovered after examining the GitHub repository. The app stores sensitive data on users’ phones and leaves it unprotected. Moore claimed he hacked it in under two minutes.

Brussels is standing by its product. “Yes, it is ready. Maybe we can add, ‘and it can always be improved’,” Chief Spokesperson Paula Pinho told reporters Friday. Digital spokesperson Thomas Regnier added a revealing clarification. “Now, when we say it’s a final version, it’s … still a demo version.” He said the final product is not yet available for citizens and “the code will be constantly updated and improved … I cannot today exclude or prejudge if further updates will be required or not.”

Moore led the technical takedown on X, describing the app’s architecture as broken at the foundation. The encrypted PIN the app stores locally, according to Moore, has no cryptographic link to the identity vault holding the actual verification data.

That gap enables a bypass that requires no exploit code or specialized tools. Delete a few specific values from the app’s configuration files, restart the app, set a new PIN, and the software happily hands over access to credentials that belong to the previous profile. Identity data gets reused under whatever access control the attacker defines.

The weaknesses deepen from there. Rate limiting, the standard defense against someone trying PIN after PIN until one works, lives in the same editable configuration file as a plain counter. Set it to zero and the app forgets every failed attempt.

Keep reading

US Bill Mandates On-Device Age Verification

A bill introduced by Representative Josh Gottheimer in the House on April 13 would require Apple, Google, and every other operating system vendor to verify the age of anyone setting up a new device in the United States.

The legislation, H.R. 8250, travels under the friendlier name of the Parents Decide Act, and it is among the most aggressive surveillance mandates ever proposed for American consumer technology.

We obtained a copy of the bill for you here.

The press releases describing it lead with children. The text describes something much larger. To confirm a child is under 18, the system has to identify everyone else, too, and the bill builds the infrastructure to do exactly that.

This is child safety as a delivery mechanism for mass identification. The pattern is familiar by now. A genuine harm gets named, a sympathetic victim gets centered, and the solution proposed reshapes the digital lives of three hundred million people who were not the problem.

The Parents Decide Act follows that template with unusual precision. It takes the real suffering of real children and uses it to justify building a national identity layer underneath every device sold in the country, administered by two private companies, with the details to be filled in later.

The mandate sits in Section 2(a)(1), which obligates providers to “Require any user of the operating system to provide the date of birth of the user” both to set up an account and to use the device at all. Adults included.

There is no carve-out for grown users, no opt-out for people who simply want to turn on a phone without handing a date of birth to Apple or Google first.

The age check is the entry fee for owning a computer. What happens to that data afterward gets handed off to the Federal Trade Commission to sort out later. A federal bill that mandates identification as a condition of using a general-purpose computing device represents something the United States has not previously had, which is a national ID requirement for turning on a device.

Keep reading

Turkey To Require National ID for Social Media Accounts

Every social media account in Turkey is about to be tied to a government-issued identity number. Justice Minister Akın Gürlek announced on April 3 that global platforms have agreed to the system and that a three-month transition begins once legislation passes parliament. Accounts that remain unverified get shut down.

“Social media will now be accessed with real information and personal identity. We have reached an agreement with social media platforms,” Gürlek said. He didn’t name which companies signed on.

The plan requires users to submit their TC Kimlik number, the unique 11-digit identifier assigned to every Turkish citizen from birth, linked to government databases containing names, birth dates, family records, and biometric data. Gürlek framed anonymous accounts as engines of disinformation and harassment. “If someone insults others or carries out a smear campaign online, they must face the consequences,” he said.

The official justification doesn’t survive contact with Turkey’s own record. Cybersecurity specialists have pointed out that IP addresses and internet access logs already let authorities trace anonymous users. The government doesn’t need your national ID on every post. It needs you to know it’s there.

Keep reading

Idaho Bans Mandatory Digital ID With New Privacy Law

Idaho just became one of the few states to draw a line against mandatory digital identification. Governor Brad Little signed Senate Bill 1299 on April 1, 2026, and the new law does something genuinely unusual in American state politics right now: it pushes back against digital ID rather than pushing it forward.

We obtained a copy of the bill for you here.

The bill creates Section 67-2364 of the Idaho Code, prohibiting government entities from requiring “any person to obtain, maintain, present, or use digital identification.”

Approximately three-quarters of US states are currently offering or developing electronic driver’s licenses. The national momentum is clearly toward digital ID systems, with states like Arkansas, Texas, Georgia, and Utah all advancing their own versions in 2025 alone. Idaho is swimming against that current.

The bill, introduced by Senator Tammy Nichols, goes further than a simple opt-out. It prohibits public entities from denying, delaying, conditioning, or reducing “any service, benefit, license, employment, education, or access based on a person’s refusal or inability to use digital identification.”

That second clause, “or inability,” protects people who can’t use digital ID, not just those who won’t. Anyone without a smartphone, without reliable internet, without the technical literacy to navigate a digital wallet, keeps full access to government services. Physical, non-digital identification remains “valid for all governmental purposes” under the law.

The bill also addresses what happens when someone voluntarily shows a digital ID during a government interaction. A government entity cannot “require a person to surrender, unlock, or relinquish control of a personal electronic device for identity verification.” Handing your phone to a police officer or a clerk at the DMV is not the same as handing them a laminated card.

A phone contains your messages, your photos, your browsing history, and your location data. Presenting a digital ID “shall not constitute consent to search or access any other contents of a device.”

That’s a Fourth Amendment protection written directly into a state statute.

Keep reading

Massachusetts House Passes Social Media Age Verification Digital ID Bill

Massachusetts just voted to force every social media user in the state to prove their age to a tech company. 

The bill passed the House 129-25 on Wednesday, banning children under 14 from social media entirely, requiring parental consent for 14- and 15-year-olds, and mandating that platforms build age verification systems to enforce all of it. If it becomes law, the policy takes effect on October 1.

We obtained a copy of the bill for you here.

House Speaker Ron Mariano and Ways and Means Chair Aaron Michlewitz framed the legislation as protection. “This ban would be among the most restrictive in the entire country, helping to protect young people from harmful content and addictive algorithms that have a proven negative impact on their mental health,” they said in a joint statement. 

They also described the broader goal: “The simple reality is that Massachusetts must do more to ensure that our laws keep pace with modern challenges – especially when it comes to protecting our children, and to setting students up for success in the classroom and beyond.”

The bill doesn’t say how companies should verify ages. It leaves that to Attorney General Andrea Campbell, who would have until September 1 to write the implementing regulations. 

That vagueness is deliberate, according to Michlewitz, who said it gives the AG flexibility in a changing industry. 

But the practical reality of age verification is that someone has to prove who they are. 

That means government IDs, facial scans, or behavioral tracking, and those requirements don’t just apply to kids. Every user on the platform has to go through the system, because you can’t filter minors without checking adults, too.

Keep reading

Meta To Comply With Florida Age Verification Digital ID Law

Meta agreed to comply with Florida’s age verification law, HB 3, and will begin purging accounts belonging to children under 14 starting in May. 

The company’s capitulation comes ahead of an April 8 deadline set by Florida Attorney General James Uthmeier, who threatened litigation against any platform still refusing to verify the ages and identities of its users. Uthmeier is now pressuring Snapchat, Roblox, Discord, and TikTok to do the same.

What Florida calls child protection is also the construction of a statewide identity verification system for the internet. Meta is one of the biggest companies lobbying for age verification checks on the app store level.

HB 3 bans under-14s from social media entirely and requires parental consent for 14- and 15-year-olds. But to block minors, platforms first need to determine who is and isn’t a minor. That means age-checking everyone, adults included. The surveillance burden falls on millions of people who have every legal right to use these services without proving who they are.

Keep reading

Zorin OS Says No to Mandatory Age Verification in Linux

Zorin OS has entered the broader Linux debate on age verification laws. Co-founder Artyom Zorin stated on the Zorin Forum that the distribution will not introduce mandatory age or ID checks. He emphasized that privacy and security are core values for the project and confirmed the team is monitoring new OS-level laws that may impact Linux distributions.

Zorin’s response clarifies that the project will not independently add mandatory age or identity verification. However, it notes that not all current proposals are equally invasive.

Regarding California’s law, Zorin OS states that the requirement resembles age attestation rather than strict identity verification. Users would self-declare their age or date of birth during account creation, and apps would only receive a general age bracket, such as under 13, 13 to 15, 16 to 17, or 18 or older.

Zorin also notes that, based on its interpretation of the law, users would not need to upload photo ID, submit face scans, or share raw birth-date data with apps or government entities.

However, the project does not endorse this approach. Zorin describes California’s model as less invasive but warns it could set a concerning precedent. The statement notes that some proposals in other jurisdictions are more intrusive and raise greater privacy concerns.

That is where Zorin draws its clearest line. The project states that laws requiring full age verification through personal documents or face scans would significantly invade user privacy. If such rules were enforced, Zorin might withdraw from affected jurisdictions rather than implement them.

Keep reading

Apple Expands Age Verification to Singapore & South Korea

Apple’s identity verification demands are spreading across Asia. Starting in late March, the company expanded age verification requirements in both Singapore and South Korea, adding these countries to a growing list alongside the UK, where users must prove they’re adults before Apple lets them fully use their own devices.

Singapore has been partially locked down since February 24, when Apple began blocking downloads of apps rated 18+ unless users confirmed they were adults.

That initial wave also hit Australia and Brazil. But the late March update goes further, bringing Singapore’s requirements closer to the UK model. Apple now requires Singaporean users to confirm they’re 18 or older to download or purchase 18+ apps, using a credit card, a driving license, a National Registration Identity Card, or a Foreign Identification Number card. Passports, debit cards, and gift cards aren’t accepted.

That list of acceptable documents tells you something about Apple’s priorities. Passports are internationally recognized government IDs, but they don’t work here. Debit cards, which millions of adults use as their primary payment method, are also excluded because minors can technically hold them.

Keep reading

New Company Hopes to Build Age-Verification Tech into Vape Cartridges 

Their goal is to use biometric data and blockchain to build age-verification measures directly into disposable vape cartridges.

Wired reports on a partnership between vape/cartridge manufacturer Ispire Technology and regulatory consulting company Chemular (which specializes in the nicotine market) — which they’ve named “Ike Tech”:[Using blockchain-based security, the e-cig cartridge] would use a camera to scan some form of ID and then also take a video of the user’s face. Once it verifies your identity and determines you’re old enough to vape, it translates that information into anonymized tokens. That info goes to an identity service like ID.me or Clear. If approved, it bounces back to the app, which then uses a Bluetooth signal to give the vape the OK to turn on.

“Everything is tokenized,” [says Ispire CEO Michael Wang]. “As a result of this process, we don’t communicate consumer personal private information.” He says the process takes about a minute and a half… After that onetime check, the Bluetooth connection on the phone will recognize when the vape cartridge is nearby and keep it unlocked. Move the vape too far away from the phone, and it shuts off again. Based on testing, the companies behind Ike Tech claim this process has a 100 percent success rate in age verification, more or less calling the tech infallible. “The FDA told us it’s the holy grail technology they were looking for,” Wang says. “That’s word-for-word what they said when we met with them….”

Wang says the goal is to implement additional features in the verification process, like geo-fencing, which would force the vape to shut off while near a school or on an airplane. In the future, the plan is to license this biometric verification tech to other e-cig companies. The tech may also grow to include fingerprint readers and expand to other product categories; Wang suggests guns, which have a long history of age-verification features not quite working.

Keep reading