Tag: digital id

Florida Sues TikTok Over Age Verification Failures as Digital ID Mandate Takes Effect

Florida wants every social media user in the state to prove how old they are. The method is up to the platforms and the options include government ID uploads, biometric face scans, payment credentials, and behavioral profiling. Now the state is suing TikTok for not doing it fast enough.

Attorney General James Uthmeier filed a 66-page complaint Monday in St. Lucie County Circuit Court, accusing TikTok of letting children under 14 create accounts, skipping parental consent for 14- and 15-year-olds, and lying to parents about what their kids actually see on the app.

The lawsuit names TikTok Inc., its parent company ByteDance and several related entities. It’s the first enforcement action under House Bill 3, Florida’s Online Protections for Minors Act, which took effect January 1, 2025 after spending two years tangled in court challenges.

We obtained a copy of the lawsuit for you here

HB 3 bans social media platforms with addictive design features from contracting with children 13 and younger and requires parental consent before 14- and 15-year-olds can open accounts.

Violations carry fines of $50,000 each. But to block minors, platforms first have to figure out who is and isn’t a minor, which means age-checking every user, adults included.

Florida is building an identity verification regime for the internet under the banner of protecting kids and the surveillance costs of that project land on millions of people who have done nothing wrong.

Keep reading

The White House’s AI Deal: Kill State Laws, Demand Your ID

The White House is dangling something the technology industry has wanted for years: a federal block on state AI laws and the price is a national age verification push that chips away at anonymous internet use.

The administration is negotiating a federal preemption of state AI laws in exchange for its support of key tech policy priorities from the Hill, according to Axios, and the bills it would back include the Kids Online Safety Act, the NO FAKES Act, and age verification requirements.

Sen. Marsha Blackburn (R-Tenn.) is steering the talks. “Senator Blackburn is spearheading the negotiation with the White House to finalize legislative text of an AI preemption package that includes protections for kids, creators, and communities through the Senate version of KOSA, the NO FAKES Act, and age verification requirements,” a Blackburn spokesperson said.

The administration kept its own language vague. “The White House continues to proactively engage across government and industry,” a White House official said.

Strip away the framing and the age verification piece asks something concrete of you. To prove you are old enough, you upload a government ID, submit to a face scan, or let a service study your behavior closely enough to guess your age. None of those confirms age and nothing else. They confirm identity and they leave a record that outlives the check.

The internet that once let you be a username starts to demand your legal name, your face, or your documents.

The bigger trade sits underneath the child-safety language. States have been writing their own AI rules, some addressing how companies collect biometric data and automate decisions about residents.

Preemption would freeze that, removing one of the few places people have to push back on how these systems handle their data.

The maneuvering also signals which bill is fading. A bipartisan proposal from Reps. Jay Obernolte (R-Calif.) and Lori Trahan (D-Mass.) isn’t the likely vehicle for AI policy in this Congress. That bill would preempt state AI laws for three years and require certain developers to address risks before releasing models.

Keep reading

UK Government Plots Digital ID Lockdown On Every Phone In Lockstep With Big Tech

The Labour government in Britain is accelerating its assault on digital privacy under the well-worn banner of child protection. Fresh plans leaked to the press reveal ministers intend to compel Apple, Google and other tech firms to restrict smartphones so thoroughly that a digital ID will be needed to use them with unfettered access.

The mechanism comes in the form of expanded age verification that effectively demands digital identification for device setup and use. What is sold as safeguarding the young is shaping up as a backdoor mandate for every adult in Britain to submit ID just to operate a phone or go online.

This development lands alongside Google’s confirmation that it will soon bring digital IDs to Android devices in the UK via Google Wallet. Users will record a short video selfie and scan a government-issued ID to add a digital version of their passport or other documents.

Keep reading

Florida vs. OpenAI: The Fight to ID Every ChatGPT User

Florida wants a court to force OpenAI to verify how old you are before ChatGPT will talk to you freely and the demand reaches far past the children the state says it wants to protect.

Attorney General James Uthmeier filed a civil suit on Monday against OpenAI and chief executive Sam Altman, calling it the first state-led case of its kind.

We obtained a copy of the lawsuit for you here.

Most of the coverage has gone to the alleged harms. The complaint accuses the company of feeding content unsuitable for children to minors and states that “vulnerable people have been encouraged into suicide.”

Uthmeier told reporters, “If this was a human being on the other side of the screen, we would be charging them with accessory to commit murder.” Those are heavy charges and a court will weigh them.

The part that touches everyone who opens ChatGPT is the remedy Florida is chasing. The state complains that the free product has “no gatekeeping or age verification mechanism,” and it claims the paid subscription has “no mechanism to verify the age of its users.” It wants a judge to close that gap by ordering verification into place.

There is a problem with the second claim. OpenAI announced its age estimation plans back in September and it began rolling out age prediction across consumer plans in January.

The system already runs as a form of mass surveillance. It works by watching how you behave, studying how long your account has existed, when you tend to log in, and how you use the product, then guessing whether you are under 18.

Anyone the model flags as a minor who is actually an adult has to prove it by handing a selfie or a government ID to a third-party firm called Persona.

So the supposed absence of verification is a verification system that runs on behavioral profiling backed by face scans and identity documents.

That changes what the lawsuit is actually pushing for. Age verification cannot work without identity verification.

To confirm you are not a child, a company has to learn enough about you to rule it out. That means collecting your government ID, scanning your face, or building a profile detailed enough to estimate your age from how you type and when you log in.

There is no version of “prove you are an adult” that does not involve handing over something you would otherwise keep to yourself.

Keep reading

Minnesota Law Requires Platforms to Monitor and Age-Estimate All Users

Governor Tim Walz signed House File 4138 on Tuesday, turning Minnesota into the latest state to demand that social media platforms profile every user who logs on.

The law, which takes effect in July 2027, forces platforms with at least 10,000 account holders or $1 billion in annual revenue to estimate the age of all Minnesota users, obtain parental consent before anyone under 16 can hold an account, and disable a list of features the legislature has labeled “addictive.” It passed the state House 132-2 and the Senate 66-0.

We obtained a copy of the bill for you here.

The bipartisan consensus is remarkable given what the bill actually requires. Buried beneath the child protection language is a surveillance apparatus that applies to every user, not just minors.

When you create an account on a covered platform, the law demands you declare your month and year of birth. That’s just the beginning. Once you’ve spent 25 hours on the platform within six months, the company has 14 days to estimate your age using “reasonable efforts, taking into consideration available technology and the data in the possession of the covered social media platform.”

If the platform can’t reach 80% confidence that you’re 16 or older, you get classified as a child and locked into restricted mode.

Hit 50 hours, and the confidence threshold rises to 90%. Still not verified? The age estimation repeats every six months for the first seven years your account exists, or more often if the platform runs any demographic analytics on your profile.

That means platforms are legally required to continuously analyze how you behave, what content you engage with, and who you communicate with for the better part of a decade. The law creates an obligation to surveil that didn’t exist before.

The mechanisms available for “verifiable parental consent” come from the COPPA 1.0 framework which speaks volumes about the privacy costs this law is willing to impose.

Parents can sign a consent form, hand over credit card information, submit a copy of a government-issued ID alongside a face scan, or verify their identity through video conferencing.

Keep reading

Texas Sues Discord, Seeks Mandatory Age Verification

Texas Attorney General Ken Paxton sued Discord on Friday. The lawsuit alleges the platform enabled child predators, deceived parents, and violated the state’s Deceptive Trade Practices Act.

But the remedy Texas is asking the court to impose goes far beyond fixing Discord’s broken safety systems. Paxton wants a judge to order mandatory age verification for every user on the platform under the Securing Children Online through Parental Empowerment Act, Texas’ SCOPE law.

That means before you can type a message, join a server, or talk to anyone on Discord, you would need to prove your identity to the state’s satisfaction. Government ID uploads. Biometric face scans. Third-party verification services that cross-reference your private records.

The SCOPE Act doesn’t specify which method, just that the platform must use a “commercially reasonable” one. All of that requires surrendering personal data that goes well beyond confirming you’re over 18.

This is the pattern now. Age verification laws are the vehicle through which governments are dismantling anonymous access to the internet and they’re doing it one platform at a time, one state at a time, always framed as protecting children.

More than 25 US states now require age checks to access some form of online content. The Supreme Court upheld Texas’s age verification law for adult websites last year.

The EU is rolling out its Digital Identity Wallet by the end of 2026. Australia banned under-16s from social media entirely. Discord is just the latest target.

“Discord has allowed and invited all kinds of nihilistic violence and evil,” Paxton said. “We live in a time where the dangers children face online have never been greater, and every parent in Texas deserves to know their child is protected.”

Paxton filed the lawsuit in Collin County state district court, part of a burst of tech company litigation from his office ahead of his US Senate GOP runoff against John Cornyn, which he won yesterday.

We obtained a copy of the lawsuit for you here.

Earlier this year and last, his office has gone after Snapchat, TikTok, and Roblox on similar grounds. Texas joins Nevada, Indiana, and New Jersey in suing Discord specifically, with Florida investigating separately.

Keep reading

California’s New Age-Verification Bill Frees Linux But Expands Age Tracking to the Open Web

California Assembly Bill 1856 is getting friendly press coverage because it now exempts Linux from the state’s age-tracking mandate. The part nobody’s talking about is that it simultaneously expands the surveillance to your web browser.

AB 1856, authored by the same lawmaker who wrote the original Digital Age Assurance Act, amends the law to exclude open-source operating systems from its definition of “operating system provider.”

Any software distributed under a license that lets users “copy, redistribute, and modify the software” would no longer be covered. Debian, Ubuntu, Fedora, Arch Linux, and Mint all walk free. That sounds like a win and tech outlets are reporting it as one. It’s also a distraction from what the bill adds.

The original law, AB 1043, required operating systems to harvest users’ ages during device setup and feed that data to app stores and app developers through a real-time API.

AB 1856 keeps all of that and extends the data pipeline to browser providers and website operators. Browsers would now be required to collect age signal data from the OS and pass it along to any website subject to online age verification laws.

We obtained a copy of the amended bill for you here.

Those websites, in turn, would have to request the age signal when you visit them. Your age bracket, declared once during OS setup, would follow you from app to app and now from site to site, broadcast to every developer and website operator who asks.

This is how a law originally limited to apps and app stores becomes an age-tracking system for the entire internet.

The Expanding Universe of “Covered” Websites

The category of websites subject to age verification laws started narrow as the earliest mandates targeted pornography sites. It has since expanded to social media platforms and a growing list of sites legislators consider likely to “harm” children in loosely defined ways. That list keeps getting longer and AB 1856 doesn’t define its own boundary. It piggybacks on whatever other laws exist, meaning every future expansion of age verification requirements automatically expands the reach of AB 1856’s browser-based data pipeline, too.

California has actually built an age-tracking infrastructure that scales itself.

Keep reading

Massachusetts House Passes Social Media Age Verification Digital ID Bill

Massachusetts just voted to force every social media user in the state to prove their age to a tech company. 

The bill passed the House 129-25 on Wednesday, banning children under 14 from social media entirely, requiring parental consent for 14- and 15-year-olds, and mandating that platforms build age verification systems to enforce all of it. If it becomes law, the policy takes effect on October 1.

We obtained a copy of the bill for you here.

House Speaker Ron Mariano and Ways and Means Chair Aaron Michlewitz framed the legislation as protection. “This ban would be among the most restrictive in the entire country, helping to protect young people from harmful content and addictive algorithms that have a proven negative impact on their mental health,” they said in a joint statement. 

They also described the broader goal: “The simple reality is that Massachusetts must do more to ensure that our laws keep pace with modern challenges – especially when it comes to protecting our children, and to setting students up for success in the classroom and beyond.”

The bill doesn’t say how companies should verify ages. It leaves that to Attorney General Andrea Campbell, who would have until September 1 to write the implementing regulations. 

That vagueness is deliberate, according to Michlewitz, who said it gives the AG flexibility in a changing industry. 

But the practical reality of age verification is that someone has to prove who they are. 

That means government IDs, facial scans, or behavioral tracking, and those requirements don’t just apply to kids. Every user on the platform has to go through the system, because you can’t filter minors without checking adults, too.

Keep reading

Big Tech Backs Colorado OS-Level Age Data Bill

Chamber of Progress, a lobbying group bankrolled by Amazon, Apple, Google, Meta, and OpenAI, is pushing Colorado Governor Jared Polis to sign SB 26-051 into law.

The bill would force operating system providers to harvest users’ dates of birth and pipe that data to app developers through an API every time you download or open an app. If Polis signs it, your phone’s operating system becomes more of an identity checkpoint, not just for children, but for everyone.

The bill landed on the Governor’s desk on May 12 after clearing both chambers of the Colorado legislature, passing the House 40-23 and the Senate 26-9.

We obtained a copy of the latest version of the bill for you here.

Sponsored by Democratic Senator Matt Ball and Representative Amy Paschal, the legislation mirrors California’s AB 1043, signed into law in October 2025. Colorado’s version would start applying to new users on July 1, 2028, with existing users folded in by January 1, 2029.

When you set up a device account, the OS asks for a date of birth. That data gets translated into one of four age brackets (under 13, 13 to 15, 16 to 17, and 18-plus) and stored as an “age signal.”

Developers are required to request that signal at first launch or account creation through a real-time API. Every app you open gets to ask your operating system how old you are.

Chamber of Progress told Colorado lawmakers that the bill “reflects an important effort to protect children online while minimizing risks to privacy and lawful speech.”

That framing collapses under the weight of what the bill constructs. It calls age-bracket data “nonpersonally identifiable,” but an age bracket combined with a device ID, app usage patterns and an IP address makes re-identification trivial. When that signal flows to dozens of apps at launch, the aggregate profile becomes far richer than any single data point suggests.

The bill also makes anonymous device use functionally harder. If account setup requires an age attestation that follows you into every app, you lose the ability to use the software without disclosing something about your identity. That has consequences for journalists, activists, domestic violence survivors, and anyone who treats privacy as a default.

The bill never specifies how age data is verified. Account holders just “indicate” a birth date. It may not have an ID check or a biometric scan, at least for now. But a 12-year-old can type in 1988 and the system accepts it.

As a mechanism for protecting children, this is useless, and everyone involved in writing it knows that. What it does accomplish is something else entirely. It builds the architecture: the API, the data pipeline, the legal obligation for developers to query an age signal at every app launch. Once that plumbing exists, the only question left is what gets poured through it.

Keep reading

Amid UK Turmoil, Push For Digital ID and Cellphone Surveillance Continues

The floundering left-wing Labour Party government in Britain appears intent on imposing as much authoritarianism as possible on the public while it still remains in power, with Prime Minister Sir Keir Starmer using the King’s Speech on Wednesday to confirm plans to introduce a Digital ID system while plans for deep surveillance of private digital devices are revealed.

When in doubt, break glass for more Blairism appears to be the order of the day. Fighting for his political life following a disastrous performance in last week’s local elections, Prime Minister Starmer has not only turned to major figures from the previous Labour government, tapping Blairite veterans former PM Gordon Brown and Deputy leader Harriet Harman to come on board as advisors, he now seems intent on fulfilling his predecessor’s unfulfilled aims, introducing a Digital ID.

Although the Brown government began to introduce such a system, it was eventually scrapped following the 2010 general election, which the Conservative Party made a referendum on the idea. While long classified as fundamentally un-British — with the UK abandoning national identity cards following the Second World War in contrast to many other European nations — the project of a Digital ID has remained a key goal of the scheme’s architect, Former PM Tony Blair, who remains a key power broker in the background of the Labour Party.

On Wednesday, amid ongoing rumours of potential leadership challenges, Starmer’s government outlined its plans for the upcoming parliament in the King’s Speech, in which the Monarch reads a list of priorities written for him by Downing Street.

“My Ministers will also proceed with the introduction of Digital ID that will modernise how citizens interact with public services [Digital Access to Services Bill],” King Charles III told the State Opening of Parliament.

The government has previously pitched the concept as a cure-all for illegal immigration, saying it could be used to ensure that anyone seeking a job or renting a flat has their citizenship or immigration status instantly verified. Other potential uses put forward include accessing government services and collecting health records.

However, opponents have long raised concerns about Digital IDs, particularly regarding privacy and creeping state intervention. The British government has not showered itself in glory in recent years in terms of keeping digital secrets safe, with it recently accidentally leaking a list of thousands of spies, soldiers, and allies on the ground in Afghanistan to the Taliban, undercutting the notion that it would protect the much less sensitive data of average Britons.

Keep reading