Canada’s Bill C-34 Would Require ID or Face Scan to Use Social Media

Canada’s long-anticipated and dreaded Bill C-34 arrived on June 10 with the usual fanfare about protecting children.

We obtained a copy of the bill for you here.

Marc Miller, the Minister of Canadian Identity and Culture, tabled it.

Strip off the press release and what is left is a law that lets an appointed federal body order Canadians’ posts deleted across the country, decide which platforms can give an account to a 15-year-old, and tell AI chatbots to watch what you type.

It also bans Canadians under 16 from social media by charging the whole country for it, in the currency of everyone’s privacy.

The government calls it the Safe Social Media Act. Safe for whom is the question it would rather you not dwell on.

The law creates a Digital Safety Commission of Canada. Cabinet appoints its three to five members. The same body writes the rules, runs the inspections, hears the complaints, and hands out the fines, which is a regulator and a courtroom folded into one office that answers to no voter.

Everything hangs on a phrase the bill declines to nail down, “harmful content.” There are seven categories, among them “content used to bully a child” and “content that foments hatred.”

The drafters did take the trouble to say content is not hateful merely because it “discredits, humiliates, hurts or offends,” which is more care than these laws usually take.

It also changes very little because the people drawing the line day to day are the platforms, working from rules the Commission can rewrite whenever it wants. The edge of what a Canadian is allowed to say can shift without anyone in Parliament casting a vote.

So here is how a deletion goes. A platform decides it has “reasonable grounds to suspect” your post is child sexual abuse material or an intimate image shared without consent.

From that moment it has 24 hours to make the post inaccessible to every person in Canada. Down first, explained afterward. You can file representations and request a reconsideration, and your words stay gone the entire time you are waiting. Or someone skips you altogether and reports the post to the Commission, which can order it made “permanently inaccessible.” No judge appears anywhere in that sequence.

The definitions get bigger the longer you look at them. “Intimate content communicated without consent” now reaches AI images “likely to be mistaken for” a real recording of a person.

As a ban on revenge porn; reasonable, depending on how it’s implemented. But as written, those same words also cover a tasteless deepfake of a sitting politician, and the person sorting one from the other works for the company that gets fined either way.

Companies do not agonize over that distinction. They delete and move on.

Keep reading

Carney using kids’ safety as cover to strip Canadians’ freedom

The Liberal government is preparing to introduce a new digital safety bill that would ban social media for users under 16, but on Tuesday’s episode of The Ezra Levant Show, Ezra said this new legislation has nothing to do with protecting children.

“Parents can limit what their kids watch with the push of a button,” he said. “This is really about everyone else. Again, using kids as the excuse.”

The bill, reported by the Globe and Mail ahead of its introduction, would create a new digital regulator to establish safety standards for social media platforms. It would also address artificial intelligence and chatbots.

But the mechanism required to enforce an under-16 ban, Ezra noted, is the problem. To determine who is under 16, every user would need to verify their age — meaning every Canadian would need to hand their personal identification to the government just to log on.

“Mark Carney wants to make everyone sign into the internet,” he said. “It’s not actually about kids, is it?”

Ezra drew a direct line to the Liberals’ past censorship efforts, noting that child protection and anti-terrorism provisions have repeatedly been used as packaging for speech regulation bills — provisions that already exist in the Criminal Code, added as a distraction from the bills’ real purpose.

“Governments use children as a cover for their plots,” he reminded viewers.

The timing raised eyebrows, as the day before Canada’s announcement, U.K. Prime Minister Keir Starmer delivered an almost identical speech calling on tech companies to introduce device controls to prevent children from sending and receiving explicit images.

Ezra said the parallel is not a coincidence. “On everything from censorship and digital ID to environmentalism and mass immigration, I really think Keir Starmer is setting a lot of Canadian policy,” he said.

The irony, he noted, is that Starmer has refused to call a meaningful public inquiry into the U.K.’s rape gangs and even vigorously opposed one when he was the country’s chief prosecutor.

“What a laugh to pretend he cares about kids,” Ezra said.

Another provision in the bill would grant the Canadian government a security backdoor into any app it chooses. Ezra also pointed out that every major social media platform in Canada is American owned, meaning new fines and restrictions would amount to a tax on U.S. tech firms.

Keep reading

The White House’s AI Deal: Kill State Laws, Demand Your ID

The White House is dangling something the technology industry has wanted for years: a federal block on state AI laws and the price is a national age verification push that chips away at anonymous internet use.

The administration is negotiating a federal preemption of state AI laws in exchange for its support of key tech policy priorities from the Hill, according to Axios, and the bills it would back include the Kids Online Safety Act, the NO FAKES Act, and age verification requirements.

Sen. Marsha Blackburn (R-Tenn.) is steering the talks. “Senator Blackburn is spearheading the negotiation with the White House to finalize legislative text of an AI preemption package that includes protections for kids, creators, and communities through the Senate version of KOSA, the NO FAKES Act, and age verification requirements,” a Blackburn spokesperson said.

The administration kept its own language vague. “The White House continues to proactively engage across government and industry,” a White House official said.

Strip away the framing and the age verification piece asks something concrete of you. To prove you are old enough, you upload a government ID, submit to a face scan, or let a service study your behavior closely enough to guess your age. None of those confirms age and nothing else. They confirm identity and they leave a record that outlives the check.

The internet that once let you be a username starts to demand your legal name, your face, or your documents.

The bigger trade sits underneath the child-safety language. States have been writing their own AI rules, some addressing how companies collect biometric data and automate decisions about residents.

Preemption would freeze that, removing one of the few places people have to push back on how these systems handle their data.

The maneuvering also signals which bill is fading. A bipartisan proposal from Reps. Jay Obernolte (R-Calif.) and Lori Trahan (D-Mass.) isn’t the likely vehicle for AI policy in this Congress. That bill would preempt state AI laws for three years and require certain developers to address risks before releasing models.

Keep reading

California Marijuana Regulators Unveil New AI Tool To Prevent Product Packaging That May Appeal To Kids

California cannabis regulators are rolling out a new AI tool to help businesses identify marijuana product packaging may appeal to kids in violation of state rules.

The Department of Cannabis Control (DCC) on Monday announced that licensees can now utilize a Cannabis Product Image Analyzer (CPIA) that was developed to aid in preventing the market launch of potentially problematic packaging that violates state statute by enticing minors.

Marijuana business licensees can “simply snap a photo using their smart phone or mobile device, screenshot or any other supported file format and upload to the CPIA tool,” DCC said. “The image will be analyzed and provide a summary of its findings.”

DCC said it won’t retain images uploaded to the CPIA database, or the summaries of findings that it produces. Rather, the goal is to “assist licensees in their independent evaluation of whether packaging or labeling may be attractive to children.”

That includes packaging and labels that depict:

  • Images of minors or anyone under 21 years of age
  • Cartoons
  • A likeness to images, characters, or phrases that are popularly used to advertise to children
  • Images that are any imitation of candy packaging or labeling and
  • Images with the terms “candy” or “candies” or variants in spelling such as “kandy” or “kandeez”

“The CPIA uses artificial intelligence technology to review images submitted by a user to identify issues that may indicate attractiveness to children for further evaluation,” DCC said in a notice. “The CPIA may not identify all concerns an image may present, or that the Department may find attractive to children.”

Regulators stressed that licensees should not “rely on the CPIA’s output, as it does not establish definitively whether advertising or marketing violates” state rules. And if the tool finds that an uploaded image is likely compliant, that alone “does not preclude a finding by the Department or a factfinder in a disciplinary or administrative action from determining the uploaded image violates the regulation.”

“Because artificial intelligence systems evolve, update, or produce variable outputs, the CPIA’s evaluation may change from day to day, even when reviewing the same image. The quality, clarity, angle, lighting, or completeness of an image uploaded by a user may affect the CPIA’s review and assessment. Users are solely responsible for ensuring uploaded images accurately depict the product’s labeling.”

Cannabis licensees are being encouraged to provide feedback on the AI tool through an online survey.

Keep reading

Starmer Calls for Spyware on All Phones

British Prime Minister Keir Starmer strode onto a stage at London Tech Week and handed Apple, Google and friends a three-month ultimatum with all the menace of a substitute teacher confiscating phones at the door. Build us controls that stop children from taking, sharing, or viewing nude images, switch them on by default across every phone and tablet already humming away in the nation’s pockets, and look sharp about it.

“This government will not stand by while children are put at risk online,” he announced, before adding the line every tech executive in the room heard as a polite threat.

“Today I am calling on the tech companies to introduce device-level controls to prevent children from taking, sharing or viewing nude images. And if they don’t act, we will.”

Stirring stuff. Nobody wants children harmed, and saying so out loud is the cheapest applause line in British politics.

The trouble is the two innocent-looking words tucked into the speech like a wasp in a picnic basket, the words “device-level.”

Here is what “device-level” means once you peel off the cuddly branding. To catch one naughty photo on your phone, something has to inspect every photo on your phone. All of them.

It is software that leans over your shoulder the instant you raise your camera, squints at whatever you are making, and decides whether you may keep it or it gets reported to authorities.

Engineers named this trick years ago, client-side scanning, and even Apple, a company that would happily sell you the air inside its packaging, built a version of it in 2021 and then sprinted away from the idea the moment people worked out what it did to private messaging.

The worst part is what it does to encryption. End-to-end encryption is meant to mean nobody in the middle can read your stuff, not the app, not your internet provider, not a bored government with a search warrant fetish.

Client-side scanning waltzes around all of that by reading your photo on your own device first, before the encryption clicks shut. The lock on the front door stays bolted. There is just a man with a clipboard standing in your hallway, jotting notes before you turn the key. The math survives. The privacy, meanwhile, is dead.

Step back and admire how casually people are treating this. A government politely asking every phone maker to install a tiny invigilator inside the camera lens, marking your snapshots as they form, would have been thrown out of a Black Mirror writers’ room a decade ago for being too on the nose.

Keep reading

Minnesota Law Requires Platforms to Monitor and Age-Estimate All Users

Governor Tim Walz signed House File 4138 on Tuesday, turning Minnesota into the latest state to demand that social media platforms profile every user who logs on.

The law, which takes effect in July 2027, forces platforms with at least 10,000 account holders or $1 billion in annual revenue to estimate the age of all Minnesota users, obtain parental consent before anyone under 16 can hold an account, and disable a list of features the legislature has labeled “addictive.” It passed the state House 132-2 and the Senate 66-0.

We obtained a copy of the bill for you here.

The bipartisan consensus is remarkable given what the bill actually requires. Buried beneath the child protection language is a surveillance apparatus that applies to every user, not just minors.

When you create an account on a covered platform, the law demands you declare your month and year of birth. That’s just the beginning. Once you’ve spent 25 hours on the platform within six months, the company has 14 days to estimate your age using “reasonable efforts, taking into consideration available technology and the data in the possession of the covered social media platform.”

If the platform can’t reach 80% confidence that you’re 16 or older, you get classified as a child and locked into restricted mode.

Hit 50 hours, and the confidence threshold rises to 90%. Still not verified? The age estimation repeats every six months for the first seven years your account exists, or more often if the platform runs any demographic analytics on your profile.

That means platforms are legally required to continuously analyze how you behave, what content you engage with, and who you communicate with for the better part of a decade. The law creates an obligation to surveil that didn’t exist before.

The mechanisms available for “verifiable parental consent” come from the COPPA 1.0 framework which speaks volumes about the privacy costs this law is willing to impose.

Parents can sign a consent form, hand over credit card information, submit a copy of a government-issued ID alongside a face scan, or verify their identity through video conferencing.

Keep reading

Massachusetts House Passes Social Media Age Verification Digital ID Bill

Massachusetts just voted to force every social media user in the state to prove their age to a tech company. 

The bill passed the House 129-25 on Wednesday, banning children under 14 from social media entirely, requiring parental consent for 14- and 15-year-olds, and mandating that platforms build age verification systems to enforce all of it. If it becomes law, the policy takes effect on October 1.

We obtained a copy of the bill for you here.

House Speaker Ron Mariano and Ways and Means Chair Aaron Michlewitz framed the legislation as protection. “This ban would be among the most restrictive in the entire country, helping to protect young people from harmful content and addictive algorithms that have a proven negative impact on their mental health,” they said in a joint statement. 

They also described the broader goal: “The simple reality is that Massachusetts must do more to ensure that our laws keep pace with modern challenges – especially when it comes to protecting our children, and to setting students up for success in the classroom and beyond.”

The bill doesn’t say how companies should verify ages. It leaves that to Attorney General Andrea Campbell, who would have until September 1 to write the implementing regulations. 

That vagueness is deliberate, according to Michlewitz, who said it gives the AG flexibility in a changing industry. 

But the practical reality of age verification is that someone has to prove who they are. 

That means government IDs, facial scans, or behavioral tracking, and those requirements don’t just apply to kids. Every user on the platform has to go through the system, because you can’t filter minors without checking adults, too.

Keep reading

South Carolina’s New Social Media Law Puts Every User Under Age Surveillance

South Carolina Governor Henry McMaster signed H.B. 4591 on May 19, turning the Stop Harm from Addictive Social Media Act into a law that will reshape how every resident of the state uses major social media platforms.

The bill passed with almost no opposition, clearing the House 115-0 and the Senate 42-1. It takes effect January 1, 2027, and it brings with it a surveillance apparatus aimed at all users.

We obtained a copy of the bill for you here.

The law, sponsored by Rep. Brandon Guffey (R-York), requires covered platforms to repeatedly estimate and verify the age of every South Carolina account holder.

The stated goal is child protection. The way it claims to do that is continuous behavioral analysis of anyone who spends enough time on a platform, combined with escalating confidence thresholds and penalties of ten thousand dollars per violation if platforms get it wrong.

Here’s how the age estimation system works. Once an account holder hits 25 cumulative hours on a platform within six months (the “first trigger date”), the platform has 14 days to estimate whether that person is over 15, with 80% confidence.

At 50 hours (the “second trigger date”), the confidence requirement jumps to 90%. After that, the platform must update its estimate every 100 hours of use, or whenever it runs data analytics on the user for any other reason, whichever comes sooner.

That last clause is easy to miss and it means any time a platform runs its profiling algorithms on you for ad targeting, content recommendations, or anything else, it also has to re-evaluate your estimated age. The law essentially piggybacks mandatory age surveillance onto whatever commercial surveillance platforms already conduct, expanding the scope of both.

Because platforms face significant liability if they can’t meet these confidence thresholds, the law creates powerful incentives to harvest far more sensitive data about users than they do today, including about minors.

A platform that guesses wrong faces $10,000 per violation. A platform that overinvests in behavioral profiling to avoid those fines faces no penalty at all. The incentive structure points in one direction.

The bill claims it “does not create any duty on the part of a covered social media platform to request, collect, or retain any information from or about any account holder” and that age estimates must be “derived based on information collected and retained by the covered social media platform in the ordinary course of operation.”

This is the bill’s central fiction. Platforms that can’t achieve 80% or 90% confidence from existing data will need to collect more data, or face financial ruin from accumulated violations. The law doesn’t mandate new data collection in the same way that holding a knife to your wallet doesn’t mandate you hand over cash.

For users classified as children (under 16), the restrictions are extensive. Accounts require verifiable parental consent, with privacy settings locked to the most restrictive levels by default.

Platforms cannot show children profile-based feeds, profile-based advertising, or any “addictive interface features,” a category that includes infinite scrolling, auto-play video, push notifications, and display of personal metrics like reaction counts.

Keep reading

Big Tech Backs Colorado OS-Level Age Data Bill

Chamber of Progress, a lobbying group bankrolled by Amazon, Apple, Google, Meta, and OpenAI, is pushing Colorado Governor Jared Polis to sign SB 26-051 into law.

The bill would force operating system providers to harvest users’ dates of birth and pipe that data to app developers through an API every time you download or open an app. If Polis signs it, your phone’s operating system becomes more of an identity checkpoint, not just for children, but for everyone.

The bill landed on the Governor’s desk on May 12 after clearing both chambers of the Colorado legislature, passing the House 40-23 and the Senate 26-9.

We obtained a copy of the latest version of the bill for you here.

Sponsored by Democratic Senator Matt Ball and Representative Amy Paschal, the legislation mirrors California’s AB 1043, signed into law in October 2025. Colorado’s version would start applying to new users on July 1, 2028, with existing users folded in by January 1, 2029.

When you set up a device account, the OS asks for a date of birth. That data gets translated into one of four age brackets (under 13, 13 to 15, 16 to 17, and 18-plus) and stored as an “age signal.”

Developers are required to request that signal at first launch or account creation through a real-time API. Every app you open gets to ask your operating system how old you are.

Chamber of Progress told Colorado lawmakers that the bill “reflects an important effort to protect children online while minimizing risks to privacy and lawful speech.”

That framing collapses under the weight of what the bill constructs. It calls age-bracket data “nonpersonally identifiable,” but an age bracket combined with a device ID, app usage patterns and an IP address makes re-identification trivial. When that signal flows to dozens of apps at launch, the aggregate profile becomes far richer than any single data point suggests.

The bill also makes anonymous device use functionally harder. If account setup requires an age attestation that follows you into every app, you lose the ability to use the software without disclosing something about your identity. That has consequences for journalists, activists, domestic violence survivors, and anyone who treats privacy as a default.

The bill never specifies how age data is verified. Account holders just “indicate” a birth date. It may not have an ID check or a biometric scan, at least for now. But a 12-year-old can type in 1988 and the system accepts it.

As a mechanism for protecting children, this is useless, and everyone involved in writing it knows that. What it does accomplish is something else entirely. It builds the architecture: the API, the data pipeline, the legal obligation for developers to query an age signal at every app launch. Once that plumbing exists, the only question left is what gets poured through it.

Keep reading

Days Away: The TAKE IT DOWN Act Creates a Censorship Mechanism With No Safeguards

The Federal Trade Commission sent letters to 17 major tech companies this week, warning them to comply with the Take It Down Act by May 19 or face fines of $53,088 per violation.

Amazon, Alphabet, Apple, Meta, Microsoft, TikTok, X, Reddit, Discord, Snapchat, Pinterest, Bumble, Match Group, Automattic, and SmugMug all got the same message from Chairman Andrew Ferguson.

We obtained a copy of the letter for you here.

“We stand ready to monitor compliance, investigate violations, and enforce the Take It Down Act,” Ferguson wrote.

“Protecting the vulnerable, especially children, from this harmful abuse is a top priority for this agency and this administration.”

The law, signed by President Trump in May 2025 with strong backing from First Lady Melania Trump, requires platforms to delete non-consensual intimate imagery (NCII), including AI-generated deepfakes, within 48 hours of receiving a removal request.

Platforms must also find and remove identical copies, provide clear notice about the removal process and let people track their requests. The FTC published a business guidance page alongside the letter spelling all of this out. The definition of “covered platform” is broad enough to capture social media, messaging apps, video sharing, gaming platforms, and essentially any site hosting user-generated content.

Nobody wants revenge porn circulating online. But the law Congress passed is far broader than the problem it claims to solve.

The TAKE IT DOWN Act borrows its structure from the DMCA’s already-controversial notice-and-takedown system, then strips out the safeguards.

Under the DMCA, a takedown request must include a statement under penalty of perjury. False claims can result in liability. There’s a counter-notice process so the person whose content was deleted can push back. TIDA has none of this. There’s no penalty for false claims, no counter-notice, no requirement that the filer prove anything before content disappears. A platform gets a complaint, has 48 hours, and deletes. That’s the entire process and exactly why the Take it Down Act introduces a new censorship mechanism.

The law defines a violation as involving an “identifiable individual” engaged in “sexually explicit conduct,” without defining that conduct narrowly.

Keep reading