We’ve called it the “curse of good intentions.” In medicine, physicians speak of the “cure being worse than the disease.
The phenomenon we’re referring to is the metastasizing “Nanny State” and (in this case) its insistence that children be shielded from any semblance of danger at the hands of adults. Thus, we have regulations that ban young girls from selling Girl Scout Cookies in their own front yard. Not to mention laws that result in mothers being arrested for letting their young children play unsupervised in parks.
The latest example of the Nanny State running wild comes from the socialist paradise of California. Last month, both houses of the state legislature unanimously voted in favor of a bill called the California Age-Appropriate Design Code Act (AADCA). The law, which takes effect in mid-2024, was promptly signed into law by Governor Gavin Newsom.
We also can’t claim that the new law is a solution in search of a problem. The problem it attempts to address is indeed a serious one. Here are some sobering statistics from the Organization for Social Media Safety:
Cyberbullying. About 88% of social media-using teens have witnessed other people being mean or cruel on social networking sites. Approximately 34% of students report experiencing cyberbullying.
Depression and suicide. In 2018, the average teen spent nine hours a day online. Teens using social media more than five hours daily were 70% more likely to have suicidal thoughts or actions than those who reported one hour of daily use.
Hate speech. About 64% of US teens have encountered hate speech online.
Teen’s online activities can also bring them in contact with adult sexual predators – more than 500,000 online every day, according to the FBI. Most contacts between the adults and teens come through social networking websites, chat rooms, and online games. The adults typically pose as teens and try to convince their targets to send them sexually explicit images of themselves. The adult then threatens to share the images with the teen’s family or friends unless the victim sends them money or more sexualized photos and videos.
The CAADCA purportedly addresses these social harms to better protect the well-being, data, and privacy of children. It applies to any “business that provides an online service, product, or feature likely to be accessed by children.” Any for-profit organization, anywhere in the world, that operates a website is covered by the law if it meets at least one of three thresholds:
(1) Has annual gross revenues of $25 million or more.
(2) Buys, sells, or shares personal information of 100,000 or more California residents or households annually.
(3) Receives 50% or more of its annual revenue from selling or sharing the personal information of California residents.
The law requires covered businesses to analyze how their websites could put children at risk through a complex “Data Protection Impact Assessment.” Among other requirements, the analysis must attempt to measure the age of children who access the website, configure its default settings to provide the highest level of privacy. Those businesses must then redesign their websites to ensure that at all times they function in the “best interests of children.”
Violations of the law can be fined up to $2,500 per affected child for “negligent” violations and $7,500 for each “intentional” violation. These fines can be avoided if a company is notified of a potential violation and fixes it within 90 days.
Critics have bashed the CAADCA as being impossible to comply with, given its vague standards. That’s a valid critique. But we also believe the CAADCA won’t do much, if anything, to address the issues that teens encounter in their online lives.
Take cyberbullying, for instance. Most cyberbullying takes place between teens themselves, not from adults. We don’t see any way that the new law can prevent it, although its identity verification requirements might help prevent anonymous threats. Nor do we understand how it would prevent teen depression or stop teens from encountering online hate speech. But it might help stop sextortion, by making it more difficult for would-be sexual predators to pose as teens themselves.
But the collateral damage from the law will be immense once it comes into effect. Websites accessible to California residents – in effect – will be forced to adhere to privacy-invasive age verification rules. And those rules won’t necessarily apply only to children and teens in California. Conceivably, they’ll be enforced for everyone who accesses a website or social media platform children and teens also use. Of course, it’s possible that affected websites would only require age verification to internet connections originating in California. But since internet-savvy teens (and anyone else) can use a virtual private network (VPN) to disguise the origin of their online connection, we believe most websites will require universal age verification.
Currently, when we browse the internet, we can go from one website to another relatively seamlessly. But imagine doing so in 2024. Post- CAADCA, you’ll be required to prove your age before you can visit any new site – even briefly, and even if you never intend to return to it.
Here at Nestmann, we’re highly suspicious of efforts by websites to convince us to disclose our birthdates or worse, to upload photos or videos, because this data can easily be used for identity theft. Internet behemoths like Facebook and Google will likely be able to convince users to upload the necessary authentication data. But smaller companies might not be able to do so. Most likely, they’ll simply ban any internet-connected device in California from accessing their services.
Also consider the impact of the CAADCA on search privacy. We regularly conduct online searches for all sorts of topics that we’d prefer to remain confidential. And we suspect you do too.
For instance, we recently published an article on how to construct homemade plastic containers that can be used for long-term underground storage of valuables, such as precious metals or cash. In our research, we noticed that the parts for the containers looked a little like our conception of what parts for a pipe bomb looked like.
So, we did an online search for what pipe bombs (and their components) look like to see if our intuition was correct. We didn’t conduct the search because we wanted to build a pipe bomb. But that’s how our search might have been interpreted, if the search engine company was monitoring our searches, or at least had proof of our identity.
Searches like this will be impossible to conduct privately once the CAADCA is in effect. It will simply be too risky. And there are countless other examples. Knowing that the search engine you’re using has proof of your identity, would you be willing to risk a search for an out-of-state abortion if you live in a state that prohibits it? Or to buy a semi-automatic rifle, if these weapons are banned in your state, as they are in California?
Another side-effect of the CAADCA will be to ban the efforts of teens themselves to expose sexual predators. Recently, The Boston Globe published an article about how a group of teenage boys used an instant-messaging platform called Discord to track the inappropriate behavior of a male teacher toward their female classmates. The boys called the files they created the “Pedo Database,” and their parents turned it over to police. The teacher has now been suspended.
Under the CAADCA, Discord would likely have never allowed the boys to have set up an account. Even if they were, a channel called “Pedo Database” would probably have been blocked as being potentially harmful.
It’s also interesting – and more than a little ironic – to consider who the biggest beneficiary of the CAADCA will be. A logical conclusion is that it will be the companies that offer age verification technology. And it turns out that the largest such company is MindGeek, a privately held firm that describes itself as “developing industry-leading solutions enabling faster, more efficient delivery of content every second to millions of customers worldwide.”
MindGeek’s age confirmation technology is called AgeID. But what people might not realize is that MindGeek is also the parent company to the world’s largest producer of pornography; Pornhub. So, companies that logically turn to AgeID to comply with the CAADCA will give the world’s largest porn company detailed private information on virtually every internet user in the world.
Not to mention the fact that Pornhub recently had to remove about 80% of its content after an investigation showed that some of the videos it hosted involved child sexual abuse.
In other words, California is not just breaking the internet. It will also force millions of websites to turn over highly personal data on their users to the world’s largest porn company – one that is (or at least was) a major disseminator of child sexual abuse videos.
And of course, it’s all to “save the children.”
There are far better ways to deal with the problems that the CAADCA attempts to address, as proven by a group of teenage boys in Boston. Legal challenges to the law are already underway, and we hope they succeed in derailing it – and literally saving the internet as we know it.