California’s OS-based age verification law challenges open-source community

California’s new online safety bill, AB 1043 (the Digital Age Assurance Act), adopts a declared age model for operating systems. Under the law, which is set to take effect on January 1, 2027, when a user sets up a new device, the operating system is required to ask for their age or date of birth. This declared age will be used to curate what’s available on the app store, and can be shared with developers on request to ensure age-appropriate experiences.

An article in PC Gamer points out that this “sounds incompatible with many of today’s open source software, including Linux.” The open source community is wrestling with the problem of how to comply with the laws while also not violating core privacy principles.

The piece muses on technical solutions, quoting Jef Spaleta, project leader for popular Linux distribution, The Fedora Project, who says “this might be as simple as extending how we currently map uid to usernames and group membership and having a new file in /etc/ that keeps up with age.”

Or, “it might be as simple as that and we extend the administrative cli and gui tools to populate that file as part of account creation. That might be simplest and it solves the problem for the full ecosystem of Linux OSes. Then applications just have to start choosing to look at the file.” To Spaleta, this suggests a D-Bus Service, which allows communication between programs.

Ubuntu, another Linux distribution, is also unsure of how to respond, and says it is consulting with its lawyers before making a plan.

California age law does not compute with DB48X

The point is, in putting the onus on operating systems to collect age data, AB 1043 is causing headaches for open source nerds. Both California’s bill and a like-minded bill in Colorado, SB26-051, have drawn the ire of the creators of an open source calculator, DB48X, described as “a project to rebuild and improve upon the ‘legendary’ HP48 family of calculators and RPL programming language, and for modding newer calculators to utilise it.”

Rather than comply, DB48X has opted to restrict access for Californians and Coloradans when (and, in Colorado’s case, if) their laws come into effect. A legal-notice file for the project says “DB48X is probably an operating system under these laws. However, it does not, cannot and will not implement age verification.”

Per PC Gamer, “you know you’ve messed up when you’ve angered the math lot.”

The calculator guys are not alone. Ground News has a roundup of articles expressing variations of grievance. WebProNews says California’s law “forces a surveillance mandate on every developer – including those who can’t comply.” The Daily Economy says “California is embedding age verification directly into digital devices. For those of us concerned with personal liberties, this is an emergency.”

No verification required, actually

PC Gamer also notes the challenges of enforcing a law that means “the job of checking whether people have installed its OS falls onto Californian authorities to deal with.”

“Both Californian and Coloradan bills set out civil fines of $2,500 for unintentional breaches and $7,500 for intentional breaches, but how would the majority of breaches be discovered in the first place?”

Another criticism asks why California does not specify what level or extent of age verification it requires. If it’s just a date of birth, Spaleta says, “a simple dropdown interface may suffice,” meaning “the effectiveness of such a system appears to be based on an honour system.” Self-declaration at the root negates the entire process; this would-be age verification law, in fact, does not mandate age verification at all. Technically, it’s not even age assurance.

California’s law is less than a year away from taking effect, and Colorado’s bill (which more properly labels its goal “age attestation”), if passed, would take effect January 1, 2028. Ironically, the piece ends up lamenting the speed at which new technology is becoming normalized: the laws, it says, are “coming at a time when age verification is being rolled out more widely across the globe and facing stern criticism, such as an open letter from scientists and researchers that notes the many pitfalls of ill-thought-out verification methods.”

The letter in question has provided a common reference for those opposed to age assurance laws and technologies for various reasons. The open source community now joins social media tycoons, privacy advocates and pornographers in opposing such laws, which they say are invasive and dangerous – but which lawmakers insist parents are asking for, as they work to find the right legal model.

Article Topics

age verification  |  California  |  Colorado  |  legislation  |  open source  |  OS-level age verification