California’s new age verification law, AB 1043, doesn’t just target Big Tech. It conscripts every software developer — including solo open-source contributors writing code in their spare time — into a surveillance apparatus that many of them lack the technical and financial capacity to build. The law, signed by Governor Gavin Newsom, requires application developers to request an age signal from an “operating system provider or a covered application store” before allowing a user to proceed. That single sentence reveals a profound misunderstanding of how software actually works outside the walled gardens of Apple, Google, and Microsoft.
The problem is immediate and concrete. As Gardiner Bryant detailed in his analysis, the law places the financial and technical burden squarely on developers, not on platform operators. An indie developer shipping a text editor, a calculator, or a local-only note-taking app must now, under this statute, query an external service for an age signal every time the application is “downloaded and launched.” That means every single application — even those designed to function entirely offline — would need internet connectivity baked in solely to phone home for age verification data.
Think about what that means in practice.
A developer in Berlin who writes a free, open-source flashcard app for Linux now has a legal obligation under California law to integrate with an age-signal infrastructure that doesn’t exist on their platform. They must request this signal not from the operating system itself, but from the “operating system provider.” On Ubuntu, who is that? Canonical? The upstream Debian project? Linus Torvalds? The law doesn’t say. On FreeBSD, there is no single provider. On Arch Linux, the operating system is assembled by the user from components maintained by thousands of independent contributors. The statute assumes a corporate structure that simply does not exist across vast portions of the software world.
The Infrastructure That Doesn’t Exist
AB 1043’s language presumes that operating system providers will build and maintain age-signal services capable of handling queries from potentially hundreds of thousands of applications. Apple and Google could theoretically do this — they already gate access to their app stores and maintain user account systems with age data. Microsoft could probably follow suit for its Windows Store offerings. But the law doesn’t limit itself to those platforms.
Linux distributions number in the hundreds. The BSDs — FreeBSD, OpenBSD, NetBSD — are maintained by volunteer communities with annual budgets that wouldn’t cover a single engineer’s salary at Google. As WebProNews reported in its earlier coverage, these communities face a law that treats them as if they were commercial entities with compliance departments and API teams ready to spin up new services on legislative command.
They aren’t. And they can’t.
The practical result is a two-tier system. Developers targeting Apple and Google platforms might eventually have a corporate-provided age signal to query. Developers targeting everything else — Linux, BSD, Haiku, custom embedded systems, scientific computing platforms — face an impossible mandate. There is no age-signal API on Fedora. There is no user-age database maintained by the Void Linux project. The law requires developers to request something from a provider that has no mechanism, no obligation, and in many cases no organizational structure to provide it.
So what happens? Small developers stop distributing to California users. Or they ignore the law and hope they’re too small to attract enforcement. Or they quit. For free and open-source software communities, this isn’t a regulatory inconvenience. It’s an existential threat. A volunteer maintainer who ships a package manager plugin or a media player cannot absorb the cost of legal compliance with a statute that fundamentally misunderstands their operating environment.
Code Is Speech — And Compelled Code Is Compelled Speech
The constitutional problems here are severe. The First Amendment implications of forcing developers to write specific code — code that implements surveillance functionality — run directly into decades of established precedent. As the Electronic Frontier Foundation has documented, the landmark case Bernstein v. United States Department of Justice established in the 1990s that computer code is protected speech under the First Amendment. Daniel Bernstein, a mathematician, sued the federal government over export restrictions on encryption software. The Ninth Circuit Court of Appeals — the same circuit that covers California — ruled that code is expressive conduct entitled to constitutional protection.
AB 1043 doesn’t just regulate what developers can say. It compels them to say something specific. It mandates that every application must contain code to query an age-signal service. This is compelled speech, full stop. The government is ordering developers to embed surveillance infrastructure in their own creative works.
The Supreme Court has been consistently hostile to compelled speech mandates. In National Institute of Family and Life Advocates v. Becerra (2018), the Court struck down a California law requiring crisis pregnancy centers to provide certain notices, holding that the state cannot compel individuals to deliver messages they wouldn’t otherwise choose to communicate. The parallel to AB 1043 is direct: the state is compelling developers to build and deliver a specific technical message — an age verification query — regardless of whether the developer’s software has any connection to content that might harm minors.
And the overbreadth problem is glaring. The law applies to all applications, not just those serving content to children. A command-line tool for managing server configurations doesn’t serve content to anyone, let alone minors. But under AB 1043’s plain text, its developer must still implement the age-signal request. This kind of sweeping mandate — applied without regard to whether the regulated speech has any connection to the government’s stated interest — is precisely the type of law that fails strict scrutiny under First Amendment analysis.
Legal challenges are coming. NetChoice, the industry group that successfully challenged California’s previous Age-Appropriate Design Code Act, has already signaled opposition to AB 1043. The Supreme Court is currently weighing NetChoice v. Paxton and related cases that will further define the boundaries of state power over digital platforms. But those cases involve large commercial entities. AB 1043’s reach into individual developers’ workshops and open-source projects raises questions the courts haven’t fully addressed: Can a state force a solo programmer to rewrite their hobby project to include government-mandated surveillance hooks?
Who This Law Actually Serves
The cynical reading is that AB 1043 was written by and for the major platform companies. Apple already has age verification baked into its App Store. Google has similar infrastructure in the Play Store. Microsoft can build it into Windows relatively easily. For these companies, compliance is a minor engineering task. For everyone else, it’s a wall.
The law effectively entrenches the dominance of three companies by making it legally hazardous to develop software outside their platforms. If you distribute through the App Store, Apple handles the age signal. If you distribute a .deb package on your personal website, you’re on your own — and you’re liable.
This is regulatory capture dressed up as child safety.
Nobody in the open-source community opposes protecting children online. But AB 1043 doesn’t protect children. It creates an unfunded mandate for age-signal infrastructure that doesn’t exist on most platforms, compels developers to write surveillance code in violation of First Amendment principles, and threatens the viability of independent software development. The law’s authors either didn’t understand how software works outside of iOS and Android, or they didn’t care.
Neither explanation is acceptable. California has written a law that assumes the entire world of software development looks like the App Store. It doesn’t. And the developers who will pay the price are the ones least able to afford it — the independent creators, the open-source volunteers, the small shops building tools for communities that Big Tech ignores. They deserve better than legislation drafted in ignorance of the technology it purports to regulate.
from WebProNews https://ift.tt/83TyBZx
No comments:
Post a Comment