Plan to ban under-13s from social media

[Kyng]

https://cybernews.com/news/us-senate-bil...-children/

Most social media platforms require users to be at least 13 years old, but backing this up with verification is another matter – millions of kids use Facebook or TikTok freely. Now, a bipartisan group of US senators is trying to insert the government into the process.

Facebook, for instance, says you have to be 13 if you want to create an account on the network. It adds that lying about your age is a violation of the network’s terms – Facebook wants to police explicit content and prevent bullying and grooming.

But the platform’s representatives have admitted there’s almost nothing they can do to stop minors setting up profiles, because there simply is no clear verification system in place.

---

Okay - so, how would this work? I agree that under-13s shouldn't be on social media - but, what would the age verification systems look like?

(And another thing: would this affect TCH? From my reading of the bill, it looks like we would fall under their definition of "social media platform": there's no clause to say that it only applies to companies with at least $X million of turnover, like these bills sometimes have. So, what kind of age verification system could a small hobbyist forum implement in order to comply with this?)

[Deleted User 1213]

Ban social media for all. 🙂

[Shiny Star]

Honestly I see why this is an idea. I remember back in the day a lot of forums were 13+. There was no way to actually check for sure but people were banned if they exposed details that may indicate that they were underage. I guess with social media any children talking in videos or posting pictures may visually seem underage and be removed. I think sometimes TikTok will remove content from minors if deemed necessary. Most people have passports so this could be an option as to how to verify.

[Lurkerish Allsorts]

would this affect TCH?

There is already a softban on under 13s, 15 U.S.C. §§ 6501–6506 (Aka COPPA).
Basically you need the parent's consent before someone under 13 can join the forum.

Facebook, for instance, says you have to be 13 if you want to create an account on the network. It adds that lying about your age is a violation of the network’s terms – Facebook wants to police explicit content and prevent bullying and grooming.

Bullcrap, Facebook only has that in its terms because of COPPA, not because it wants to prevent "bully and grooming", Facebook is all too happy to facilitate that stuff if the variables are "correct".

Most people have passports so this could be an option as to how to verify.

No, this is a horrible idea, any giving form of ID is bad, from a privacy standpoint (no longer will you be able to stay anonymous, and you are basically giving the website owners far more info then they get from an IP or other more advanced tracking bullcrap which has ways to disable), from a cybersecurity standpoint there is no good way to protect that data, and will just make websites that fall in to US Jurisdiction a bigger target to hackers to get this data to sell or exploit. Then there is the legal issues, in a case of a website with multi-jurisdiction (such as TCH hosted in the US with a UK owner) how will collecting this info be complaint with The UK's Data Protection Act of 2018?

[Shiny Star]

I don’t agree with using government identities for stuff like this as I’m cautious of who would obtain my data. It does scream for fraud for data breaches. I think in cases where people are locked out of social media then they are asked to provide legal identification to prove it’s them. Instagram does that in extreme cases as a last resort as one of my friends had to do it. I wouldn’t feel secure doing it for too many websites really. Saying that, people in companies should protect people’s data and governance. I don’t think needing ID to use a forum is justifiable though - but should we promote ID for when there’s content that isn’t child friendly? Plenty of 18+ material is accessible pretty easily without evidence. Or, do we hope that parents put up restrictions on their side.

[Pyrite]

The issue with any individual country creating laws regarding social media is that, ultimately, social media isn't owned by any one country. This makes it nigh on impossible to totally ban any group from social media, even under-13s.

As much as I would love to have more restrictions on children being able to access social media (especially younger people), that has to be enforced by their parents or guardians. It's not possible to screen everyone registering on social media without the state leaning towards totalitarianism.

Ideally, we'd instead be able to cut back on the amount of 18+ content on the internet, but unfortunately that shows no signs of stopping and is only getting worse.

[Kyng]

There is already a softban on under 13s, 15 U.S.C. §§ 6501–6506 (Aka COPPA).
Basically you need the parent's consent before someone under 13 can join the forum.

While this is true, the new proposed legislation goes much further than COPPA ever did.

Currently, COPPA only applies to sites that know they have under-13s on them. However, it doesn't require sites to ask users for their ages - and if they do choose to do so, then it doesn't require them to check that users aren't lying about their ages (see Section A, Part 12 of the FTC's Business Guidance on the matter).

On the other hand, the proposed bill does explicitly require some kind of age verification to be used:

9 SEC. 4. NO CHILDREN UNDER 13.
10 A social media platform shall not permit an individual
11 to use the platform (other than merely viewing content,
12 as long as such viewing does not involve logging in or
13 interacting with the content or other users) unless the in
14 dividual is known or reasonably believed to be age 13 or
15 older according to the age verification process used by the
16 platform.
17 SEC. 5. PARENT OR GUARDIAN CONSENT FOR MINORS.
18 (a) IN GENERAL.—A social media platform shall take
19 reasonable steps beyond merely requiring attestation, taking into account current parent or guardian relationship
21 verification technologies and documentation, to require the
22 affirmative consent of a parent or guardian to create an
23 account for any individual who the social media platform
24 knows or reasonably believes to be a minor according to
25 the age verification process used by the platform.

Now, what's considered "reasonable efforts" isn't clear (and it's likely that what's considered "reasonable efforts" for a small independently-run forum would be different from what's considered "reasonable efforts" for a tech giant like Facebook). But the point is, "just assume users aren't lying about their ages", which is the existing system under COPPA, isn't going to cut it any more.

Should we promote ID for when there’s content that isn’t child friendly? Plenty of 18+ material is accessible pretty easily without evidence.

For what it's worth, the UK did attempt to implement mandatory age verification for adult content a few years ago. The plans were eventually scrapped, due to the difficulty of implementing them. I wouldn't be surprised if the same thing happens with this proposed bill - since they'd be likely to encounter the same practical difficulties and privacy issues.

Also, with regards to using passports, driver's licences or similar: it won't be possible to require these for everyone, since people from outside the US will still need to be able to register on websites, and these people obviously aren't going to have valid US passports or driver's licences. So, couldn't this new verification be easily circumvented altogether, simply by lying about one's location (and/or using a VPN to hide it?).

[Lurkerish Allsorts]

Saying that, people in companies should protect people’s data and governance.

Here is the thing in IT/Info/Cyber/security world the stand of thought is "not if but when" the network is compromised.
Playing defense is extremely hard, you need to find and cover every crack in the chain (and well don't get me started on how stupid people are with IT/Info/Cyber security, just the other day I had some one out of the blue email me (not even using our provided encrypted email system) their password at work... something that they took training on not to do). The attacker just needs to find one crack and exploit it.

In IT there is this this idea of least privilege and zero trust but when it comes to keeping everything you can get on your customers/visitors/random people who are don't even know they are connecting to your servers, etc they will not apply that to the data they collect.. they should only keep necessary for business critical function data, but nope they need to keep everything. GDPR or not, they will still find ways around it (and well its not just the business world collecting the data, but governments too).


Kyng There actually is something else to consider... there were other laws of this kind only ore directed to "material harmful to minors" COPA (not to be confused with COPPA), 47 U.S. Code § 231, and the Communications Decency Act of 1996 (aka CDA)

CDA was stuck down as violating the 1st amendment by the Supreme court in Reno v. American Civil Liberties Union, 521 U.S. 844 (1997),
Justice Stevens in the majory opinion (a 9-0 or 7-2 decision depending on how you read the concur opinion) stated the following
"We are persuaded that the CDA lacks the precision that the First Amendment requires when a statute regulates the content of speech. In order to deny minors access to potentially harmful speech, the CDA effectively suppresses a large amount of speech that adults have a constitutional right to receive and to address to one another. That burden on adult speech is unacceptable if less restrictive alternatives would be at least as effective in achieving the legitimate purpose that the statute was enacted to serve. ... It is true that we have repeatedly recognized the governmental interest in protecting children from harmful materials. But that interest does not justify an unnecessarily broad suppression of speech addressed to adults. As we have explained, the Government may not "reduc[e] the adult population ... to ... only what is fit for children"


Case law has COPA stuck down as a violation of the 1st amendment in Ashcroft v. American Civil Liberties Union, 535 U.S. 564 (2002) (and later Ashcroft v. American Civil Liberties Union, 542 U.S. 656 (2004)), as far as I know it never made it to the supreme court a lower courts ruled it as unconstitutional and on appeal the Supreme Court refused to hear it, (TWICE) as the law most likely would have been found to be ruled unconstitutional.

Both CDA and COPA required websites to do some sort of verification of user's age, both CDA and COPA targeted "Adult communication"(aka porn) both of which enjoys effectively less first amendment protection then other speech, the bill proposed does not target data collection (unlike COPPA), this law based on case law, and the historical "holy grail" like protection American culture has on the first amendment should most likely be found if passed to be ruled unconstitutional, for even if laws targeting porn were found to be a violation, standard everyday speech would surely undoubtedly be a violation.

[Deleted User 1213]

Hmm, now that you mention it, I could imagine it being contested under the First Amendment of the U.S. Constitution. I haven't read the Bill, but if it does arbitrarily ban all persons under the age of 13 from using social media sites, the U.S. government may find it almost impossible to provide a reason compelling enough to the U.S. Supreme Court that justifies abridging the First Amendment.

[Kyng]

Well, this bill seems to have advanced:

https://www.theverge.com/2023/7/27/23809...cial-media

Still no word on how a small hobby forum is supposed to "take reasonable steps beyond merely requiring attestation, taking into account existing age verification technologies, to verify the age of individuals who are account holders on the platform", as is stated in the text of the bill .