GoKawiilIn January, Colorado lawmakers introduced a proposal to make operating systems collect users’ ages and pass them to app developers. The bill, SB26-051, had clearly been designed for commercial platforms like iOS and Android — one of numerous plans to age-gate the internet through users’ devices. It was intended to provide information that would let developers disable age-inappropriate experiences for kids. But as it made the rounds online, Linux laptop maker Carl Richell read the proposal with dismay.
Carl Richell is the founder and CEO of Dever-based System76, which also develops the Pop!_OS Linux distribution. The law, he realized, would likely apply to his own small business. Without the resources of a company like Apple and Google, complying with Colorado’s bill would be a major logistical headache. More broadly, Richell believed it would betray the principles of open source and limit its potential. Open source is “the best way to learn computing,” he told The Verge. “There is nothing like learning from example, and the Linux desktop is a free, open-source example of how to build an entire operating system.” A system that can restrict how children use it — by blocking their ability to interact with certain apps or denying them root access, both possible outcomes of an age-gating system — “breaks that.”
Richell began working with state lawmakers. He spent weeks pushing for changes and sharing updates online. On April 23rd, he appeared before a Colorado House of Representatives committee meeting to make his case. “Everyone should have access to the ability to create with a computer,” Richell testified. “Open-source software makes that possible. It ensures that everyone, regardless of age or background, can learn, experiment, and build at the most fundamental level.” In its original form, the bill, he warned, “unintentionally swept that world into its scope.”
“We have created a template that I hope other legislatures adopt.”
His persistence paid off. On May 1st, SB26-051 passed with an exemption he’d pushed for — excluding open-source operating systems like Linux from its rules. “We have created a template that I hope other legislatures adopt,” Richell told The Verge.
Richell’s brush with age verification laws ended well. In the larger world of open source, though, they remain a hot topic. As several US states are debating and enacting rules similar to Colorado’s, some open-source developers are still trying to figure out how to respond — or whether they need to. Others are openly thumbing their noses at the new rules. And some, like Richell, are trying to help lawmakers understand their plight.
Concern over how Linux would deal with age-gating kicked into high gear late last year when California passed AB 1043. Under state law, operating systems and app stores must collect users’ ages during device setup starting January 1st, 2027. Open-source developers and users were left wondering how the law would be applied to them, or if it even could be.
The law posed practical challenges. Many open-source projects are volunteer-run and lack the funding and resources that big tech companies have to roll out age verification (also referred to as “age assurance” or “age attestation”). And the nature of open-source software makes the process even trickier. If an open-source developer does add the necessary age-gating tech, someone else can just create a fork of the software that strips out those measures, and if there’s a legal crackdown, it’s not necessarily clear who’s liable.
On top of these difficulties, age verification is at odds with the ethos of many open-source projects, which are often designed to be maximally customizable, minimally invasive, and to avoid collecting user data. Developers may now find themselves forced to choose between respecting users’ privacy preferences and complying with the law.
“This is security theater, not improved child safety.”
... continue reading