The House Committee on Energy and Commerce on Tuesday will once again plunge into the deep waters of children’s online safety. At this hearing, many familiar pieces of legislation will return for consideration: the Kids Online Safety Act (KOSA), an app store age verification mandate, a bill to ban children from social media, the privacy reform known as COPPA 2.0, and much more.
“Here’s the House plan to protect kids online,” reads the headline from Punchbowl News, which broke the news of the hearing. It seems, however, lawmakers’ grasp of the proper means by which to protect children is less well-developed than Punchbowl suggests. The committee does not, in fact, have a definite plan. Lawmakers evidently feel that something must be done; but the very number of proposals to be considered—19 bills in all!—suggests nobody is quite certain about what ought to be done or how it ought to be done.
Consensus remains elusive, and for good reason. The regulation of the internet is shot through with difficulties. Despite their noble concern for children and sterling intentions, proponents of many of the committee’s proposals have fallen short of grasping the complexities of the technologies they seek to regulate. Nor have these heavy-handed proposals wrestled with the second- and third-order effects—dangers to the privacy and security of the children for whose benefit the hearing will be held—that invariably will follow. The familiar faces found among the committee’s list of proposals are not the friends of American children.
Perhaps most typical of this uncertainty is KOSA. In the years since its first proposal, including myriad iterations, the bill has become the consummate fixer-upper legislation. Its cornerstone—a vague, poorly defined “duty of care,” requiring online platforms to withhold certain subjective categories of online content from underage users—would provide unscrupulous, overzealous bureaucrats with statutory authority for digital censorship. Seeing the imprudence and constitutional vulnerabilities of the bill, its supporters have continuously trimmed and reshaped the legislation, each time declaring that this time—finally—the bill had been rid of its deficiencies. Each time, however, the amendments proved wanting, and further efforts to amend KOSA were undertaken.
The committee’s latest version has excised the duty of care entirely. Although still constitutionally precarious and filled with far-from-feasible technical provisions, it has managed more than any previous draft to trim away KOSA’s endemic deficiencies. It has done so, it should be noted, by removing the bill’s central proposal. This, however, has not pleased everyone. KOSA enthusiast Sen. Marsha Blackburn (R-Tenn.), intermingling collegiality with scathing criticism, voiced appreciation for the committee’s effort but declared that “the House’s version of KOSA would not ensure Big Tech companies like Meta prioritize the safety of children over profit.” Once again, what to do and how to do it remain anything but clear.
Another proposed means of protecting children online comes in the form of mandatory age verification. However, this avenue remains similarly controversial. The insistence of certain advocates that age verification presents no dangers to the privacy and civil liberties of Americans on whom it would be foisted has failed to assuage many lawmakers’ misgivings. “Age verification requires robust data collection, making it exceedingly difficult to minimize the sensitive data collected from youth users,” argues Paul Lekas, executive vice president of the Software & Information Industry Association, and a witness at Wednesday’s hearing. “Websites or platforms holding a rich array of sensitive data are more attractive targets for malicious actors, dramatically increasing the likelihood that a data breach will harm young people.”
Age verification, which has been proposed over the years in many forms, has not thus far managed to garner enough votes to become federal law—and for good reason. Attempts to condition Americans’ access to everyday digital services on subjecting themselves—and their personal information—to a regime so dangerous to privacy merit no support at all.
Privacy has become particularly important and precarious for American children. “[R]esearch by Experian suggests that 25 percent of children will be victims of identity fraud or theft by the time they are 18,” the R Street Institute reports. “More than half of minors who were victims of identity theft report being denied access to credit at least once because of it, and some deal with the consequences for a decade or more. Some have even acquired a lifelong criminal record for an offense committed by the thief that stole their identity.” Statutes requiring the collection of minors’ personal information and thereby rendering that information vulnerable to hackers will endanger, not protect, the very children whom age verification mandates are intended to benefit.
Lawmakers considering the regulation of new technologies invariably encounter new difficulties. Yet they must remain mindful that the same old knowledge problems and constitutional constraints that obtain in the physical world obtain just as much in the digital world. Only then will some commonsensical cures for online maladies emerge.
