Massachusetts just voted to force every social media user in the state to prove their age to a tech company.

The bill passed the House 129-25 on Wednesday, banning children under 14 from social media entirely, requiring parental consent for 14- and 15-year-olds, and mandating that platforms build age verification systems to enforce all of it. If it becomes law, the policy takes effect on October 1.

We obtained a copy of the bill for you here.

House Speaker Ron Mariano and Ways and Means Chair Aaron Michlewitz framed the legislation as protection. “This ban would be among the most restrictive in the entire country, helping to protect young people from harmful content and addictive algorithms that have a proven negative impact on their mental health,” they said in a joint statement.

They also described the broader goal: “The simple reality is that Massachusetts must do more to ensure that our laws keep pace with modern challenges – especially when it comes to protecting our children, and to setting students up for success in the classroom and beyond.”

The bill doesn’t say how companies should verify ages. It leaves that to Attorney General Andrea Campbell, who would have until September 1 to write the implementing regulations.

That vagueness is deliberate, according to Michlewitz, who said it gives the AG flexibility in a changing industry.

But the practical reality of age verification is that someone has to prove who they are.

That means government IDs, facial scans, or behavioral tracking, and those requirements don’t just apply to kids. Every user on the platform has to go through the system, because you can’t filter minors without checking adults, too.

We already know how this plays out. When Discord rolled out age verification for UK and Australian users, a third-party vendor handling the ID checks was breached within months. Approximately 70,000 users had their government-ID photos exposed, according to Discord’s own disclosure. Hackers posted photos of people holding government ID cards to a Telegram channel, alongside names, email addresses, and partial financial data. Discord’s response to that breach was to announce global mandatory age verification.

Massachusetts lawmakers seem unbothered. “We know that there could be some potential legal challenges,” Michlewitz said. “We think it’s the right thing to do, we think we’re on solid ground.”

Asked directly whether data privacy came up during the drafting process, Mariano gave an answer that says a lot about how seriously the legislature weighed the surveillance costs: “Well, I’m sure we have, but the issue is that we’re doing it to protect kids, and a lot of it is aimed at an age group that we think is well worth the investment of time in getting the right ages and making sure that only kids who are maturing are involved in this.”

That response sidesteps the central problem. Age verification doesn’t only collect data about kids. It collects identity data from everyone, and that data has to go somewhere.

It gets stored by third-party vendors, processed by facial recognition algorithms, and retained for periods that companies define in their own privacy policies.

[…]

Via https://reclaimthenet.org/massachusetts-house-passes-social-media-age-verification-digital-id-bill

Idaho just became one of the few states to draw a line against mandatory digital identification. Governor Brad Little signed Senate Bill 1299 on April 1, 2026, and the new law does something genuinely unusual in American state politics right now: it pushes back against digital ID rather than pushing it forward.

We obtained a copy of the bill for you here.

The bill creates Section 67-2364 of the Idaho Code, prohibiting government entities from requiring “any person to obtain, maintain, present, or use digital identification.”

Approximately three-quarters of US states are currently offering or developing electronic driver’s licenses. The national momentum is clearly toward digital ID systems, with states like Arkansas, Texas, Georgia, and Utah all advancing their own versions in 2025 alone. Idaho is swimming against that current.

The bill, introduced by Senator Tammy Nichols, goes further than a simple opt-out. It prohibits public entities from denying, delaying, conditioning, or reducing “any service, benefit, license, employment, education, or access based on a person’s refusal or inability to use digital identification.”

That second clause, “or inability,” protects people who can’t use digital ID, not just those who won’t. Anyone without a smartphone, without reliable internet, without the technical literacy to navigate a digital wallet, keeps full access to government services. Physical, non-digital identification remains “valid for all governmental purposes” under the law.

The bill also addresses what happens when someone voluntarily shows a digital ID during a government interaction. A government entity cannot “require a person to surrender, unlock, or relinquish control of a personal electronic device for identity verification.” Handing your phone to a police officer or a clerk at the DMV is not the same as handing them a laminated card.

A phone contains your messages, your photos, your browsing history, and your location data. Presenting a digital ID “shall not constitute consent to search or access any other contents of a device.”

That’s a Fourth Amendment protection written directly into a state statute.

Government agencies are also barred from using digital ID as a surveillance tool. The law prohibits agencies from tracking individuals, retaining identity data beyond a single transaction, or using digital identification “as a universal or shared credential across agencies.”

That last restriction is particularly significant. It blocks the creation of a de facto digital identity system where a single credential follows you from the tax office to the library to the health department, linking every interaction into a unified government profile.

The bill didn’t survive the legislative process unscathed. A Senate amendment removed the original provision stating that “information incidentally observed on a device shall not be used to establish probable cause or justification for further search or seizure.” That was a strong protection against the kind of casual surveillance that happens when a government employee glances at your phone screen while checking your ID. Its removal is a real loss.

The amendment also weakened enforcement. The original bill provided statutory damages of $500 to $2,500 and civil penalties up to $5,000 against government entities that violated the law. The amended version strips those out.

Enforcement now rests with the attorney general, who must give a public entity 15 days’ written notice to fix a violation before taking any action. Citizens can still seek declaratory or injunctive relief, and prevailing plaintiffs get attorney’s fees, but the direct financial penalties that would have made agencies think twice are gone.

The amendment also added a provision stating that “no public employee shall be personally liable for actions taken within the employee’s scope of employment,” which removes individual accountability almost entirely.

Across the country, lawmakers are introducing “child safety,” “age-verification,” and “digital modernization” bills that expand digital-identity systems.

Idaho’s own legislature considered HB 542 this same session, a bill that would have compelled platforms to continuously track, estimate, and verify the identities of all users, including minors. The fact that both bills moved through the same legislature in the same session tells you something about the competing pressures these lawmakers face.

The broader context is hard to ignore. Digital ID systems are convenient, and convenience is how surveillance expands.

You start with a voluntary app, then agencies quietly stop supporting the physical alternative, then you can’t renew your vehicle registration or pick up a prescription without pulling out your phone and authenticating through a system that logs when you were there, what you needed, and which device you used. Idaho’s law is designed to prevent exactly that slow erosion. Whether the weakened enforcement provisions give it enough teeth to actually do so is another question.

[…]

Via https://reclaimthenet.org/idaho-bans-mandatory-digital-id-with-new-privacy-law