Massachusetts just voted to force every social media user in the state to prove their age to a tech company.

The bill passed the House 129-25 on Wednesday, banning children under 14 from social media entirely, requiring parental consent for 14- and 15-year-olds, and mandating that platforms build age verification systems to enforce all of it. If it becomes law, the policy takes effect on October 1.

We obtained a copy of the bill for you here.

House Speaker Ron Mariano and Ways and Means Chair Aaron Michlewitz framed the legislation as protection. “This ban would be among the most restrictive in the entire country, helping to protect young people from harmful content and addictive algorithms that have a proven negative impact on their mental health,” they said in a joint statement.

They also described the broader goal: “The simple reality is that Massachusetts must do more to ensure that our laws keep pace with modern challenges – especially when it comes to protecting our children, and to setting students up for success in the classroom and beyond.”

The bill doesn’t say how companies should verify ages. It leaves that to Attorney General Andrea Campbell, who would have until September 1 to write the implementing regulations.

That vagueness is deliberate, according to Michlewitz, who said it gives the AG flexibility in a changing industry.

But the practical reality of age verification is that someone has to prove who they are.

That means government IDs, facial scans, or behavioral tracking, and those requirements don’t just apply to kids. Every user on the platform has to go through the system, because you can’t filter minors without checking adults, too.

We already know how this plays out. When Discord rolled out age verification for UK and Australian users, a third-party vendor handling the ID checks was breached within months. Approximately 70,000 users had their government-ID photos exposed, according to Discord’s own disclosure. Hackers posted photos of people holding government ID cards to a Telegram channel, alongside names, email addresses, and partial financial data. Discord’s response to that breach was to announce global mandatory age verification.

Massachusetts lawmakers seem unbothered. “We know that there could be some potential legal challenges,” Michlewitz said. “We think it’s the right thing to do, we think we’re on solid ground.”

Asked directly whether data privacy came up during the drafting process, Mariano gave an answer that says a lot about how seriously the legislature weighed the surveillance costs: “Well, I’m sure we have, but the issue is that we’re doing it to protect kids, and a lot of it is aimed at an age group that we think is well worth the investment of time in getting the right ages and making sure that only kids who are maturing are involved in this.”

That response sidesteps the central problem. Age verification doesn’t only collect data about kids. It collects identity data from everyone, and that data has to go somewhere.

It gets stored by third-party vendors, processed by facial recognition algorithms, and retained for periods that companies define in their own privacy policies.

[…]

Via https://reclaimthenet.org/massachusetts-house-passes-social-media-age-verification-digital-id-bill