en
Back to the list

Age verification is the surveillance nobody voted for

source-logo  coindesk.com 1 h
image

On June 29, two of the most consequential internet bills in the democratic world moved at once. In Washington, the House passed the Kids Internet and Digital Safety Act, a package built around a revised Kids Online Safety Act, by 267 to 117. In Brussels, negotiators sat down for what was billed as the final trilogue on Chat Control 2.0, the EU's long-running child-protection regulation. Both had spent months under fire. Both, notably, retreated.

The US bill's authors dropped KOSA's controversial “duty of care,” the standard critics warned would turn platforms into speech police. EU negotiators dropped the mandatory client-side scanning of private messages, the provision that would have broken encryption for everyone. Civil liberties groups are, rightly, claiming partial victories.

But look at what survived in both. Age verification. Quietly, on both sides of the Atlantic, the measure nobody is fighting over is the one that reshapes the internet for adults as much as for children.

Evin McMullen is co-founder and CEO of Billions Network, which builds privacy-preserving verifiable identity for humans and AI agents.

Underneath the whole debate sits a false choice that some of technology's most powerful figures have spent years normalizing: that a safe, functioning digital society is something you buy with your privacy. Oracle's Larry Ellison has openly welcomed a future of constant AI surveillance in which, he says, "citizens will be on their best behavior." Bill Gates has become the most prominent champion of universal digital ID as essential modern infrastructure — a privacy-by-design promise that critics note keeps hardening, in practice, into the very surveillance it was meant to avoid. Both, in their way, treat identification as the price of admission to modern life. It isn't.

Here is the problem the child-safety framing obscures. To confirm that a user is old enough, a platform has to check the age, and usually the identity, of everyone who arrives, including the adults. As the Electronic Frontier Foundation put it this month, that turns anonymous browsing into identified browsing, and it manufactures exactly what a privacy regime is supposed to prevent: large, centralized pools of sensitive identity data, sitting on servers, waiting to be breached, subpoenaed or sold. And for most of the platforms compelled to collect it, that trove is not an asset but a liability: a crushing new obligation to secure information their businesses were never built to hold, with a risk surface that grows every time another user logs in.

Note: The views expressed in this column are those of the author and do not necessarily reflect those of CoinDesk, Inc. or its owners and affiliates.

coindesk.com