Sign in Subscribe

HB 1834 (age verification / "child safety"): mail for the House floor vote

The Appropriations committee advanced HB 1834 without addressing any of the issues I had brought up – or the issues that ACLU of Washington, WA People's Privacy, and other groups had brought up. Oh well. It quickly moved through Rules, placing it on the House Floor Calendar, meaning it could come to a vote at any time. I had heard that the AG's office was working on some amendments, but wasn't sure if they'd be floor amendments or they'd wait to introduce them in the Senate policy committee, so I decided to send mail to my Representatives that morning without waiting for the amendments to be posted. Once the amendments appeared, they didn't address my concerns, so I followed up that evening with additional mail to my Representative, and the next day emailed the House Democratic caucus.

February 12 morning email

The email had a PDF attachment; in this copy, I'm replacing it with a link.

Subject: HB 1834: please vote NO on the House floor (with an updated version of my Appropriations testimony)

Representative Walen and Representative Salahuddin,

I'm a constituent of yours in LD 48, and I strongly oppose HB 1834.  I'm also CCing Reps. Donaghy and Kloba, because we've worked together for so many years on privacy issues.

The attached is a deep dive into how the language in the third substitute (replacing the explicit requirement for age verification in Section 2(1)(b) and Section 3(2) with "the operator has reasonably determined that the user is not a minor") still in practice requires biometric scans and ID uploads for people to verify their age -- with all the associated privacy problem and harms to LGBTQ+ people and other marginalized communities.  

But this is only one of the many problems with the bill.  The letter that Gender Justice League sent highlights the long list of issues with this bill.

I realize that tech lobbyists are also against the bill.  To be honest, some of their arguments here actually do hold water -- "even a stopped clock" and all that.  But hopefully it's clear that I'm against it for completely different reasons than they are!

Later today I'm meeting with somebody from the AG's office on potential amendments, and if there's anything in the works that I think can salvage the bill I'll update you.  Realistically, though, there probably isn't isn't enough time to make all the necessary fixes in the short session.  As I said to Rep. Walen after discussions of HB 2112, even if nothing winds up passing this session, I think we've made a lot of progress. If we can continue to build on it over the interim, we have a good chance to pass a bill in 2027 that really will help kids and teens be safer online. 

Sincerely,

Jonathan Pincus
Bellevue

February 12 evening email

Subject: Re: HB 1834: please vote NO on the House floor (with an updated version of my Appropriations testimony)

From a quick look at Rep. Callan's amendments that were filed today, they have some improvements. Removing Section 3 on notifications (which included parental controls), for example, responds to one of the points in the Gender Justice League letter; and the 9th Circuit struck down similar language in California's SB 976, so it removes one of the constitutional issues about the bill. I certainly appreciate the effort that's being made here.

However, these amendments don't address the core problems with the bill. From a privacy perspective even though the amendments say that the bill shouldn't be interpreted as requiring showing a government ID or a biometric identitifier, there's still a requirement to "reasonably determine" age. And any solution out there to "reasonably determine" age is going to require government IDs and biometrics, at least for appeals. Yes, there are some options that claim to analyze behavior and estimate age ... but they're even less accurate than estimating age from selfies – and as the report on the Australian Age Assurance Technology Trial (AATT) I linked in to my testimony highlights, the error rate is highest for 16-20 year olds.

So even making the (highly unlikely, in my opinion) assumption that a company's lawyers say "oh that's fine, we know it's I'm sure the courts will agree that's reasonable, let's just accept the risk of liability here" and decide to ignore the AATT's recommendation that they use "fallback methods" (i.e. biometrics and governemnt IDs) in this age range, there's still the 20% (or whatever) of people the age estimation misclassifies. They're going to appeal, which means they have to send in their government ID.

Again, I really do appreciate the efforts that are being made here. There have been constructive discussions and I still very much think that there's a great opportunity to work together in the interim. And at the meeting with the AGO there was also general agreement of the importance of strong comprehensive privacy legislation, so that too is another great opportunity for the interim.

I realize that none of that helps with the political problem of pressure to do something this session, and so if HB 1834 winds up passing the House and we have to invest more time and energy in attempts to try to improve it in the Senate before time eventually runs out (or SB 5708, which passed the Senate last year, moves forward and we have to invest more time and energy to improve it in the House before time eventually runs out) ... oh well, such is life, I'll continue to engage. But I really think we'd all be a lot better off investing our time and energy during the session on other bills.=

So, please vote NO on HB 1834 if it comes to the floor, and please encourage your colleagues to do the same.

jon

February 13 House Democratic Caucus email

Subject: HB 1834 and unintended consequences

Dear Speaker Jinkins, Majority Leader Fitzgibbon, and Members of the Washington State House Democratic Caucus,

First of all, thank you for all your work on the huge number of important bills.  I can only imagine how exhausting (and sometimes frustrating) it is, but it's absolutely vital for all of us in Washington -- and greatly appreciated.  And in particular, thank you for your work on the various child online safety bills as well.  Even though I don't always agree with you on specific legislation, I do agree that there's a real problem here that needs to be addressed.  Big tech companies exploit children (and adults too), and I know that you're coming at it with good intentions and trying to do something about it.

Unfortunately, HB 1834, is a classic example of how even well-intentioned bills can have unintended consequences that are harmful -- to everybody, and especially to people from marginalized groups. Gender Justice League's letter talking about the harms to LGBTQ+ communities is a great example of this. Of course, harming LGBTQ+ kids, teens, and adults isn't the intent of this bill, but impact > intent.  I appreciate Rep. Callan's MULV 626 removing Section 3 (notification); this might well address one of GJL's points by removing the parental consent requirements, but it seems to me that several of the other problems GJL discussed have not yet been addressed.  

The coalition letter from 90 civil rights and privacy organizations condemning ID-checking bills (citing effectiveness, censorship, and privacy concerns has several more examples of consequences that I'm sure you didn't intend but are none the less harmful.  Two excerpts

"ID checks endanger young people and other marginalized groups by collecting, storing, and managing incredibly sensitive information in ways prone to security breaches. From birth certificates, to drivers’ licenses, to facial and biometric data, requiring unique identification to access most websites could lead to a mountain of sensitive data routed through third-party age verification providers and massive databases. This kind of data is already regularly leaked as well as combed through by law enforcement without a warrant, leaving women, people of color, queer people, and kids particularly vulnerable to privacy violations and faulty identification...

When ID check bills do pass, they don’t make the Internet safer, just less usable. While kids and others seeking blocked content are pushed onto even less moderated sites, those websites that do adopt online ID checks see very few users actually complete them and high costs to maintain their systems. The ease with which we click on a news article, log onto social media, or access our favorite sites could be gone overnight, replaced with an obstacle course of data scraping. For vulnerable communities, a biometric scan or an ID upload can serve as a huge obstacle, especially for low-income, unhoused, and undocumented people who already have to navigate an increasingly digital world, with less access to tech tools."

While 3SHB 1834 removed the explicit requirement for "age assurance", the replacement language in Section 2(1)(b) ("the operator has reasonably determined that the user is not a minor") still in practice requires biometric data and ID checks.  

  • Age estimation systems today are unreliable, frequently misclassifying minors as adults and adults as minors.  Error rates are higher especially for users in the 16-20 age range, and higher for Black and Indigenous users.  When a user is misclassified, they will frequently appeal -- which in practice means submitting an image of a government ID.
  • Age estimation systems today that don't use biometrics are even more unreliable. Companies concerned about liability are likely to interpret "reasonable" as implying that they need to use best-in-class age estimation systems, which are somewhat less unreliable. But best-in-class age systems rely on biometrics and "fallback methods" (i.e., submitting an image of a government ID). 

My 2/2 email to the Appropriations committee, attached, goes into more detail about both of these points, including a chart based on data from the Australian Age Assurance Technology Trial illustrating just how unreliable (and racially based) today's best-in-class age estimation software is -- which is why vendors recommend using "fallback methods" for 16-20-year-olds.  

MULV 626 fails to address the core problems here.  Including nondiscrimination language, while useful, does not change the fact that the unintended consequences of the bill are inherently discriminatory.  And stating that nothing in the bill should be interpreted as requiring an operator to gather information or request a user to provide a government-issued identification or biometric identifier doesn't change the fact that companies will comply with the "reasonably determined" requirement is to use age estimation systems that rely on biometrics and government IDs.

So much as I appreciate all the effort that has gone into this bill, please take the unintended consequences into account.  I've asked my Representatives to vote no on HB 1834, and hope that all of you will as well. 

And given the time pressures of the short session, I would also strongly encourage you not to continue to invest time and energy in attempts to fix this bill.  Instead, let's work together in the interim -- with the AGO, other privacy and civil liberties advocates, and (most importantly) with youth and the communities who are most impacted by these unintended consequences -- to pass legislation that really does help keep kids and teens (and adults too) safer online.

Jon Pincus (The Nexus of Privacy), Bellevue