R Street Institute Concerns About the Kids Online Safety Act
The Kids Online Safety Act (KOSA) is being marked up in the Senate Commerce Committee this week. Despite bipartisan opposition from over 90 human rights, LGBTQ+ and free-market groups, and a failure by the sponsors to address the legitimate concerns raised about the bill’s unintended consequences, it is widely expected to pass the committee. While the legislation is undoubtedly well-intentioned and directed at protecting children online, the result of passage would be devastating for children and free expression online.
1. KOSA would result in the collection of more sensitive data on children (and adults)
KOSA applies to any website—from a small knitting hobby forum to LinkedIn—that “is used, or is reasonably likely to be used, by a minor.” This is a de facto regulation on the entire internet, since it is impossible to say that any given website will never be used by children. KOSA requires that these websites treat individuals “that the covered platform knows or reasonably should know” are minors differently. While the legislation stops short of explicitly mandating age verification, the knowledge standard and duty of care present in the legislation leaves platforms with no other choice. The only way to comply with the law is for platforms to figure out the ages of all their users through age-verification technologies.
As R Street’s series on the problems of government age-verification mandates makes clear, this will lead to manifest issues. The most accurate methods of age verification include face scanning and other biometrics, along with government ID collection and verification. Regardless of the method used, the result will be forcing consumers to give up sensitive personal information as a precondition to accessing websites. Giving this information over to platforms creates massive opportunities for breaches and attractive targets for hackers, all while discouraging good cybersecurity practices. As we’ve seen from both government and private sector data breaches, trusting that such data will be safe is foolish—especially in the absence of a national data privacy and security law. Instead of passing legislation aimed at only protecting children, we should pass a comprehensive law that protects all Americans while avoiding the traps of age verification created by kids-specific legislation.
2. KOSA violates the First Amendment rights of children (and adults)
While we support parental control tools that allow parents to create appropriate experiences for their children online, government mandates that restrict minors’ access to online avenues for free speech violate their First Amendment rights. In the 1969 case of Tinker v. Des Moines, the Supreme Court ruled that students do not “shed their constitutional rights to freedom of speech or expression at the schoolhouse gate.” Similarly, minors do not shed their constitutional rights at the keyboard or website age-gate.
KOSA also includes a requirement that parents receive notice and give their consent the first time their child accesses any covered site, a requirement that is problematic in several regards. In Brown v. Entertainment Merchants Assn., the Supreme Court made it clear that minors have First Amendment rights to access non-obscene content and speech, and thus conditioning access to general-use sites like social media platforms on parental consent is likely unconstitutional. On a more practical level, parental consent is difficult for websites to enforce with any degree of accuracy. Short of asking the parents to provide documented identification (an option which is likely to be very unpopular), it is impossible for online platforms to truly know whether it is a parent or guardian providing the consent. Moreover, such requirements fail to account for non-standard family situations where minors may have multiple, non-traditional or just neglectful guardians, potentially barring vulnerable youth most in need of help and resources from accessing either.
But not only does KOSA violate the constitutional rights of children, it also violates the constitutional rights of adults. If websites are required to know who on their platform are and are not children, they will have to verify the identity and age of every user. Courts have found that government restrictions on access to legal speech is a violation of the First Amendment. A law that functionally requires age verification also threatens Americans’ First Amendment right to anonymity. Various levels of court precedent have upheld the rights of Americans to speak freely and anonymously online. But tying one’s full identity to accounts which they wish to remain anonymous will undoubtedly have a serious and potentially unconstitutional chilling effect. Once users are required to verify their age and identity, they are much less likely to engage in speech that is critical of powerful institutions like the government. This is the very situation that the First Amendment was intended to prevent.
3. KOSA’s legal mandates are unenforceable
For this vast majority of online platforms, KOSA creates a “duty of care” that obligates them to act “in the best interest” of minors, requiring them to “prevent and mitigate” a variety of potentially harmful categories of content. While this sounds good in theory, these categories are so vague and subjective as to be effectively unenforceable, and include content that might contribute to various mental health disorders, “patterns of use that… encourage addiction-like behavior,” and online harassment and bullying. A legal duty of care may be reasonable when addressed to content and behaviors that are clearly defined, such as Child Sexual Abuse Material. But when applied to subjective content, it becomes incredibly difficult for any given website to know whether they are in compliance.
The kinds of content and interactions online that could be considered bad for a child’s mental well-being are frequently context-specific and also vary by individual. Moreover, the algorithms that allow large platforms to moderate content at scale are not equipped to handle the level of nuance between, for example, content that may encourage eating disorders and self-help content designed to help people with said disorders. Thus, this duty of care effectively forces platforms to either censor a massive amount of content to ensure compliance, or to simply ban all minors (defined as anyone under the age of 17) from their platform.
4. KOSA would limit the ability for children to access and benefit from the internet
Further, KOSA requires platforms to “limit the ability of other individuals to communicate with the minor.” But as one of us has written, this is how her career started. As a teenager, elected officials would add her as a friend on Facebook and that was one method by which she networked and acquired opportunities in politics. From forums like AllTrails that help users learn about hiking trail conditions and safety to disease forums where users can learn more about how to live with their ailments, the internet is full of useful content for all ages. And not everyone wants their government IDs and face scans connected to content about their health information or other kinds of support content.
While we applaud the desire of Congress to protect children, KOSA would have exactly the opposite effect. Instead of limiting the collection of sensitive data on children, it would mandate it. Instead of protecting our First Amendment rights, it would violate them. Instead of rushing forward with this misguided effort, let’s protect children—and all Americans—by passing a national data privacy and protection law. We deserve no less.