by Suzanne Burdick, Ph.D.

Forty state attorneys general (AGs) last week urged federal lawmakers to pass a bill that could ultimately require people to digitally verify their identity to access the internet, according to privacy and free speech watchdog group Reclaim The Net.

In a Feb. 10 letter, the AGs backed the U.S. Senate version of the Kids Online Safety Act. They did not support the U.S. House of Representatives version, which differs in key ways.

If passed, the Senate bill would require government officials and agencies to figure out how computers, cellphones and operating systems could verify people’s age. The bill states:

“The Secretary of Commerce, in coordination with the Federal Communications Commission and the Federal Trade Commission, shall conduct a study evaluating the most technologically feasible methods and options for developing systems to verify age at the device or operating system level.”

The federal officials and agencies would be required to submit a report of their findings to Congress within a year.

Designing cellphones and computer operating systems to verify a user’s age would bring the U.S. another step closer to cementing a digital ID system, Reclaim The Net reported. In an article titled “40 State Attorneys General Want To Tie Online Access to ID,” it wrote:

“Device-level verification would likely depend on digital identity checks tied to government-issued identification, third-party age verification vendors, or persistent account authentication systems. …

“… Once age checks are embedded at the operating system level, the boundary between verifying age and verifying identity becomes difficult to maintain.”

Greg Glaser, a digital privacy expert and attorney, agreed. “By embedding identity checks into apps, hardware, or operating systems, the bill would create a de facto digital ID checkpoint for broad internet use,” he said.

Reclaim The Net also criticized using age verification technology at the operating system level because “users could be required to submit identifying information before accessing broad categories of lawful online speech.”

A Reclaim The Net spokesperson told The Defender:

“People need to understand that anonymous access to lawful speech is itself a First Amendment value. Systems that require ID checks or continuous age monitoring burden that right and risk chilling lawful expression.”

‘A digital ID system cannot be the solution’

The AGs couched their support for the Senate bill in what they described as “the serious and growing threats that social media platforms pose to minors.”

Miriam Eckenfels, director of Children’s Health Defense’s (CHD) Electromagnetic Radiation (EMR) & Wireless Program, agreed that children need protection. Many online platforms, especially social media companies, are operating “addictive, predatory systems that harm children beyond measure,” she said.

“However, a digital ID system cannot be the solution,” Eckenfels said. “We need to act swiftly, but have to make sure that any action does not come at the cost of our children’s privacy.”

Glaser agreed. “We can protect children through strong data privacy laws, not by turning the internet into a gated, identity-tracked checkpoint,” he said.

The AGs said they favored the Senate bill over the House version because it required covered platforms to actively reduce harm to minors under a federally enforceable “Duty of Care.”

Covered platforms include any online platform, video game, messaging app or video streaming service used by minors, according to the bill.

According to Reclaim The Net, a “Duty of Care” framework would require government regulators to evaluate platforms’ content moderation systems, recommendation algorithms and safety controls.

Glaser warned that enforcing this standard would require platforms to track users’ identities.

“You cannot gatekeep content for minors without tying online access to a verifiable identity credential, such as a government-issued ID, biometric scan, or third-party authentication,” he said.

Additionally, the AGs said they preferred the Senate bill because the House version used language favoring federal, rather than state, action. That could interfere with states’ ability to “address evolving online harms in the future,” they wrote.

The House version did not include a government study on how to embed age verification into operating systems. However, the AGs did not highlight this difference as a reason for their support of the Senate bill.

Age verification mandates linked to data breaches, censorship

The Electronic Frontier Foundation (EFF), a “nonprofit defending digital privacy, free speech, and innovation,” reported on Feb. 12 that it has been “raising the alarm about age verification mandates for years.”

It recently criticized the online platform Discord for announcing it would roll out mandatory age verification. The move came after a 2025 data breach when attackers hacked Discord’s third-party support system, exposing about 70,000 users’ government IDs, selfies and other sensitive information.

Teens and children widely use Discord.

The company no longer uses the same age verification system, EFF wrote. “But it doesn’t eliminate the underlying potential for data breaches and other harms.”

Data breaches aren’t the only concern with age verification mandates. Censorship is a key concern, Glaser said. He called the Senate bill’s description of harm to minors “dangerously vague.”

It invites government overreach to “censor protected speech for adults under the guise of child safety,” he said. “We do not have to sacrifice adult privacy to protect children. Companies already have tools like robust parental controls and content filters.”

The Reclaim The Net spokesperson said, “You cannot solve child safety by imposing broad identity mandates or by regulating editorial choices that are protected speech.”

Instead of legislating age verification mandates, lawmakers can strengthen enforcement of existing child protection laws and support parental controls, the spokesperson said.

“Lawmakers should be empowering parents to deal with this issue, rather than giving the state parental duties,” the spokesperson added.

Age verification in devices could lead to offline surveillance, too

W. Scott McCollough, lead litigator for CHD’s EMR & Wireless cases, said age verification built directly into a device’s operating system raises even bigger concerns than the systems used by platforms like Discord.

If age verification is baked into a computer’s or cellphone’s operating system, the device would likely track the user’s ID even during offline tasks, such as creating a Word document, he said.

Plus, age verification at the operating system level fails to prevent children from accessing harmful content if they use a device that their parent logged in to, McCollough said. The device’s operating system “will think it is the parent” and allow the child to access questionable material, he explained.

The only solution would be to modify the operating system to automatically lock out users when they walk away and force them to log in again upon return, McCollough said.

The Defender reached out to EFF for comment but did not receive a response by the deadline.

Related articles in The Defender

• Gaming Platform Used by Nearly 36 Million Kids Rolls Out Mandatory Facial Recognition

• Regulators Must Tell Public That Digital IDs Will Be Voluntary and Optional, Children’s Health Defense Says

• ‘Authoritarian Nightmare?’: Using AI Facial Recognition Technology to Verify Kids Ages

• Critics Sound Alarm as FTC Weighs Gaming Industry Proposal to Verify Parental Consent Using Facial Age-Verification Technology