The Unenforceable Law That Could Break Everything
There’s a new California law making the rounds that’s got me equal parts bewildered and frustrated. Apparently, all operating systems—yes, including Linux—need to implement some form of age verification at account setup. When I first read about this, I had to put down my latte and re-read it three times because surely, surely, this couldn’t be real.
But it is. And the more I think about it, the more my blood pressure rises.
The stated intention is noble enough: protect children online. I’ve got a teenage daughter myself, and I absolutely understand the impulse to shield kids from the darker corners of the internet. But this? This is the legislative equivalent of trying to fix a leaky tap by demolishing the entire house.
Let’s start with the obvious: how exactly do they plan to enforce this? Someone in the discussion pointed out that they’d need to contact “the CEO of Linux,” which gave me a much-needed chuckle. For those who aren’t familiar, Linux isn’t a company—it’s an open-source operating system with countless distributions maintained by communities scattered across the globe. There’s no central authority. There’s no customer service desk. It’s like trying to regulate air.
The technical absurdity runs deeper. What about data centres spinning up thousands of virtual machines? What about IoT devices? Your smart fridge runs Linux. Your router probably runs Linux. Are we going to be age-verifying with our washing machines next? The whole thing reads like it was written by someone whose entire understanding of technology comes from a Microsoft PowerPoint presentation circa 2005.
But here’s where it gets genuinely concerning. One commenter noted that even if this law is completely unenforceable, that won’t stop them from trying. And they’re absolutely right. The War on Drugs is the perfect cautionary tale—decades of failure, billions wasted, countless lives destroyed, all in pursuit of an impossible goal. Laws don’t need to be effective to cause damage; they just need to exist.
The real worry isn’t that this will work as intended. It’s what happens while various authorities flail around trying to make it work. Will we see pressure on hardware manufacturers to implement locked bootloaders? Will there be attempts to force ISPs to block access to “non-compliant” systems? Someone in the discussion speculated about California companies being required to deny website access to unverified users, effectively creating a walled garden of approved operating systems.
That’s the nightmare scenario, isn’t it? A world where your ability to access basic services is contingent on using an operating system blessed by California lawmakers. Where privacy becomes a privilege rather than a right. Where the open internet—the truly open internet—becomes a memory.
What frustrates me most is the performative nature of it all. California has a habit of passing feel-good legislation that sounds wonderful in press releases but falls apart the moment you examine the implementation. This reeks of politicians who want to be seen “doing something” about online safety without understanding the first thing about how the technology actually works.
There are already tools for parents who want to control what their children access online. Parental controls exist at the device level, the router level, the ISP level. Setting up basic content filtering takes maybe half an hour if you’re willing to Google it. But that requires parents to take responsibility, and apparently it’s easier to mandate that the entire global technology ecosystem restructure itself instead.
The truly sinister angle emerged when someone mentioned that the FCC recently said companies can gather children’s data under the guise of age verification. So let me get this straight: we’re creating a system that requires everyone to prove their age, which necessarily means creating vast databases of identity information, all in the name of protecting children’s privacy? The irony would be hilarious if it weren’t so dystopian.
I keep coming back to something someone said in the discussion: “It doesn’t matter if it’s enforceable; it’s a law that you’re just breaking all the time, so they’ll have an excuse to throw you in jail whenever they want.” Unenforceable laws are dangerous precisely because they’re unenforceable. They create a situation where everyone is technically a criminal, allowing selective prosecution based on whatever criteria those in power deem appropriate.
Look, I’m not naive. I know the concern about children’s online safety is legitimate. Social media can be toxic. There’s content out there that kids absolutely shouldn’t be accessing. But this law isn’t about protecting children—it’s about creating surveillance infrastructure under the guise of protection. It’s about normalising the idea that anonymity is suspicious and that every interaction should be tracked and verified.
The open-source community will find workarounds, of course. Someone will create a patch. Someone will fork a distribution. The technically savvy will adapt. But that’s not the point. The point is that we’re slowly boiling the frog, normalising intrusive surveillance one “reasonable” law at a time.
What we need is better digital literacy education for both parents and children. We need to teach critical thinking skills. We need to fund actual support services for young people struggling with online harassment or addiction. What we don’t need is security theatre that accomplishes nothing except making politicians feel productive while undermining the foundational principles of open computing.
The frustrating part is watching this unfold and knowing that the people making these decisions have no idea what they’re actually legislating. They don’t understand the technology. They don’t understand the implications. They just know that “protecting children” polls well and that opposing such measures can be spun as supporting some vague boogeyman.
So here we are, watching California try to age-verify the entire concept of personal computing. It won’t work. It can’t work. But the damage they’ll cause trying might be irreparable. And that should worry everyone who values privacy, autonomy, and the open internet.
I suppose all we can do is keep pushing back, keep educating, and hope that sanity prevails before we wake up in a world where you need government permission to install Debian. But given the current trajectory, I’m not holding my breath.