Imagine that we have two groups of tech policy experts—though both groups have humanities degrees, not technical degrees. One group claims that privacy-conscious age verification is not possible. Another group claims that privacy-conscious age verification is feasible with modern technology. That begs the question: what would an engineer think?
When evaluating the privacy concerns of age verification, the specific requirements of an age verification bill matter just as much, if not more, than the current state of age verification technology.
“Design an age verification system.” If you’re an engineer interviewing for a job at a tech company, that sounds like a question you may get in the infamous system design interview. Whether you’re designing an age verification system or designing an age verification law, there’s one cardinal mistake you should not make: jumping straight to a solution.
For example, advocates of the App Store Accountability Act claim that since Apple and Google already collect age information, users would not have to provide more data to Apple and Google if app stores were responsible for age verification. That’s patently false.
Yes, Apple and Google already collect age information, but what they collect is an attested age. You did provide your age to Google when you created a Google Account, but Google never verified that age. You can lie to Google, just like you can lie to any other website.
The App Store Accountability Act, however, requires a verified age (not an attested age). If Apple and Google need a verified age, they need more personal information from you.
To quote the literal book on system design interviews, “Slow down. Think deeply and ask questions to clarify requirements and assumptions. This is extremely important.” Had you done so, you may have realized that age verification requires a verified age, but that Apple and Google often only possess an attested age.
The first phase of a system design interview is to establish the requirements. And when tech policy experts (with humanities degrees) design age verification bills, they often also establish requirements. But they often miss important details that engineers would notice.
Consider two age verification bills with very different requirements. The first bill only requires that we verify if a person is 18 or older; kids under 18 cannot visit porn sites.
The second bill, the App Store Accountability Act, requires that we verify if a person is 12-, 13-15, 16-17, or 18+. For kids under 18, it also requires parental consent—which requires verifying a parental relationship. And it forces app stores to share age data with millions of app developers. It also age-gates every app, including Bible apps.
The first bill has almost no privacy concerns for kids. If someone doesn’t verify their age, we assume they’re under 18. Thus, kids have no incentive to verify their age with their real information; they’d still be under 18.
With the App Store Accountability Act, however, the story doesn’t end there if the kid is under 18. We still need to know whether they’re 12-, 13-15, or 16-17. We also need to verify who their parent is. This approach requires a lot of personal information from kids.
But, experts say, uploading an ID isn’t the only way to verify an age in 2025. Fair enough. Let’s consider facial age estimation, which is fairly privacy-conscious. It collects an image or a short video of your face, but it immediately deletes this data after your age is verified.
Facial age estimation is only accurate within a couple of years, though. If you’re 21 or older, it can be reliably used to verify that you’re 18 or older. It can’t be reliably used if you need granular age categories for kids, such as 13-15 and 16-17.
And how do we even go about verifying a parental relationship? Even if the kid and the adult both willingly submit an ID, how do we verify that the adult is actually the kid’s parent—especially in more complex custody arrangements? This problem was one reason why courts blocked age verification laws in Arkansas and Mississippi. Asking tech companies to navigate custody laws is way more complex than asking them to verify an age.
Keep in mind, you need to jump through these hoops if you want to download a Bible app, the Google Docs app, or any app. It doesn’t just apply to social media apps.
And what about the privacy and security implications of making app stores share age data with millions of app developers? I can offer a longer explanation of why that’s a bad idea, but for a short op-ed, I’m just going to bury my face in my palm.
If you want to be the expert who criticizes the privacy snafus of Big Tech companies, that’s easy enough. If you want to build legislation to hold Big Tech accountable, though, privacy becomes your responsibility.
Mike Wacker is a software engineer and technologist who has previously served as a tech fellow in Congress. Follow him on X.com at @m_wacker.
The views and opinions expressed in this commentary are those of the author and do not reflect the official position of the Daily Caller News Foundation.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.
