Few groups garner more attention today than children online. For education, entertainment, and so much more, children鈥檚 access to the Internet is more important than ever before. To that end, the Federal Communications Commission, along with other government agencies, spends billions of dollars annually to ensure that every American classroom, and nearly every American home, has Internet access.
At the same time, legitimate concerns have emerged concerning the effects of prolonged technology use by children. As a result, nearly every Congress sees bills introduced鈥攗ndoubtedly with good intentions鈥攖o protect children from harms that may befall them online.
Government has proven itself more than capable of spending money to promote access to the Internet. Sadly, it鈥檚 less adept at crafting legislation to protect children from online excesses. This Congress is no exception.
Consider the Kids Online Safety Act, or 鈥淜OSA,鈥� that Congress introduced earlier this year. Who could be against kids鈥� online safety?
No one, of course. But this bill wouldn鈥檛 protect kids online. Instead, it would kill the Internet as we know it. And in the process, it would irreparably damage the lives of the 70-plus million American children who today learn, grow, and stay connected online.
Here鈥檚 how.
KOSA contains a large number of legal obligations and corresponding legal risks. The bill may have only been intended to apply to companies like Facebook, YouTube and other social media platforms that have drawn legislators鈥� ire. Political messaging about the bill certainly indicates this, with repeat callouts of 鈥淏ig Tech鈥� and 鈥渟ocial media鈥� in blog posts and the like.
But KOSA doesn鈥檛 only concern itself with social media. Instead, its rules and risks apply to 鈥渃overed platforms,鈥� which the bill鈥檚 publicly-available draft language defines as any 鈥渃ommercial software application[s] or electronic service[s] that connect[] to the internet and that [are] used, or [are] reasonably likely to be used, by a minor.鈥�
This language is so extraordinarily sweeping that the definition of 鈥渃overed platform,鈥� and consequently all of KOSA鈥檚 obligations, would easily put at risk nearly every website, app, and device that accesses the Internet. Again, while this may not have been the authors鈥� intent, it is likely how the bill would be interpreted by at least some state attorneys general, all of whom would have the authority to enforce KOSA if enacted.
Let鈥檚 go one step further and consider just one of KOSA鈥檚 myriad obligations. Section 5 of the draft language currently requires 鈥減arental notification鈥� prior to any time a 鈥渕inor, or an individual that a covered platform reasonably believes is a minor鈥� 鈥渞egister[s], use[s], or purchase[s] a covered platform.鈥� That parental notification must include, among other things, access to myriad parental control tools required by the bill, as well as explicit details regarding how the entity will safeguard children鈥檚 online data. Only once the parent of the child explicitly acknowledges that they鈥檝e received this notification can the child begin to use the website, app, or other entity that is considered to be a 鈥渃overed service.鈥�
Such a dance of the seven veils would be truly staggering in practice. Prior to a child registering, or even using, virtually any website, app, or online device, a parent would have to be notified and acknowledge receipt of that notification. Conceivably, every time a child opened Instagram on an iPhone, connected to Zoom classes online, or visited literally any website on the World Wide Web, a parent would need to be notified and affirmatively acknowledge that notification. Indeed, the bill鈥檚 draft language mandates that these notifications would be required not just when a minor encounters a new 鈥渃overed platform,鈥� but also each and every time that covered platform is actually used. Parents of teenagers would be inundated with hundreds, perhaps even thousands, of notifications per day that, by law, they would have to acknowledge receiving before their child could continue using the Internet.
Websites鈥� compliance with KOSA would be impossible too. Most websites do not know the age of their visitors, much less how to contact a visitor鈥檚 parents, nor should they. But under KOSA, websites, as 鈥渃overed platforms鈥� would by necessity be forced to identify users by age and identify their parents. A website might implement an entry portal requiring every visitor to confirm their age and how to notify parents. But would this be enough to satisfy KOSA? Who would be at fault if the user clicked the wrong box, either accidentally or on purpose? As for potential verification methods鈥攆or obvious reasons, surely there is no centralized database of minors that a website can cross-reference to determine whether a particular user is indeed a minor, and to then obtain parental contact information.
Websites would ultimately be faced with an impossible choice: (a) likely violate privacy laws and maintain information about minors鈥� association with their parents, or (b) violate KOSA and not send the required parental notifications.
But that鈥檚 not all. In the name of protecting children online, KOSA would open the business-sensitive algorithms of every website to review by third parties. If such public disclosures were required, copyrights, trade secrets, and the very foundations of intellectual property would be eroded and undermined.
A generation ago, Congress passed the Communications Decency Act. It too was designed to protect children from online harms. Among its provisions was Section 230, which provided websites safe harbor from certain legal liabilities regarding user-generated content in exchange for provisions to protect children.
Section 230 was carefully contemplated and crafted. But it failed to protect children because neither courts nor the executive branch were particularly interested in the child protection provisions of its text. While the safe harbor provisions of Section 230 have been widely hailed as the most important law protecting the Internet鈥攁nd rightly so鈥攏o meaningful mechanisms to protect children have been required, despite Section 230鈥檚 clear textual commandment to do just that.
In contrast to Section 230, KOSA is poorly worded, poorly contemplated, and would do little to protect children if enacted. Only one thing is certain: its enactment would spell doom for the Internet. KOSA鈥檚 provisions are impossible to implement, as compliance would require herculean efforts by websites large and small, invading the privacy of minors and their families, and undermining the very foundations of intellectual property law and entire business models as we know them today. And given KOSA is an American law, American businesses would be most affected by its edicts. By necessity, American businesses, and much of the Internet as we know it today, would likely move offshore in response to its enactment.
There鈥檚 a famous proverb: the road to oblivion is paved with good intentions. While KOSA鈥檚 advocates no doubt have children鈥檚 best interests at heart, the actual bill, as it exists today, would ultimately spell doom for the Internet as we know it.
Read in