Cases in point:

1. Only Colorado bill SB26-051 has exemptions for intra-business apps if being used by employees of the business.

1. Louisiana bill HB977 requires the 'providers' of covered application stores to collect age data, connect minor to parent accounts, and send various notifications from upstream projects to users and their parents. Colorado and Illinois bill HB5511 place the requirements on the 'providers' of operating systems, instead. (Hello, #Debian Developers! You both 'control' a 'covered application store' per LA and 'develop' the operating system software on 'computers' and 'devices' per IL/CO.)

1. Louisiana explicitly requires that store providers maintain information about parent accounts in the accounts database. Colorado and Illinois do not.

1. Only New York bill 2025-S8102 rules out just asking the user for xyr age and trusting it ('user self-reporting of age').

1. Only Colorado has data exemptions for H.E. institutions.

#AgeVerification #USLaw #Unix

@raymierussell

It's actually quite difficult to fix the laws, with the right legalese, so that they don't overreach like this beyond what clearly the people who wrote them wanted to target.

I've thought through several possibilities.

It's difficult to make exceptions based upon age. Write an exception for operating systems first published before 1999, for example, and that lets the current Microsoft Windows, and its Microsoft Store, off the hook. Windows NT 3.1 was published in 1993.

Write an exception based upon operating system last update date, akin to the exception based upon application last update dates that's already there, and you catch out everyone who has (say) patched a ROM in an emulator.

https://mastodonapp.uk/@JdeBP/116268137012358487

@morgant @ShadowInTheVoid
#USLaw #retrocomputing #AgeVerification

@raymierussell
[…Continued]

One can tell from the fact that in v1.0 these were 'App Store Accountability Acts' and from the several published legislative histories, that the Microsoft/Google/Apple App Store systems were the targets. However, as written the legislation covers any operating system on any general purpose computer that 'downloads' applications from an 'application store'.

By my reading, loading things from cassette tape onto a Speccy (or other such) won't meet the definition of 'covered application store' by dint of it not being publicly available.

Closed source ROM from the 1980s might meet the 'available technology' exemption bar; but only 2 of 5 states have that.

Fast forward a few years to BBSes, FTP, Usenet binaries, & BitTorrent; and the definition will encompass you. As it does the BSDs and Linux-based operating systems with ports/packages systems.

https://mastodonapp.uk/@JdeBP/116156019252249071

@morgant @ShadowInTheVoid

#USLaw #AgeVerification #ZXSpectrum #retrocomputing #Unix

@raymierussell

You are.

I've been following this since #MidnightBSD drew it to everyone's attention, and have directly read the bills in the 4 state legislatures that I know of, done my own analyses and compared with the analyses of others.

The problem is that legislators use fairly uncontroversial definitions that won't surprise software people of 'operating system', 'application', and 'developer'; define a really broad concept of a 'covered application store'; and place onuses on operating system makers and application developers, the latter being required to have their apps ask about age, and the former being required to have their operating system provide an API for answering the questions.

https://mastodonapp.uk/@JdeBP/116268403720368221

[Continued…]
@morgant @ShadowInTheVoid

#USLaw #AgeVerification #ZXSpectrum #retrocomputing

@mos_8502 @raymierussell

No, they're not. Because this is version 2.0, purportedly done after learning the lessons from version 1.0 already having been overturned in court. From what I've seen so far, although I've not cross checked the bills against the injunction in detail myself, the things that the court had trouble with have been changed.

https://mastodonapp.uk/@JdeBP/116276973395390733

#USLaw #AgeVerification

@mgorny

Actually, even that's not deep enough.

There are a couple of FediVerse people who have been talking to legislators about the forthcoming #ColoradoLaw to try to get it to not lump #Unix & clones in with the smart 'phone app stores that legislators (as can be seen from the Bill summaries and the California legislative record) thought that they were targetting.

The larger context is that this is version 2.0 legislation, currently pending in 4 states of the U.S.A., after the version 1.0 legislation in Utah, Texas, & Louisiana was blocked by the federal court for the Western District of Texas in January 2026 for being unconstitutional. Louisiana's Bill makes it explicit that it is repealing and replacing the prior Act.

So a version that doesn't lump Unix & clones in with the Microsoft/Google/Apple App Stores that 'App Store Accountability' nominally targets might be version 3.0.

https://mastodonapp.uk/@JdeBP/116268403720368221

https://www.mofo.com/resources/insights/251111-texas-targets-app-stores-with-new-accountability-law

@carlrichell
#AgeVerification #systemd #USLaw

@wwahammy @soller

I gave this some thought at the start of March. There are a number of blind alleys.

The Microsoft Store is obviously a direct target here, but Microsoft Windows is a multi-user operating system; so the operating system having multiple local user accounts is not a way to structure an exemption.

The likes of Debian, Ubuntu, RedHat, FreeBSD, et al. use accountless access to repositories, whereas one has to use a Google Account with Google Play and a Microsoft Account with the Microsoft Store. But F-Droid is seemingly accountless too so that sort of exemption would let it off the hook.

Maybe one could get somewhere with tweaking the definition of a 'covered user' to make it specific to operating systems where Microsoft/Google/AppleID/whatever accounts functionally *are* the operating system user accounts.

Several ways still to draft that badly, though.

@neal @feonixrift @dalias @artemis
#ColoradoLaw #AgeVerification #USLaw

@wwahammy

Without a doubt if people are now paying attention and lobbying. The immediate problem is the chance that @soller mentioned of them happening before the provisions of the #California Act take effect on 2027-01-01. It's slim to none.

The slightly further away problem is finding how to express the difference in legal terms. It's actually quite hard to come up with something that doesn't as a side-effect let #FDroid off the hook. They'll want to keep F-Droid in the 'covered' camp, because it's exactly the sort of smart 'phone thing that they *thought* that they were covering, so the law cannot just exempt a 'store' solely on the grounds that it distributes #FreeSoftware.

Colorado came up with an addition to the common base text that grants exemptions for intra-business use. But that's an exemption for developers, not for operating system makers, based upon application purpose; so isn't much use to follow.

@neal @feonixrift @dalias @artemis
#USLaw #ColoradoLaw

@dalias

Actually, it doesn't.

But the legislative record does. The California legislature has detailed accounts of what was brought up, pro and con, in committee.

It shows that the only 'free' things that the objectors thought about, the only things recorded as formal objections by concerned parties, were gratis applications on Microsoft/Google/Apple App Stores, and a supposed effect on their development costs.

No-one mentioned the #Unix model of user accounts or the BSD/Linux-based/Illumos-based operating system models of application packaging.

That said, it really was up to someone like IBM to spot this and lobby at the very least for #RedHat and RPMs to be taken into consideration in the definitions of 'covered application store' and whatnot.

@soller @neal @feonixrift @wwahammy @artemis
#CaliforniaLaw #USLaw #AgeVerification