d@nny disc@ mc² (@[email protected])

Attached: 1 image @[email protected] @[email protected] that is what the legislative digest says https://legiscan.com/CA/text/AB1043/2025 the text of the law contains provisions that directly pertain to attempts to obfuscate the information. the word "internal" is used in these cases, but not defined in the definitions section. given that the very first provision is the new requirement for an operating system provider to provide an interface recording age bracket, it's difficult to accept a framing that calls it a "privacy law". it certainly is a privacy law in some sense. but it is not a protection of the 4th amendment, and it encodes a workaround to the single claim from the legislative digest via the invocation of "internal". the fourth provision is what leads to the claim from the legislative digest: > This bill would prohibit an operating system provider or a covered application store from using data collected from a third party in an anticompetitive manner, as specified. (4)(A) starts off as if it would limit further information collection, but instead of concretely saying e.g. "the developer may not make additional requests outside of the specified age bracket", it refers to "the minimum amount of information necessary to comply with this title". my interpretation of this is that it is intended for litigation to set limits on the minimum, i.e. after being exploited, someone files suit against a tech corp in california court. in particular the clause "necessary to comply with" describes a *lower* bound, contrary to the upper bound of "may not make additional". this is more significant because of provisions 2 and 3, which induce an *obligation* upon the developer to collect more information: > A developer shall not willfully disregard internal clear and convincing information otherwise available to the developer [side note: i have been referring to "four provisions". this was a mistake on my part. the "first provision" refers to 1798.501 (a), limiting the os provider. "second and third" refers to 1798.501 (b), subsections (1), (2), (3), both of which introduce the undefined "internal" terminology. there appears to have been a typographical error in which (b) immediately jumps to (1); i do not know if this will be addressed in the california code. the "fourth provision" refers to 1798.501 (b) (4), which contains the two clauses that appear to limit transfer of private info but are made excessively narrow in nonobvious ways. i will refer to the correct indices from hereon] (a)(3) and (b)(4)(B) appear to limit the info the operating system and the developer may send, respectively. in particular, (b)(4)(B) appears to limit asking for info. but both of them do not concretely specify allowed requests, instead using this "necessary to comply" phrasing. and compliance includes not wilfully disregarding "internal info", as well as requiring the use of "internal" info that conflicts with the given. so we concretely have a law that requires os providers to expose this data, and which requires anyone requesting that data to cross-reference it against any other "internal" data. i'm not familiar with the standard of "wilful neglect" and a real lawyer could describe how corporate compliance understands that requirement. 1798.502 uses the term "update" without having defined it, and goes further with the plural noun "updates". this is very easy to define in terms of the covered application store but can otherwise be incredibly broad. the rationale for the jan 1 2026 date vs 2027 is unclear to me. 1798.503 does two things. the first has an incredibly significant single word "only": > which shall be assessed and recovered only in a civil action brought in the name of the people of the State of California by the Attorney General. which explicitly precludes a private right of action. so the state AG needs to file suit. this page on his website starts off pretty strong: https://oag.ca.gov/economic and it *does* very clearly link to the complaint line. but it gets extremely spotty regarding antitrust enforcement. and it's very important to consider that the law is describing the invasive telemetry as the thing that protects children. it seem unlikely the AG is going to file suit for providing *too much* age-related telemetry. in fact, what seems far more likely is that failing to sufficiently distinguish age bracket will be considered a failure of consumer protection. there is significant supreme court precedent for this resulting from title V of [the telecommunications act of 1996](https://en.wikipedia.org/wiki/Telecommunications_Act_of_1996), which was obfuscated under a different name and regulated obscenity on the internet. it was largely struck down in multiple cases, but was successful in exactly one instance: [the children's internet protection act (CIPA)](https://en.wikipedia.org/wiki/Children%27s_Internet_Protection_Act), which defined my school experience as a constant interaction with software filters: > The statute primarily requires those facilities to utilize software filters and similar technology on behalf of underage patrons, but to disable those filters per the request of an adult user. [side note: the [universal service fund](https://en.wikipedia.org/wiki/Universal_Service_Fund) was the funding source that CIPA would then successfully predicate upon incredibly invasive software filters, which an adult user would be allowed to request removal of. many libraries refused to comply. it is my belief the universal service fund is a money laundering program for us intelligence agencies, since it is not listed in the federal budget. this was recently heard by the supreme court in 2025: https://en.wikipedia.org/wiki/FCC_v._Consumers%27_Research as expected from this court, it ensured the plaintiff was a conservative group so it could set precedent for its preferred questions] 1798.503 (b) indemnifies the *os provider* if "good faith" is presented (this may be a term of art or have established precedent): > taking into consideration available technology and any reasonable technical limitations or outages, shall not be liable for an erroneous signal indicating a user’s age range an "outage" is a strange event to occur if it references the local db which is a file the user can edit. but there's another line: > or any conduct by a developer that receives a signal indicating a user’s age range. that clause reads to me as: "the os isn't liable for any conduct by a developer that receives any signal at any time"—whether or not the signal is erroneous. if we are concerned about the prospect of invasive telemetry being imposed against our will, this line removes any reason for the os to *not* provide as much invasive telemetry as possible about the user's age, since they would be indemnified from liability for any downstream misuse. 1798.504 (a) directly states that it has no bearing on antitrust. so the phrasing "anticompetitive" in the legislative digest is very difficult to understand. 1798.504 (b) repeats the same sleight of hand that feints towards an upper bound but defines the lower bound as "necessary to comply with this law", which means age bracket information. 1798.504 (c) uses the term "nondiscriminatory" specifically in the sense of competition law, which i just find to be incredibly obnoxious for a law that mediates user privacy. (1) gestures at self-preferencing, but i don't know if this is actionable. the antitrust lawyers i admire tend to repeatedly emphasize the need for bright-line rules, which this does not seem to be. (2) seems almost out of place here for being relatively good, except that what it achieves is to incentivize massive widespread data transfer by ensuring such information cannot be used e.g. by microsoft to crush a smaller competitor (linux). which is, in fact, extremely significant to the risk of this law if i understand correctly. 1798.504 (d) just mentions another law and i don't know if that legally implies anything. 1798.504 (e) is very nearly word for word the clause you will find in extremely exploitative contracts e.g. for employment, but especially for terms of service on a website. i don't know when california the state began to add those provisions to its laws, but it's a sign to me that it expects to be challenged in court and could lose the case—i don't really know how this clause is interpreted in state law as opposed to clickthrough contracts. 1798.504 (f) is very significant. it's important to understand that the telecommunications act of 1996 would establish a distinct regulatory regime for what we now know as "tech companies". there are many distinct cases and i am not a lawyer who can describe the ones most relevant here. instead i will refer to the wikipedia article on [net neutrality](https://en.wikipedia.org/wiki/Net_neutrality_in_the_United_States), which is a lengthy description of how the us government, through the judicial review process, chooses at every single point to diminish the power of regulatory authority in the executive branch, while reinterpreting the statutes of any laws set by congress in the same way. take in particular the very high-profile case case involving the EFF vs comcast on bittorrent surveillance https://en.wikipedia.org/wiki/Comcast_Corp._v._FCC, in which the court made an incredibly broad statement: > [the FCC] 'has failed to tie its assertion' of regulatory authority to an actual law enacted by Congress" This is a shot across the bow to the entire process of regulatory authority. Wikipedia *really does not like regulatory agencies*—but [rulemaking](https://en.wikipedia.org/wiki/Rulemaking) has a vague description of how regulatory agencies are supposed to define the law. 1798.504 (f) (1) is I believe somewhat well-scoped—or was, until the satellite internet shit started. A lawyer can say more. The point is no restrictions or regulations apply to corps who provide internet hardware. This includes regulations against federal government overreach like NSA surveillance. 1798.504 (f) (2) is I believe the one that can mean almost anything at this point, despite being indistinguishable in plain language to (1). That one has a US Code reference which can be looked up, and there are likely definitions of this term from legal scholars online (wikipedia is not a good source). 1798.504 (f) (3) is why I find every premature capitulation full of shit. > The delivery or use of a physical product. Easy to claim any end-user distro running on their laptop satisfies the "use of a physical product". A container running in the cloud is not a user machine. This is so obvious I wouldn't be surprised if it was an attempt to make legal challenges strike only this claim and not the rest. 1798.504 (g) has been stated in several different forms before, but it is intended to remove all doubt from any os dev's mind: you will not be liable if you send people PII about people they didn't ask about. This goes hand-in-hand with earlier: the PII could even be wrong. The PII cannot be used to harm your business by a competitor. *We're all on the same team here.* Coupled with: > or any conduct by a developer that receives a signal indicating a user’s age range. even if a developer uses your age bracket info and does something *very bad*—you're not liable! 1798.505 not a lawyer, suppose this is normal—but it's extremely weird and annoying that this is separate from the section mentioning Jan 1, 2026 (1798.502 (b)). They fuck around with sections a lot. It looks like shit. It also means provisions have weird scoping issues. Is that legally significant? A lawyer would know. If we're gonna do amateur law that means spending *more* effort than an expert. And explaining where you might be wrong. The above statement is wildly irresponsible.