Senate Bill 26-051 reflects that pattern. The bill does not directly regulate individual websites that publish adult or otherwise restricted content. Instead, it shifts responsibility to operating system providers and app distribution infrastructure.
Under the bill, an operating system provider would be required to collect a user’s date of birth or age information when an account is established. The provider would then generate an age bracket signal and make that signal available to developers through an application programming interface when an app is downloaded or accessed through a covered application store.
App developers, in turn, would be required to request and use that age bracket signal.
Rather than mandating that every website perform its own age verification check, the bill attempts to embed age attestation within the operating system account layer and have that classification flow through app store ecosystems.
The measure represents the latest iteration in a series of Colorado efforts that have struggled to balance child safety, privacy, feasibility and constitutional limits.
Sorry for the stupid question, but what would an “operating system provider” mean here? Does that mean “the organization that builds and distributes the operating system”? If so, Linux is sort of screwed in CO; even The Linux Foundation can’t act for Linux the same way Apple or Microsoft can for macOS or Windows respectively. Maybe Red Hat could, but only for their flagship distro RHEL, and the E stands for Enterprise, lest we forget.
If “operating system provider” were interpreted to mean “system administrator”, however (which is a stretch, but still), that might be a decent solution, since it has the effect of age-limiting content in an enforceable way, but keeps identity information from being centralized under a government or (single) private agency. The sysadmin for children would be parents, who are the only ones who would be providing the hardware, and that could work, especially if there was only the child’s account on the device (like a cell phone).
I dunno if the above is horribly ignorant; if so, I’m open to being more educated on the topic.
Ah, I found the official answer to my question in the definitions (definition 9):
This still leaves room for ambiguity, though, especially when it comes to Linux: is the OSP the person who installs the OS (e.g. a sysadmin)? They control the operating system on that device. Or are they the individual/organization that deems what software counts as a given operating system (e.g. Microsoft or Linus)? They develop and license the operating system that happens to be on a given device. Maybe it’s both, but the context suggests the latter more strongly to me.
It also says the age will be acquired ‘upon login’, so I’m not sure how that would work with linux. More anti-tech old farts making the rules
Wish we could blame it on them being old, but the primary sponsors aren’t that old. Matt Ball looks late thirties, early forties at most and Amy Paschal looks late forties, early fifties at most. I couldn’t find background on their specific ages, but Matt Ball’s bio refers to still raising his children, which also implies the younger side.
https://leg.colorado.gov/bills/SB26-051
https://leg.colorado.gov/legislators/matt-ball
https://leg.colorado.gov/legislators/amy-paschal