Texas’s Online Age-Verification Law Must Be Overturned

by Lilian Coral and Prem Trivedi

Biometric Privacy

WASHINGTON, DC – Decades of corporate and government data breaches and a surge in identity theft have amply demonstrated how our most precious data – from our home addresses to our likenesses and legal names – can be stolen online and used in ways that ruin our lives. Democratic countries around the world face an uphill battle in protecting their citizens’ privacy in the digital age.

In the United States, the Supreme Court will soon review a state law that, if upheld, would make this climb even steeper. Texas House Bill 1181 (H.B. 1181) requires websites to verify visitors’ age if at least one-third of their content is deemed “sexual material harmful to minors.” Because it is currently impossible to verify the age of internet users while also protecting their data and identifying information, such a requirement would amplify privacy and security risks, including for children. As New America’s Open Technology Institute (where we both work) and other public-interest advocates argued late last year in an amicus brief, the Supreme Court must overturn this law on appeal.

It seems like a no-brainer to verify the age of a person seeking to access adult content online. After all, employees at physical stores must confirm that customers are old enough to purchase items with a minimum age requirement, from alcohol to firearms. Surely the same logic should be extended to navigating the internet.

But the verification process is not the same online as it is in person. At the liquor store, you can flash your driver’s license and then put it back in your wallet – the information it contains stays with you. That is not true when you upload identification and other credentials – including government-issued IDs, credit-card information, and biometric data – to the internet. Once you click “submit,” you no longer control how this material is stored or with whom it is shared.

The Open Technology Institute has long studied how private and public actors collect, store, and share data online. Over the past two years, our team has researched the development and consequences of legislation and technical efforts aimed at protecting children on the internet. This includes online age-verification laws like H.B. 1181, which we believe pose clear risks to all users and uncertain benefits to the children they aim to safeguard.

We found that even when laws prohibit websites from saving users’ personal information, the act of verifying their age makes this kind of sensitive data more vulnerable to unauthorized access. For example, online platforms that confirm users’ ages through government-issued IDs or credit-card details may lack secure processes for collecting, using, storing, and deleting such information.

Worse, H.B. 1181 does not even attempt to prevent age-verification companies such as Yoti and VerifyMyAge from deliberately transmitting this information or selling it to data brokers or other third parties. The very existence of this data means it can be stolen, sold to businesses, or acquired by governments eager to surveil their citizens.

Government investigations into online age verification underscore this reality. In 2022, France’s National Commission on Informatics and Liberties (CNIL) investigated six common solutions for determining internet users’ age. The CNIL found that “currently no solution” provides “sufficiently reliable verification, complete coverage of the population, and respect for the protection of individuals’ data and privacy and their security.”

Similarly, the age-verification roadmap published by Australia’s eSafety Commissioner in 2023 emphasized that each technology has its own trade-offs and its own issues concerning effectiveness, security, and privacy. There is no universal best practice for confirming a user’s age online.

But while our research shows that the existing methods of online age verification pose a threat to privacy, the CNIL concluded that the technological capacity to verify a person’s age while respecting their rights – namely, encryption and zero-knowledge proofs – already exists. But technologists, policymakers, and civil society have yet to develop the standards, protocols, and supporting technical infrastructure to scale up these solutions and make responsible age verification a reality.

To be sure, H.B. 1181 attempts to address a very real problem: the internet is not safe enough for children. But policymakers eager to craft responsible internet-safety laws must recognize that requiring age verification before the necessary infrastructure is in place is the wrong approach.


If the Supreme Court upholds H.B. 1181, lawmakers in other states and at the federal level will be empowered to take the same approach to imposing age-verification requirements. This could prompt widespread adoption of an insecure technology that would expose users to new privacy and security risks online.

Lilian Coral is Head of New America’s Open Technology Institute and Vice President of the Technology and Democracy Programs.

Prem Trivediis the Policy Director of New America’s Open Technology Institute, leading research and advocacy efforts to improve outcomes in technology policy.

Copyright: Project Syndicate, 2025.
www.project-syndicate.org

Support Countercurrents

Countercurrents is answerable only to our readers. Support honest journalism because we have no PLANET B.
Become a Patron at Patreon

Join Our Newsletter

GET COUNTERCURRENTS DAILY NEWSLETTER STRAIGHT TO YOUR INBOX

Join our WhatsApp and Telegram Channels

Get CounterCurrents updates on our WhatsApp and Telegram Channels

Related Posts

Join Our Newsletter


Annual Subscription

Join Countercurrents Annual Fund Raising Campaign and help us

Latest News