KOSA, the KIDS Act, AI, Bad Internet Bills, and a potential giveaway to big tech

"Yesterday, Meta dropped its opposition to KOSA after reports that it is being packaged by the White House with AI preemption and the App Store Accountability Act, two bills that Meta has lobbied for. Meta now joins Microsoft, Apple, X, Snap, and Pinterest in supporting KOSA, while much of civil society and the city of Boston opposes."

–Meta Latest Big Tech Company to Back KOSA, exposing hypocrisy of “accountability” bill, Fight for the Future, June 17

"House lawmakers announced a bipartisan deal on a package for protecting kids online on Monday... The Kids Internet and Digital Safety, or KIDS, Act includes portions from the landmark Kids Online Safety Act, dubbed KOSA ... along with 13 other kids safety-related bills.

While the package now could pass with bipartisan support in the House, senators leading their own KOSA effort suggested it will be dead on arrival in the upper chamber."

– House unveils bipartisan kids online safety deal, Miranda Nazzaro, The Hill, June 22

With multiple child safety bills active in both chambers of Congress, and the new wrinkle of packaging big tech-friendly child safety legislation with big-tech friendly AI regulation, it's a very confusing situation. Punchbowl News and Politico have both reported that the House might vote on the KIDS Act next week, and multiple sources have said that the Senate Commerce Committee is likely to schedule a markup in mid-July ... so now's a good time to try to summarize where things are.⁰

If don't have time for the complexity and just want to take action, Fight for the Future's Bad Internet Bills page makes it easy to contact your legislators.

Or, call the US Capitol Switchboard at 202-224-3124, and ask your representatives to vote NO on the KIDS Act (HR 7757), KOSA, and any other bill that age restricts, censors and surveils the internet.

Lets start with the KIDS Act, officially known as H.R. 7757. The KIDS Act is a combination of over a dozen different bills, including the House version of the anti-LGBTQIA2S+ KOSA; the anti-LGBTQIA2S+ SCREEN Act requiring age verification for "sexual material harmful to minors"; an updated version of the Childrens and Teens Online Privacy Protection Act (CTOPPA, also sometimes known as COPPA 2.0; and more.¹

For details on why age verification laws and KOSA are anti-LGBTQIA2S+, check out Evan Greer and Janus Rose's Why Are Some Democrats Backing MAGA’s Anti-LGBTQ+ Censorship? on Teen Vogue; Rindala Alajaji and Paige Collings' Age-Verification Laws Seek to Erase LGBTQ+ Identity from the Internet in Ms Magazine; and the letter from 90 civil rights and privacy organizations condemning ID-checking bills.

Back in March, Republicans on the House Energy & Commerce Committee advanced the KIDS Act on a straight party-line vote. Democrats on the House committee opposed that version, objecting both to dropping the "duty of care" requirement (a centerpiece of the Senate version of KOSA) and to provisions in the bill that would preempt state child safety legislation.² The new version announced this week has some improvements in the preemption language, and it seems like that was enough to get at least some key Dems on board – even though there still isn't a duty of care.

From a tech justice perspective, even though dropping the duty of care is a good thing, there's still a lot of stuff wrong with the KIDS Act.³ But the Senate sponsors of KOSA describe dropping the duty of care as going soft on big tech. So they see the KIDS Act and House KOSA as a non-starter, and are instead advocating for ...the bill that Meta, OpenAI, Microsoft, Apple, and X all support. Because, y'know, all these big tech companies clearly are supporting Senate KOSA because it's so tough on big tech.

Yeah, right.

One big giveaway to big tech?

"The bipartisan deal on kids’ online safety that the House Energy and Commerce Committee rolled out Monday threatens to derail hopes of passing major tech and AI legislation this year.

A major reason: key differences from a kids’ safety and AI package that Sen. Marsha Blackburn (R-Tenn.) is negotiating with the Trump administration. The White House is working to shore up support for a Blackburn-led kids’ safety package that could ultimately block or replace some state AI laws."

– House kids’ safety deal complicates AI talks, Gabby Miller, Owen Dahlkamp, Jacob Wendler, and Alfred Ng in Politico Pro , June 22

Blackburn had sponsored a 5-year moratorium on state AI regulation back in 2025, although at the last minute wound up working with Senators Cantwell and Markey to prevent it from passing. With momentum building in cities and states across the country (including here in Washington!) for strong regulation of AI, big tech realllly wants their allies in Congress to help them out; last month's discussion draft for House AI regulation also proposed preempting state laws. And while the App Store Accountability Act (ASAA) isn't part of the KIDS Act, the House Energy & Commerce Committee advanced it separately in March, so it's also eligible for a House floor vote.³

KOSA and CTOPPA are already very friendly to big tech, so I can certainly see why they want to bundle them up with preempting state AI regulation into one big giveaway ... it's kind of like watching pigs feeding at a trough. And the anti-LGBTQIA2S+ aspects of KOSA and the ASAA are an added bonus for Mark F—ing Zuckerberg and Apartheid Clyde (as well as the Heritage Foundation and all the anti-LGBTQIA2S+ groups like NCOSE masquerading as "child safety" groups).

Will Congress will go along with it? There really are huge differences between the House and Senate versions of KOSA. Especially with the widespread loathing of data centers and Flock cameras I'd like to think legislators who are skeptical of big tech would think long and hard before supporting anything that preempts state-level laws – and indeed, Ashley Gold reports that kids' online safety advocacy groups are uncomfortable with this, and different factions within the White House are divided. And conservative organizations like the Taxpayers' Protection Alliance, Competitive Enterprise Instituate, and Mike Pence's Advancing American Freedom are pushing back on the App Store Accountability Act because of the dangers of age verification as well as the Senate's version of KOSA because concerns about censorship.

Then again, lawmakers in both parties really want to pass something, and as I was writing this article Hakeem Jeffries said positive things about KOSA. So we shall see.

Age verification is mass surveillance

""Age verification" means that everyone who does anything online will have to submit to fine-grained tracking and recording of all their online activities. This nightmare is the surveillance advertising industry's fondest dream, a world where it's literally illegal to avoid their tracking, all in the name of saving kids…from them!"

– Spying on kids to save kids from spying is very, very stupid, Cory Doctorow, Pluralistic

There are a lot of good reasons to be against age verification laws. Age verification laws censor LGBTQIA2S+ and abortion info from the internet, and are also a huge obstacle for low-income, unhoused, and undocumented people. The ASAA is similar to Texas' SB 2420, which a federal judge has found likely violates the First Amendment. The list goes on ...

What's not necessarily so obvious is that in addition to all these other problems, age verification is mass surveillance. Most platforms rely on third-party age verification providers like Yoti and Persona, who then proceed to share whatever data they want with literally hundreds of other companies and government agencies. For example:

• Persona (whose investors include Peter Thiel of Palantir) embarassingly leaked their source code earlier this year, revealing that the software preform up to 269 distinct verification checks, including facial recognition matching against watchlists, Aadhaar database checks, and deep browser fingerprinting.⁴
• Papers, Please: A First Look at Age Verification on the Web reports that for sites that using Yoti, "Some of the IP, OS and browser metadata may be sent to credit card companies and IP geolocation services, while ID information may be sent to a known data broker, or another verification service" – and enough of the data gets sent that "fourth parties" like Stripe can know the names of users who visit specific sites.

And it's not just kids' and teens' data that gets fed into this surveillance system. – Taxpayers' Protection Alliance Coalition says in their Letter opposing ASAA and KOSA regulations

"The ASAA would require age verification, a process that would require users of all ages to submit extensive personal information to digital databases, where that information would be exposed to hacks or data breaches. This would threaten the privacy and data security of Americans of all ages."

Of course, big tech companies like Meta and Open AI are a key part of the surveillance-industrial complex, and make their money by exploiting people's private data, so see this as a plus. No wonder they support this legislation!

Stay tuned – and take action!

"The [KIDS Act] bill could move as soon as next week on suspension, a GOP leadership aide said.... The Senate Commerce Committee is likely to mark up KOSA and other kids’ safety bills in mid-July."

– House strikes bipartisan KOSA deal, Ben Brody on Punchbowl News, June 22

Whether or not the House actually votes next week, my guess is that we're going to keep having intermittent discussions about KOSA and other kids safety bills for the rest of the session – Senate Judiciary has already announced a July 28 hearing on child safety.⁵ Even if they can't get something to pass both chambers over the summer, there's always the option to attach one or more of the bills to must-pass legislation (as Axios reports Senate Judiciary is looking at doing with the STOP CSAM Act and the NDAA), or take it up in the "lame duck" post election session (as Sen. Blumenthal tried to do with KOSA in 2024).

So stay tuned! If you're on Blacksy, Eurosky, Bluesky or some other social network in the Atmosphere, I've set up a couple of custom feeds

• KOSA/Bad Internet Bills (also available on mu.social and Bluesky) has a broad selection of posts related to KOSA, the KIDS Act, other bad internet bills, and age verification in general
• KOSA/KIDS Act (curated) (also on mu.social and Bluesky) has a curated subset of these posts, from a list of about 20 organizations, legal experts, journalists, and activists focused on digital rights, human rights, and civil rights.

And as well as staying tuned, please take action!

Fight for the Future's Bad Internet Bills page makes it easy to contact your legislators.

Or, call the US Capitol Switchboard at 202-224-3124, and ask your representatives to vote NO on the KIDS Act (HR 7757), KOSA, and any other bill that age restricts, censors and surveils the internet.

Notes

⁰ Once organizations like Fight for the Future and EFF weigh in, I'll update this post accordingly – and if necessary do a followon post

¹ The KIDS Act also includes

• the SAFE BOTS Act with some very limited disclosure requirements for chatbots – and language that in practice is likely to require age verification
• the Safer GAMING Act requiring strong parental controls in video games – and more language that in practice is likely to require age verification
• the SPY Kids Act, which bans product and market research on users known to be minors
• and several bills funding research and education in kids safety online.

One unfortunate change in this latest version of the KIDS Act is that the Safer GAMING Act and the SAFE BOTS Act have shifted from an "actual knowledge" standard (where companies are only liable if they know that a user is a minor) to a "knows or should have known" standard. In practice, this is likely to require companies to institute age estimation or age assurance; see EFF’s June 2025 Letter of Concern to Congress, discussing similar language in a different bill.

Somewhat confusingly, the standard in the SPY Kids Act is still actual knowledge or willful disregard, and as far as I can tell the version of CTOPPA in the KIDS Act continues to have an actual knowledge standard.

Fight for the Future's The Big Picture: Bad Ideas About Online Safety Remain Bipartisan and IAPP's US Energy and Commerce Committee advances KIDS Act to full House vote have more on the March version of the KIDS Act; I haven 't yet seen a detailed analysis of the current version.

² In May, a coalition of dozens of state Attorneys General from both parties, also opposed the KIDS Act, similarly objecting both to dropping the duty of care and to the preemption clauses.

³ See New America's The App Store Accountability Act Poses Serious Concerns for Privacy, Security, and Free Expression and the Taxpayers' Protection Alliance coalition letter for more on the problems with this bill.

⁴ Persona's CEO says that no Persona customer uses all the possible 269 checks, and that it's Persona's customers (not the company itself) who control the handling and deletion of data ... but none of that is particularly reassuring.

⁵ Not long after I published this article, Owen Dahlkamp of Politico reported that the White House intervened to let Mark F—ing Zuckerberg and the Google CEO Sundar Pichai off the hook from testifying at this hearing:

"People representing Meta met with White House staff about the hearing in late May and early June, according to three of the people with knowledge of the events.

In discussions with committee staff, Meta and Google representatives expressed concerns that the hearings would only further worsen negative attention arising from recent child online safety litigation, they added.

After a back and forth, the White House agreed to publicly support Grassley’s James T. Woods Act on the condition that Grassley permit lower-profile executives from Meta and Google to testify, according to the same three people."