Government Rolling Age Verification and Online Harms into One Giant Mess

Reports suggest that the Canadian government is introducing a bill that would combine online harms and age verification legislation.

Imagine if the government spent half of its time actually trying to solve real problems in the digital space instead of causing problems. So, instead of pushing the Online News Act and the Digital Services Tax, they would table a privacy reform bill. Instead of the Digital Services Tax and Online Harms legislation, the Canadian government focused on bringing real competition into the cell phone and internet carrier sector. Instead of pushing age verification laws and worsening the privacy protections of Canadians to benefit political parties, the Canadian government focused on expanding broadband into rural and indigenous communities. Wouldn’t that be a great start to making life so much better for Canadians.

Instead, we get a government who has a laundry list of terrible laws to make internet life worse and worse for Canadians across the country. To make matters worse, the biggest opposition party tends to be unpredictable on whether or not they oppose these terrible laws. For instance, the Conservatives are all for age verification laws that would usher in mass government surveillance for all Canadians. After all, if there is one thing the Conservative party loves, it’s big government dictating how Canadians can run their daily lives in the most intrusive ways imaginable.

In this session of parliament, Canadians are already fighting against the mass government surveillance legislation known as Bill C-22. For as bad as such legislation is, it may not be the worst tech related bill currently working its way through the parliamentary process for long.

Reports have surfaced saying that the Canadian government is getting prepared to table a potential clusterfuck of a bill. The idea is that it would take the disastrous age verification legislation that has completely and utterly failed wherever it was implemented, and combine it with the speech busting legislation known as online harms.

Age verification, as you know, has been a total disaster wherever it was implemented. When it was implemented in Australia, it revealed that teens alone had the worst of both worlds. On the one hand, most teenagers were able to circumvent the age gates on a massive scale, carrying on as if nothing had happened. On the other hand, those that were impacted by the age gates found themselves increasingly cut off from the rest of the world as they would, among other things, have access to substantially less news. There was no upside to any of this.

Basic logic and reason would dictate that the Australian experience would serve as a warning of what not to do. Age verification is a failed dead on arrival policy that shouldn’t be implemented elsewhere. Instead, supporters were desperate to have this legislation implemented elsewhere helped the mainstream media go into complete denial. This by completely rewriting history and publishing bald-faced lies that said that everything is going fine and dandy in Australia and that it’s up to other nations to implement it.

Sadly, Europe listened to those lies and even went to the extreme of developing their own app, proclaiming that there is no excuse anymore and age verification must move ahead. The predictably obvious ensued. The app suffered from numerous security issues and even a data leak. It marked not only the second time age verification was implemented, but also the second time that those laws completely and utterly failed.

Unfortunately, governments from around the world didn’t learn from the first two times and decided to stub their proverbial toe a third time. The UK pushed for and passed age verification as well. In an exercise in madness, the government basically tried to say that this time will be different and they would totally have this whole thing under control. For reasons that should be obvious, a different result was not in the cards after teens began circumventing the age gates on a massive scale. It marked the third straight time age verification laws have completely and utterly failed.

The cherry on top of this cluster of a history is the fact that the privacy and reliability scandals continue to pile up. People are circumventing age gates with sharpies, pictures of golden retrievers, and, of course, VPNs. At the same time, there have been numerous privacy scandals along the way including the Discord data breach, the AgeGO scandal, additional leaks and breaches, and, of course, the more recent Yoti privacy scandal. The reliability and security of these companies have repeatedly fallen flat on their faces over and over again as they promise the impossible and predictably fail to deliver.

All of this is just one of the two rakes the Canadian government has decided it wants to step on.

There is also the other half which is the Online Harms legislation. This is something the Canadian government already has a history in screwing up. Probably the most notorious example is the earlier 2021 version which not only demanded massive government website blocking, but also requires websites to follow a rule of taking content down within 24 hours based on any anonymous complaint that comes their way. If it offended someone somewhere along the line, it must be taken down. In short, it was the Canadian government trying to basically shut down the entire internet for Canadians because no one survives something like that. The proposals were almost universally condemned by experts, anti-hate organizations, digital rights organizations, and many others. While later versions did improve over that insane version, it still remained controversial.

Reports indicate that the Canadian government wants to combine these two awful proposals into one giant vat of legislative toxic sludge. From the Globe and Mail:

Ottawa is planning to propose a ban on social media for children under 16 as part of an online harms bill to be introduced Wednesday.

But platforms that meet new safety standards may be able to allow children to opt back in, according to a source familiar with the forthcoming bill. The Globe and Mail is not naming the source as they are not authorized to speak publicly about the legislation.

The long-awaited online harms bill is also expected to require companies to mitigate harmful content.

This would include action to deal with artificial-intelligence chatbots that advocates have been calling on the government to regulate. Advocates and families have expressed concern that chatbots programmed to behave like companions have coached some children on suicide and how to mask eating disorders.

All of this is a really bad idea. Unsurprisingly, experts are already raising the alarm over this. From Michael Geist:

The government will apparently present this as a temporary safeguard given the prospect of opting back in, but the policy itself requires a regulator and ID for everyone since limiting the services to those over 16 requires knowing the age of all users. This system doesn’t simply disappear since once Canada has required every user to prove who they are in order to police a single age line, that requirement and the infrastructure will remain in place. In other words, the requirement might be reversible, but the data collection and regulatory infrastructure are permanent.

The language of a “kids ban” obscures how the policy actually works. There is no way to keep people under 16 off a platform without determining the age of everyone who uses it, because identifying who falls below the line necessarily means identifying who sits above it. A rule aimed at a minority of users is therefore an age-verification mandate imposed on the entire population, and it makes no difference whether the government calls the result a ban, a restriction, or a safeguard. Tens of millions of Canadians who are not the target of the policy would be required to submit proof of age, typically to foreign third-party verification services, in order to do the ordinary things they already do online. The privacy risks, including the challenge of even applying Canadian privacy law to the collection, are enormous.

None of this would be defensible even if the ban worked, and there is little evidence that it does. Australia’s under 16 ban, the example most cite, has shown how readily children route around age gates through VPNs, borrowed accounts, and false birthdates, with the most at-risk users the most likely to circumvent them. Indeed, even the country’s eSafety Commissioner has acknowledged that the restriction has been difficult to enforce and has yet to demonstrate a measurable reduction in harm. The case for applying any of this to AI chatbots would be even weaker.

Indeed, with age verification, the Australian government itself admitted that things have proven to be far more difficult than they were initially led to believe:

The findings suggest the rollout of Australia’s Social Media Minimum Age law (SMMA) has been challenging, with platforms falling short of their obligations while key indicators of harm remain unchanged.

The country’s regulator said it had raised “significant concerns” about five major platforms — Facebook, Instagram, Snapchat, TikTok, and YouTube — and has started formal investigations ahead of potential enforcement actions by mid-2026.

“Many children aged under 16 still have their accounts or can create new accounts,” reads the report. “eSafety has observed poor practices by some platforms in the first three months of the SMMA obligation coming into effect.”

Headline figures indicate activity at scale. More than 4.7 million accounts assessed to belong to under-16s have been removed, deactivated, or restricted as of mid-January. But account removals do not equate to full compliance. Underage use appears to have declined but remains significant. The report’s detailed findings provide a clearer view of the gaps.

One issue is how age assurance systems have been implemented. The report describes cases where users who had already declared themselves under 16 were prompted to complete additional checks to “correct” their age. In practice, these additional checks allowed some users to regain access. Tools such as facial age estimation were used to check users’ ages, despite known limitations in accuracy near the 16-year threshold. System design choices almost certainly contributed to the risk of misclassification.

This isn’t a digital rights organization saying this. This isn’t experts or critics saying this. What this is is the Australian government itself saying that this whole thing has been an unmitigated disaster. While no one expects the Australian government to finally admit to the reality that these laws are broken, the reality is that age verification laws are a broken concept that has no shot at getting fixed in any way.

Reality has always been very far removed from the rosy pictures supporters of age verification have been pushing. Those images of ‘the tools exist today’, ‘services already have a 98% accuracy’, and ‘the services are safe and secure’ were always complete and total fabrications and reality is even starting to seep into the Australian government.

As has been said many times, those who refuse to learn from history are doomed to repeat it. Right now, the reports indicate that the Canadian government is doing exactly that, vying to be the 4th or 5th jurisdiction (the US is gunning for this too, sadly) to basically see this end in total failure.

Drew Wilson on Mastodon, Bluesky and Facebook.