S.3663, or the "Kids Online Safety Act" (KOSA), was re-introduced this year by Senators Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN). KOSA seeks to protect children's privacy and ensure their safety while they're online. There is no question that the digital well-being of children is of utmost importance, but the methods KOSA proposes to achieve such a goal are an affront to everyone's privacy and free speech. We need you to write to your Congressional representatives and tell them to vote NO on KOSA.

KOSA proposes to use invasive filtering, monitoring tools, techniques that jeopardize private and secure communications, and increased data collection of both children and adults to enforce its measures. Below we explain why KOSA is not the solution to the dangers children face on the internet. We also offer suggestions on how to best to protect children online.

What's wrong with KOSA?

Section 3 of KOSA outlines a "Duty of Care" that all covered platforms, i.e., online platforms that connect to the internet and that are used or reasonably likely to be used by a minor, must abide by. A covered platform's duty of care includes "acting in the best interest of the minor," which means "taking reasonable measures in its design and operation of products and services to prevent and mitigate" harms associated with mental health disorders, addiction-like behaviors, physical violence, online bullying, sexual exploitation, narcotic drugs, tobacco products, gambling, alcohol, and deceptive marketing and financial practices.

So, what's the problem with this? Firstly, since the scope of content platforms must monitor is so broad, KOSA will incentivize these companies to over-censor content to shield themselves from liability and damages. Additionally, asking platforms to censor such content runs counter to the Fourth Amendment by asking private entities to surveil children on behalf of the government.

An obvious question arises here: how do we tell who is a minor and who is an adult online? Section 4 of KOSA, which outlines safeguards for minors online, is premised on identifying each users' age. Without asking for a government-issued ID, there is no way to truly know who is a minor and who is not on the internet. If covered platforms decide that they must ask for government IDs, a flood of privacy problems are inevitable. A database that contains the identification information of every adult American is ripe for abuse by a variety of actors (e.g., law enforcement, employers, etc.) and is vulnerable to being hacked. Having a government ID associated with everything you post online makes government surveillance even easier.

Age-verification to access online content runs contrary to First Amendment protections. The U.S. District Court for the Western District of Texas recently ruled as such when considering HB 1181, a Texas law that would have required age-verification (e.g., government ID) to access adult sexual content. Even though the government has a legitimate goal in protecting children from explicit online content, legislation must be narrowly tailored to that end. KOSA does not fit this criteria - it is a clearly unconstitutional proposal.

Section 11 of KOSA details its enforcement, which is up to the Federal Trade Commission (FTC) and state attorneys general (AG). In any case in which an AG believes that the interests of a state resident were threatened or adversely affected by a violation of KOSA, they may bring a civil action to obtain damages.

There are dramatic differences among the states with respect to freedom of speech in different settings. As Restore the Fourth has stated previously, KOSA is ripe for abuse by those who have an interest in weaponizing anti-LGBTQ+ or racist politics. Without clear specification of what content may be considered a threat to a child's health and safety, state AGs have wide discretion to make this call. Given the troubling recent practices of states banning books and eliminating curricula from public schools that deal with sexual identity, gender non-conformity, Black and slave history, and women's healthcare, KOSA opens the door for actions that only hurt children in the long run. And as we have argued above, platforms will default to over-removal when they face a constant threat of legal action.

How do we start protecting children online?

Rather than implement a regulatory scheme premised on user-age, it would be more productive to pass a comprehensive data privacy protection act that allows all users to opt out of data-intensive practices like personalized recommendation systems and geolocation tracking. All platforms should have an accessible and easy to use feature that lets users delete their personal data. For example, Section 5 of KOSA requires platforms to notify a minor when their personal data has been used for targeted advertising. A data privacy bill would take a different route by allowing each user to determine when and to what extent they opt-in to data collection for each feature or service offered. Parents could do this on behalf of their children under stronger privacy protections.

We support the bill's provision for conducting research on what is harmful to children on social media and online more generally but feel strongly that this research should be directed at educating parents about how to talk to their children and keep them safe without forcing platforms to set age-specific privacy levels that require constant monitoring.

Children, which KOSA defines as anyone under the age of 18, are a varied and diverse group. Different children require different levels of monitoring and care when it comes to the internet. Parents empowered under a comprehensive data privacy act would be better equipped to ensure their children can be safe while using the internet, an invaluable source of information and resources. The Kids Online Safety Act will not do this - please contact your representatives to urge them to oppose it.