Security researchers are warning that proposed age verification laws are laying the groundwork for a global surveillance system.
Over four-hundred academics from thirty countries have signed an open letter urging governments to halt the implementation of age verification systems, at least until the significant privacy and security implications are properly understood.
This alert comes as legislators worldwide rush to prevent teens and children from accessing internet social media platforms, prompting age checks from large platforms. Crucially, there is no global agreement on what these supposed checks should look like, or whether they should exist at all given that device parental controls are already a standard.
The signatories, including luminaries like Turing Award winner Ronald Rivest and Bart Preneel, president of the International Association for Cryptologic Research, are unequivocal. Deploying large-scale identity verification without a clear understanding of its impact on user security, autonomy, and freedom is plain “dangerous and socially unacceptable.”
The open letter contends that governments are constructing surveillance infrastructure under the guise of child protection.
As noted by one user on X, there’s no reason for the precedent to stop there. People will eventually be required to show a license to own any device.
You will eventually need a license to own a computer.
This is where all this “Age Verification for OS” stuff is coming from.
It’s not about protecting kids. If it were, the CA law would not demand that you share this age data with any dev that asks for it.
It’s about… https://t.co/wQJACdhqpw
— Grummz (@Grummz) March 4, 2026
The academics explain that a genuine age verification system would demand “government-issued IDs with strong cryptographic protection for every single interaction with the service.” This would mean requiring identity confirmation for every search query, every private message, every online article read – a standard that’s completely absent from life offline.
Already, companies like OpenAI, Roblox, and Discord are implementing age checks, anticipating legal requirements. While Discord has postponed its global verification rollout to the second half of 2026 due to enormous user backlash, the company has not fully relented from building out this global surveillance grid.
Notably, the academics also acknowledge the underlying concern, at to the extent that it can be taken at face value: “we share the concerns about the negative effects that exposure to harmful content online has on children.” What they reject is the proposed solution – turning every adult into a suspect needing proof of identity to access the open web.
Beyond that, the experts note that the technical hurdles are substantial. Building and maintaining global identity verification is incredibly complex and costly, creates enormous amounts of friction for businesses and services and does not achieve the intended goal.
Furthermore, only the largest corporations can realistically deploy such systems at scale, risking further centralisation of the internet’s infrastructure.
The academics also highlight another direct risk: governments may ban VPNs. Age checks can be easily circumvented using a VPN, and the predictable reaction is outright prohibition. VPNs are a vital tool for users in restrictive regimes seeking to protect their communications and identities.
Banning VPNs to enforce age restrictions for teenagers would strip protection from dissidents, journalists, and activists globally, causing severe and widespread collateral damage.
The academics call for a pause until there is scientific consensus on “the benefits and harms that age-assurance technologies can bring, and on the technical feasibility.”
Rushing to build mass identity verification systems before studying the consequences is completely unreasonable, they argue.
If you found this article useful, consider sharing it.
