25 comments

[ 0.26 ms ] story [ 44.2 ms ] thread
Does it run applications? The point of the law is to collect (and device setup) the age of the (I guess primary?) user, and communicate that (as a range?) to any applications it runs.

So, if you don't run applications, does this matter? Also, enforcement is by the CA attorney general, so random people can't go after you.

Clickbait title, the legal notice explicitly states that an open source project cannot and will not implement age verification.
I don't see a definition for "operating system" in this legislation (California).

"Operating system provider" is defined, but that's kinda useless unless "operating system" is defined first.

So DB48X provides a covered application store?

(e) (1) “Covered application store” means a publicly available internet website, software application, online service, or platform that distributes and facilitates the download of applications from third-party developers to users of a computer, a mobile device, or any other general purpose computing that can access a covered application store or can download an application.

Also, where does anything in the CA bill mandate age verification? It's saying the OS needs to prompt for age bracket info and allow the third party apps to query that. That is far different from verification.

DB48x certainly has a GitHub site with freely downloadable pieces of software that can run on the calculator. For instance here: https://github.com/c3d/db48x/tree/stable/library

Some of these include contributions from third parties.

The problem is that the law is written without a precise enough wording that would ensure that there is no risk whatsoever for me. And the penalty is stiff, something like $7500 per child using the software.

As for mandating age verification, it's unclear to me how you think that it's possible to deliver an API giving age bracket info (in the case of DB48x, the idiomatic way would be an RPL command that returns that info) without having a facility to enter age or date of birth or something like that. So yes, everyone who reads the text interprets it as mandating age verification.

IANAL, but the whole thing feels quite problematic. Should we interpret the prohibition as a licensing condition "a resident using our IP is violating the contract" or as an informative note "we are not compliant and we are not ever going to be compliant so a resident using the IP is violating local laws"? I'd expect the intent to be the latter, but would it hold in front of a judge? If the notice is a licensing condition, the whole thing is problematic as hell:

- Does such prohibition has any legal force at all? Does it do anything to prevent responsibility according to the bill? Wouldn't just saying "CA/CO have zero jurisdiction over us, get screwed" be a saner choice (of course it would be better if the project wouldn't host on M$'s servers).

- The main project license is GPLv3. GPLv3 clearly has no provisions to introduce arbitrary prohibitions into the license without losing compatibility. But they still keep GPLv3 LICENSE.txt, which is problematic in itself - if LICENSE.txt says one thing and LEGAL-NOTICE.txt another, the conclusion might be that no license applies so no one may use the software at all!

- If they are reusing any GPL software that they don't hold copyright on, they might be or might not be in violation (would need a real lawyer to say if that's the case or not).

And on the actual matter of things, it's really sad to see California to be on the front line of this crap (this screams ageism). And, dear "adults", screw your parental authority so much. Whatever skills I've gained before the university I've done against an explicit parental prohibition. This is what I live off now. Screw you all.

> GPLv3 clearly has no provisions to introduce arbitrary prohibitions into the license without losing compatibility.

It's not even just that. The license expressly forbids adding other conditions and restrictions, and says that people who receive software, licensed under the GPL, with added conditions ore restrictions, can just remove those restrictions.

If the author really wants to add a restriction like this, they have to switch to a different license.

I think the winning move is just to ignore the legislation, and drag the government into an EFF or ACLU-funded First Amendment lawsuit if they try to enforce anything.
(comment deleted)
*Formerly open source

Seems to violate the open source definition paragraph 5, no?

From the other post about this law.

> That's likely no big deal for Windows, which already requires you to enter your date of birth during the Microsoft Account setup procedure

This seems like an over reaction because of a simple date field

Ignoring the calculator side of things (fair enough if they don't wanna implement it) is this just requiring an age value for the user of the operating system?

Because if so, that seems a lot more sensible than the online crap where you need to give ID or something. I remember someone suggesting requiring an `X-User-Age` header, and having adults responsible for having their children's account setup with their age, which this proposal seems to be more in line with.

From some of the other responses people seem against this proposal, am I missing something? (I only briefly skimmed the links) Is there some kind of attestation/ID required when the age is input?

> Colorado residents may no longer use DB48x after Jan 1st, 2028.

This law hasn't even passed

All the more reason to draw lots of attention to this issue now.
so they outlawed a calculator?
What's with the recent push for age verification? This has been around forever but it seems like just recently a bunch of governments are pushing for this.
A large number of entities are facing the same problem at the same time and coming to similar conclusions.

There's also a cabal that wants surveillance, but since the California law doesn't require surveillance, this isn't that. The California law just mandates a parental control feature.

If I'm reading the (L)GPL correctly (but I'm not a lawyer), this notice should be completely ignored:

Section 7 says: All other non-permissive additional terms are considered “further restrictions” within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term.

Section 10 says: You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License.

The LGPL has:

> This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below.

Which points you over to this in GPL, Sections 7, Additional Terms:

> Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms:

> ...

> f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors.

This is a condition being imposed by a new law (if/when it passes). Its an attempt at indemnification that is compatible with the law. It seems to pass the reasonableness check.

All these stupid unenforceable laws, like GDPR which is being watered down, only create strong incentives to lie on compliance officers.
DB48x author here. To be fair, the definitions of "operating system", "application" or "user" are so vague that I decided to

1. Not take any risk 2. Take a stand

The point is more to draw attention