Lawmakers in Congress are moving quickly on the GUARD Act, an age-gating bill restricting minorsā access to a wide range of online tools, with a key vote expected this week. The proposal is framed as a response to alarming cases involving āAI companionsā and vulnerable young users. But the text of the bill goes much further, and could require age gates even for search engines that use AI.
If enacted, the GUARD Act wonāt just target a narrow category of risky chatbots. It would require companies to verify the age of every user ā then block anyone under 18 from interacting with a huge range of online systems. It would block minors from everyday online tools, undermine parental guidance, and force adults to sacrifice their privacy. In the process, it would require services to implement speech-restricting and privacy-invasive age-verification systems for everyoneānot just kids.
Under the GUARD Actās broad definitions, a high school student could be barred from asking homework help tools questions about algebra problems. A teenager trying to return a product could be kicked out of a standard customer-service chat.
As usual, politicians trying to use children and fear as a wedge to get people to accept government surveillance and control.
Thats the world we are unfortunately in now. So much for all the cool aesthetics in the dystopion SciFi movies. We just get the control aspect.
On one hand, that āeveryday useā of AI is genuinely some of the most harmful use there is. People fall into delusions because of that shit, and even when they donāt they get massively overconfident about the answers they get, even despite significant error rates. Not to mention the privacy invasion that occurs with those systems, or the, you know, huge environmental damage.
In particular, this paragraph is doing a lot to make the bill sound better:
Under the GUARD Actās broad definitions, a high school student could be barred from asking homework help tools questions about algebra problems. A teenager trying to return a product could be kicked out of a standard customer-service chat.
Yeah. These tools are dangerous. Fucking adults are using them wildly irresponsibly, for Godās sake.
On the other, this is very similar to the push for āprotectingā kids from āpornography.ā I donāt trust this to not result in massive proliferation of invasive age-gating systems regardless of any AI use at all. Weāll get the worst of both worlds, wonāt we?
Surveillance is the goal. āFor the childrenā has proven an effective red herring over the years.
Iām aware. I think the primary difference between this bill and that general age-gating push is that AI itself does cause very real harm. To everyone, really. Iām not sure Iād even say children are particularly vulnerable.
Regardless, I came to the conclusion that the bill isnāt worth it as-is in my newer analysis post.
Okay, so Iāve read the full bill now, and I gotta say I donāt feel as conflicted about this anymore. The EFFās article looks like it has a lot of bad takes in it now; my (still not insignificant) doubts on this bill now come from the fact that Iām not a lawyer and thus cannot foresee the consequences of this as well, and the fact that a decent bill can still be implemented horribly by idiotic companies.
(I wrote so much here I ended up needing to break out the header markdown. Apologies in advance!)
Chatbot definition
I donāt think the billās definition of chatbots is actually bad at all. Quoting directly:
(Collapsible) Bill quote regarding AI definitions
(2) ARTIFICIAL INTELLIGENCE CHATBOT.āThe term āāartificial intelligence chatbotāāā (A) means any interactive computer service or software application thatā (i) produces new expressive content or responses not fully predetermined by the developer or operator of the service or ap- plication; and (ii) accepts open-ended natural-lan- guage or multimodal user input and pro- duces adaptive or context-responsive out- put; and (B) does not include an interactive com- puter service or software applicationā (i) the responses of which are limited to contextualized replies; and (ii) that is unable to respond on a range of topics outside of a narrow speci- fied purposeNotice the frequent use of the word āandā here, rather than āor.ā Do I think there are no possible holes in this? No. And again, Iām no lawyer. But my main concern here would be restricting programs that arenāt LLMs, and this seems to do a good job of avoiding that.[1] The EFF is concerned this would restrict people from, say, cheating on homework. It would. I donāt care about that and I donāt think they should either, for reasons addressed in my comment above.
Age verification
Itās not as bad as it sounded to me, but itās still not acceptable. Quoting again:
(Collapsible) Bill quote regarding age verification measures
(5) REASONABLE AGE VERIFICATION MEAS- URE.āThe term āāreasonable age verification meas- ureāā means a method that is authenticated to relate to a user of an artificial intelligence chatbot, such asā (A) a government-issued identification; or (B) any other commercially reasonable method that can reliably and accuratelyā (i) determine whether a user is an adult; and (ii) prevent access by minors to AI companions, as required by section 6. (6) REASONABLE AGE VERIFICATION PROC- ESS.āThe term āāreasonable age verification proc- essāā means an age verification process employed by a covered entity thatā (A) uses one or more reasonable age verification measures in order to verify the age of a user of an artificial intelligence chatbot owned, operated, or otherwise made available by the covered entity; (B) provides that requiring a user to con- firm that the user is not a minor, or to insert the userās birth date, is not sufficient to con- stitute a reasonable age verification measure; (C) ensures that each user is subjected to each reasonable age verification measure used by the covered entity as part of the age verification process; and (D) does not base verification of a userās age on factors such as whether the user shares an Internet Protocol address, hardware identi- fier, or other technical indicator with another user determined to not be a minor.The reason I say this is ānot as bad as it soundedā is primarily because itās open-ended.[2] An actually acceptable, privacy-preserving age verification method would be legal here and is not actively prevented. But thatās about all the faith I can muster for it. This law could be good if we had age-gating tech that could actually be trusted, and indeed if this law passes it might become good if we were ever to develop such a thing.
But we donāt have that, and I do not trust for-profit corporations to ever make one, and in such a context this law runs the risk of causing serious issues. Namely, I would be concerned that ā contrary to what the EFF states ā companies would decide that the path of least resistance would involve continuing to use AI and implementing accounts and age verification for their services anyway. Weād move from having shitty AI chatbot customer support people shouldnāt use, to shitty AI chatbot customer support that is considered so important that the company mandates everyone get age-checked to view a support page.
Itās unlikely, since the tech the law mandates is extensive enough to be an expensive hurdle to set up that really isnāt worth it for any company that doesnāt outright rely on AI to do their core business. But since when has sense mattered in the so-called AI age?
Privacy
Thereās also the privacy issue of the age gating. Which is omnipresent as ever with these sorts of things. All the bill offers on that front is this:
(Collapsible) Bill quote regarding data security
(5) AGE VERIFICATION MEASURE DATA SECU- RITY.āA covered entityā (A) shall establish, implement, and main- tain reasonable data security toā (i) limit collection of personal data to that which is minimally necessary to verify a userās age or maintain compliance with this Act; and (ii) protect such age verification data against unauthorized access; (B) shall protect such age verification data against unauthorized access; (C) shall protect the integrity and con- fidentiality of such data by only transmitting such data using industry-standard encryption protocols; (D) shall retain such data for no longer than is reasonably necessary to verify a userās age or maintain compliance with this Act; and (E) may not share with, transfer to, or sell to, any other entity such data.5(E) here is great. I wouldnāt know if itās foolproof, and itās probably not, but it looks good. As for the rest? Seems very unrestricted and lacking definitions to me. Words like āreasonableā are great to use if you want to allow for a broad range of methods for tackling an issue, but I donāt think that move is reasonable when it comes to PII security. With āindustry-standard encryption protocolsā being as rigorous as the security standards get, the bill may as well just say ātry not to fuck up,ā and the track record for this is, uh, poor.
So yeah, all in all, way better than the EFF is putting it. But unfortunately the problems are bad enough that Iām not convinced this bill should pass. At least, not while the massive bad-faith age-gating push is currently strangling the internet. I hate AI, and it is absolutely hurting people, but if weāre to have this then privacy-perserving (and secure) tech is a must and has to be created first.
āAI companionā uses this definition and then further narrows it to things like āhuman-likeā and āis designed to encourage or facilitate the simulation of [ā¦] friendshipā and such, so Iām not worried about that either. ā©ļø
6(B) and 6(D) are notable in their being specific exclusions; āI am not a minorā buttons and āenter your birthdateā fields are explicitly disallowed as age verification methods, as is using the same machine as a different, already-verified user. ā©ļø
