My name’s Chris Taylor. I’m a software engineer and a constituent in your district. I grew up in California and got a computer engineering degree from UCSB (the one by the beach). I’ve worked on defense robotics, drones, and other high-stakes industrial systems (trains, forklift trucks), with experience in cybersecurity and AI.

Having lived in a number of states, I’ve come to appreciate what a good job California does at legislating technology, like protecting consumers from abusive business practices, protecting startups’ ability to compete with incumbents, or protecting people’s data privacy.

Given the Golden State’s generally good track record legislating technology, I am very frustrated that it is taking a turn for the worse with the recent passage of AB 1043.

AB 1043’s intent is noble. As author Buffy Wicks puts it, big tech companies drag their feet on protecting children online because they claim they don’t know how old their users are. AB 1043 closes this loophole by forcing all applications to request a signal from the operating system on the user’s age. What I like about the bill is there is no ID verification required. A parent inputs their child’s age on their initial account setup, and, in theory, apps request the age signal from the OS and can switch on additional safeguards to protect children from harm online. This is a massive improvement over similar age gating laws because it doesn’t require the collection of sensitive biometric information.

What frustrates me about this bill is that its authors seem to have drafted it under the very myopic mental model of a parent setting up their child’s account on a device created by a well-funded tech company, ignoring many other important details of the tech ecosystem and the hardworking people behind it.

Buffy Wicks, who introduced the bill, repeatedly referred to examples of setting up tablets for her 4-year-old and 8-year-old in hearings. She did not mention any other use case. Nichole Rocha, a tech policy advisor, seemed surprised by an opposition letter from Lenovo explaining that, unlike Apple and Google, Lenovo doesn’t make the operating system on their devices. Nichole remarked “So, when their opposition came in, I was looking at my laptop trying to figure out how this would actually work.” This remark was from a committee hearing on July 15th, 2025, five months after the bill was introduced.

During hearings, Assembly Members seemed to have only big tech companies in mind when considering who would be affected:

  • Buffy Wicks mentioned “The first phone calls I made when I decided to do this was to Apple and Google”.
  • Wicks also repeatedly said “They literally have thousands of engineers”.
  • When naming examples of developers, Wicks said “the developers, that is the, you know, Meta, et cetera”.
  • Tina McKinnor, when questioning Robert Singleton, a lobbyist for big tech companies, mentioned “When I look up a face cream, all of a sudden on Facebook I have 100 advertisements of face creams. So we could do that, but we can’t put in age verification.”
  • The only opposition testimony came from the Chamber of Progress, which represents big tech companies.

The reality is, much of the backbone of our digital infrastructure rests not on proprietary software created by for-profit big tech companies, but on open source software. Like a cooking recipe without a paywall, open source software is freely available for anyone to inspect, modify, and use. Most servers, mobile devices, drones, routers, robots, even medical devices, rely on open source software for critical functions. This is for many reasons: it’s easier for security researchers to audit, it’s cheaper for companies to share software rather than reinvent the wheel, and it gives tech enthusiasts and entrepreneurs the freedom to tinker and innovate.

While big tech companies do contribute, open source software is typically not supported by “thousands of engineers”, but instead by hobbyists, unpaid volunteers, and nonprofits. Sometimes a single unpaid volunteer might end up supporting an extremely critical part of the technology infrastructure. This is called the “Nebraska problem”, which jokingly refers to a notional unpaid developer from Nebraska, as this xkcd comic explains. Sometimes the technologies they maintain become so important that they can threaten our national security. In 2024, a nation-state actor targeted a burned-out, unpaid volunteer maintaining an open source application and almost gave themselves a backdoor into millions of servers around the world, potentially compromising vast troves of sensitive data (including data on children). Watch this Veritasium video to learn more.

AB 1043 would make the Nebraska problem even worse. Under § 1798.501(b)(1), it forces developers to request age signals, causing additional child-adjacent regulations to kick in once they have actual knowledge their user is a child. Operating system providers, under § 1798.501(a), are forced to provide the age signals. If OS providers or developers don’t comply, they could be subject to ruinous fines. See this blog post or agelesslinux.org for more analysis.

Another problem with § 1798.501(b)(1) is that it forces all apps, even ones completely benign to children like calculator or recipe apps, to request age signals. The best policy that would help kids online, in my opinion, is protecting their privacy so they don’t become targets to predators. Cybersecurity is an expensive afterthought for many developers, and this provision will probably backfire by identifying users as underage to bad actors who shouldn’t know their age at all.

No one raised these issues in any AB 1043 committee hearing.

But the problems don’t end there. I think AB 1043 will also harm the intellectual curiosity and education of our children.

When I was 12 (the lowest age bracket of AB 1043), I first learned software development. I learned how to program a robot to roam around, avoid obstacles, and battle other robots. This was so much fun that over the subsequent years I taught myself much more. I had a website where I shared artwork and animations, I made a website for PC enthusiasts to shop for computer parts, I made useful little apps on my HP calculator, and I tinkered with drones and remote-controlled vehicles. Throughout my journey, I relied on free access to open source software and technologists willing to share their knowledge, like Adafruit Industries (which has spoken out against Colorado’s similar bill).

In a post-AB 1043 world, my journey would be very different. Already, open source projects are simply choosing to opt-out rather than comply with the expensive regulatory burden. The open-source operating systems MidnightBSD, Arch Linux 32, and many others have updated their terms of service to exclude California. DB48X, an HP calculator emulator, has done the same. That one particularly hurts, considering my fond memories of programming those calculators in high school.

I fear many more projects will take the same path, either by excluding California or excluding children and teenagers. I also fear that we’re jailing children in a walled garden curated by a handful of tech companies with the resources to eat the regulatory costs. This is a dystopian hell that I wouldn’t want my children to live in.

January 1st, 2027, when AB 1043 goes into effect, is still months away and we have time to fix it. This is what I’d suggest:

  • Narrow the scope of AB 1043 to exclude open source. Colorado lawmakers are considering this for SB26-051 and are working with System76, a local PC-building business, on it. The real targets of this bill are commercial app developers and device makers who profit off children. Since for-profit OS providers and developers don’t give away their source code for free, the bill’s intent is still intact.
  • Exempt developers from liability if their application is benign to children. It doesn’t make sense that a calculator app should request and handle age signals in the same way Snapchat would.
  • Narrow the scope of AB 1043 to what its authors originally intended: parents setting up devices for their children. Create a way for parents to know which devices support age attestation and which don’t, so they can make informed choices (e.g. iPads will support it, custom-built computers will not). It’s like the Energy Star logo: if you follow the regulations, you get to display the logo.

So far, California has an excellent legal framework protecting people’s freedom to innovate. Having lived in a number of states, I think California is by far the best state to start a technology business or recruit talent. Please keep it that way.