The Supreme Court has announced it will review a legal challenge against a Texas statute mandating digital ID verification for any websites and apps that could be deemed “harmful to minors.” While the law is typically associated with pornographic material, the broad term “harmful to minors” could apply to a wide range of websites, preventing users from accessing content without first uploading their ID.

This legal battle revolves around Texas’ age verification bill, introduced in 2023. The law also requires these sites to present health warnings about the alleged psychological dangers of pornography consumption. Notably, this labeling requirement does not yet extend to search engines or social media platforms.

Websites that fail to comply with the law face steep fines, including daily civil penalties of up to $10,000 and potential fines from the Texas attorney general of up to $250,000 per instance if a minor accesses restricted content. Similar laws are currently active in seven other states and are set to be introduced in more states soon.

The Free Speech Coalition, along with several adult website operators, filed a lawsuit against the bill. Their argument is that the law infringes on First Amendment rights. A federal district court initially halted the law’s enforcement just before its implementation on September 1, 2023.

Mandatory digital ID requirements for website and social media use raise significant concerns about the chilling effect on free speech. These requirements can deter online participation due to privacy fears and undermine the anonymity vital for activists and whistleblowers. Such policies may also lead to self-censorship, as users might avoid sharing controversial opinions out of fear of being easily traced. Additionally, implementing digital IDs poses complex legal, technical, and logistical challenges that could result in bureaucratic errors and data breaches. The major Big Tech ID verification company AU10TIX was recently reported to have suffered a data leak, though the company says it hasn’t seen evidence of any user data being exploited.

The majority of the panel at the US Court of Appeals for the 5th Circuit concluded that the Texas law is “rationally related to the government’s legitimate interest in preventing minors’ access to pornography,” using the least stringent rational-basis review standard, and thus did not violate the First Amendment. In contrast, Judge Patrick Higginbotham dissented, arguing that the law necessitates strict scrutiny due to its content-based restrictions on adult access to protected speech.

As the 5th Circuit allowed its decision to stand, the Free Speech Coalition and the affected websites escalated the matter to the Supreme Court. Their appeal emphasized the contradiction between the 5th Circuit’s decision and established Supreme Court precedents regarding sexual content and expression. They argue that the law unduly burdens adults’ constitutional rights by requiring the disclosure of personal information, thus increasing the risk of data breaches and privacy violations.

Texas officials defend the legislation, asserting it as a reasonable measure to protect minors from sexually explicit materials and not an undue burden on the porn industry.

As the Supreme Court prepares to review the case, the decision will have significant implications for digital privacy, free speech, and the regulation of online content across the United States.

The Gates Foundation continues to drive global efforts aimed at introducing digital ID and payment systems by the end of this decade, awarding a $4 million grant to the UK-based Alan Turing Institute. This funding is part of a broader initiative known as the digital public infrastructure (DPI), supported by a coalition of private groups, such as the Gates Foundation and the World Economic Forum (WEF), as well as major global entities like the US, the EU, and the UN.

The Turing Institute, renowned for its work in AI and data science research, has announced that this latest grant will support a multidisciplinary project over the next three years. The project’s primary objective is to ensure the “responsible” implementation of ID services, focusing on privacy and security concerns. This initiative aims to address the critical issues raised by opponents of digital ID schemes, who consistently warn about the risks of centralizing personal identities.

The Turing Institute is framing its work, funded by the Gates Foundation, as an effort to balance the benefits of digital ID systems with robust privacy and security measures. According to the Institute, the project “aims to enhance the privacy and security of national digital identity systems, with the ultimate goal to maximize the value to beneficiaries, whilst limiting known and unknown risks to these constituents and maintaining the integrity of the overall system.”

Despite these assurances, skepticism remains. Critics argue that the Gates Foundation’s long-standing involvement in promoting digital ID and payment systems raises concerns about the true motives behind these initiatives. They fear that the emphasis on privacy and security in this new project may be more about perception management than addressing substantive risks.

The Turing Institute emphasizes that implementing digital ID services can improve inclusion, access to services, and human rights. However, they acknowledge the need for “tweaking” privacy and security measures to enhance trust in these systems. The renewed grant from the Gates Foundation is seen as a step towards achieving this balance, although critics worry it might be a public relations effort to mitigate opposition.

“The project aims to enhance the privacy and security of national digital identity systems, with the ultimate goal to maximize the value to beneficiaries, whilst limiting known and unknown risks to these constituents and maintaining the integrity of the overall system,” the Institute said in its announcement.

This initiative comes amidst increasing investments in developing secure, scalable, and user-friendly digital ID systems. According to the Turing Institute, billions of dollars are being poured into this field each year to address these challenges.

The Gates Foundation’s latest grant highlights the ongoing global push towards digital public infrastructure, which aims to integrate digital ID systems with broader societal benefits. However, the tension between the potential advantages of these systems and the significant privacy and security concerns they raise continues to be a focal point of debate.

As the Turing Institute embarks on this new project, the world will be watching closely to see whether the promised enhancements to privacy and security materialize, and whether these efforts genuinely address the concerns of those wary of centralized digital ID systems.

For years, cybersecurity researchers at Citizen Lab have been closely monitoring the activities of the Israeli spyware firm NSO Group, particularly focusing on its flagship product, Pegasus. Their investigations have revealed alarming instances of Pegasus being used to target the phones of journalists and human rights defenders via a WhatsApp security vulnerability, as reported in 2019.

Now, NSO Group, which is blacklisted by the U.S. government for selling spyware to repressive regimes, finds itself embroiled in a lawsuit over the WhatsApp exploit. Filed in U.S. federal court in 2019 by WhatsApp and Meta (then Facebook), the lawsuit alleges that NSO sent Pegasus and other malware to approximately 1,400 devices worldwide. Despite NSO’s repeated attempts to have the case dismissed, it has persisted for over four years.

As the lawsuit progresses, NSO has resorted to demanding access to Citizen Lab’s investigative materials. However, a judge recently denied NSO’s latest attempt to obtain access to Citizen Lab’s documents. Citizen Lab’s lawyers argued that providing raw research data to NSO would endanger individuals already victimized by NSO’s activities and could lead to further harassment, including from their own governments.

NSO has been striving to improve its public image in recent years, particularly since being blacklisted in 2021. The company has even requested meetings with the State Department to discuss Pegasus as a tool for combating terrorism. Nevertheless, NSO continues to face legal challenges in U.S. courts over Pegasus, with ongoing lawsuits brought by various parties, including Salvadoran journalists, Apple, and Hanan Elatr Khashoggi, the widow of murdered journalist Jamal Khashoggi. These lawsuits rely heavily on Citizen Lab’s research findings.

Despite NSO’s efforts to evade accountability, the WhatsApp lawsuit has not been in the company’s favor. Initially, NSO claimed immunity from being sued in American courts, but this argument was rejected by a federal appeals court in 2021. The lawsuit has since faced other legal hurdles, including NSO’s unsuccessful attempts to have it moved to Israel.

In a significant development, earlier this year, Judge Phyllis Hamilton ordered NSO to disclose the software code not only for Pegasus but also for any NSO spyware targeting or directed at WhatsApp servers. This order underscores the extent of NSO’s legal obligations and the gravity of the allegations against it.

While NSO has obtained thousands of documents from Meta and WhatsApp regarding Citizen Lab’s Pegasus investigation, its attempts to extract more information directly from Citizen Lab have been thwarted. Despite NSO’s persistence, Judge Hamilton concluded that its demands were “plainly overbroad.” She has left open the possibility for NSO to try again, but only if it can provide evidence linking specific individuals identified by Citizen Lab as targets to criminal or terrorist activity.

In response to the court’s decision, Citizen Lab’s director, Ronald Deibert, expressed satisfaction that the court recognized NSO Group’s request for information as overbroad and unnecessary at this time to resolve the disputed issues. This legal battle underscores the importance of holding companies like NSO accountable for their actions and protecting the rights of individuals targeted by unlawful surveillance.

SOURCE: THE INTERCEPT