Across most of the U.S., if you want to watch porn online, you have to hand over a government ID or submit to a biometric scan to determine you’re over 18 years of age. But people in Wisconsin can keep freely accessing porn sites—and any other website that hosts more than one third adult content—after Governor Tony Evers vetoed the state’s age verification bill on Friday.
A copycat of the dozens of bills that have passed in the U.S. since 2022, Wisconsin’s Assembly Bill 105 would have forced sites with more than one third “material harmful to minors,” defined as “depictions of actual or simulated sexual acts or body parts including pubic areas, genitals, buttocks, and female nipples,” to verify visitors’ ages by “using any commercially reasonable method that uses public or private transactional data gathered about the individual.” This means uploading an ID, showing their face for a biometric scan, uploading their credit card information, or combinations of these.
“I am vetoing this bill in its entirety because I object to this bill’s intrusion into the personal privacy of Wisconsin residents,” Evers wrote in a letter to the members of the assembly, dated April 3. “While I agree that we should protect children from harmful material, this bill imposes an intrusive burden on adults who are trying to access constitutionally protected materials.”
Evers wrote that the bill doesn’t prevent platforms from giving collected personal data to third parties, such as the government or data brokers. “This is a violation of personal privacy,” he wrote.
“Additionally, I am concerned about data security and the potential for misuse of personally identifiable information. Identifiable information could be intercepted by or transmitted to a third party and used as the basis for blackmail or identity theft. Further, although the bill includes penalties for a business entity who violates the prohibition on retention of personal information, those penalties cannot undo the harm that may occur to an individual who is the victim of actions like blackmail or identity theft as a result of a bad actor obtaining their identity.”
Last year, after the UK’s Online Safety Act started requiring websites and platforms to verify users’ ages, Discord users’ age verification data—including selfies and identity documents—was exposed in a security breach. The hack was just one instance where users’ personal data has been required by a platform and then exposed to the whole internet: also last year, similar data was exposed by the Tea app, which made users provide selfies and identity documents to prove they’re women.
An earlier version of the bill attempted to ban Wisconsinites from accessing sites using virtual private networks (VPNs); lawmakers are increasingly pushing to restrict VPNs, but so far have faced pushback from citizens and civil liberties groups. Wisconsin state Sen. Van Wanggaard moved to delete that provision in the legislation, and the state assembly agreed to remove the VPN ban in February.
The adult advocacy group Free Speech Coalition wrote following the veto that Director of Public Policy Mike Stabile flew to Madison “to meet with legislators to discuss the legal and technological issues with the bill, including a ban on VPN traffic, and to advocate for device-based verification solutions.”
“Put simply, AB-105 raises significant concerns around privacy, surveillance, and the First Amendment,” the ACLU of Wisconsin wrote in testimony submitted in March. “While the ACLU of Wisconsin is sympathetic to the overarching goal of this legislation, we do not believe an appropriate trade-off is compromising the civil liberties of all Wisconsinites.”
Wisconsin is now one of only a handful of states left that allows access to porn without requiring users jump through invasive age verification hoops. “We can and should work to prevent minors from accessing adult content, but there are better solutions than the one offered by this bill,” Evers wrote in his veto letter. “For example, we can work with tech companies to implement device-based age verification that takes place on a user’s phone or computer, which can be a more secure and effective method. Other states have been moving toward device-based solutions, and major tech companies are adopting these options as well.”
