Part 3 of the Age Verification series · ← Previous · Next →
You do not ban children from the road because the road leads to a bar. You require the bar to check IDs at the door.
The road is neutral infrastructure. Children use it to get to school, parks, libraries, and everywhere else they are supposed to be. The existence of age-restricted establishments along the road does not make the road an age-verification problem. It makes the establishments responsible for their own doors.
Meta wants to ban kids from the road.
Two bills, same destination#
Two competing model bills are moving through state legislatures. Both shift age verification away from social media platforms. Neither requires the platforms to do anything.
The App Store Accountability Act (ASAA) requires app stores (Apple, Google Play) to verify age before downloads. Enacted in Utah, Texas (enjoined December 2025), Louisiana, and Alabama. Pending in 20+ states. Every confirmed supporter is a social media platform. Every confirmed opponent operates an app store.
The Digital Age Assurance Act (DAAA) goes further: device manufacturers must verify age at the operating system level, before the user accesses anything. Enacted in California as AB-1043. New York’s S8102A requires “age assurance” at device activation. The manufacturer must verify before the device is usable.
The ASAA gates the app store. The DAAA gates the device. Neither gates the platform. Instagram, Facebook, WhatsApp, TikTok, X, Snapchat: none of them are required to verify anyone under either model. The road gets a checkpoint. The bar stays open.
In Ohio, the two models are competing head-to-head: Meta backs HB-226/SB-167 (ASAA). Google backs HB-302/SB-175 (DAAA). Both are fighting over who builds the gate. Neither is proposing that the bar check IDs.
$4 billion reasons#
Instagram derived an estimated $4 billion in U.S. ad revenue from users ages 13 to 17 in 2022 (16% of its total U.S. ad revenue). Across all major platforms, the total is nearly $11 billion annually from minors. Meta does not disclose revenue by age group. The $4 billion figure comes from Harvard’s T.H. Chan School of Public Health.
Forty-two state attorneys general sued Meta in October 2023. The MDL proceeding now includes over 2,000 lawsuits. A trial in New Mexico is ongoing; Zuckerberg’s deposition was shown to jurors in March. The FTC fined Meta $5 billion in 2019, then proposed banning Meta from monetizing data of users under 18 in 2023 after finding the company failed to comply. Meta’s lawyers argued the FTC lacks authority to modify the agreement without Meta’s consent.
This is the entity lobbying to make someone else verify age.
How it happened#
The TBOTE Project is an open-source intelligence investigation that has documented 245 findings from Meta’s age verification lobbying operation, all sourced from public records (IRS 990 filings, Senate LD-2 disclosures, state lobbying registrations, campaign finance databases, corporate registries). The chronology it documents:
January 2024. Zuckerberg tells the Senate Judiciary Committee that app store operators should handle parental consent, not his platforms.
December 18, 2024. The Digital Childhood Alliance (DCA) registers its domain. The DCA is a 501(c)(4): political advocacy without donor disclosure. But IRS filings show the entity’s tax year began in January 2024, meaning the lobbying vehicle existed 14 months before its public launch. Three days after domain registration, DCA testifies in favor of Utah’s App Store Accountability Act.
March 26, 2025. Utah’s SB-142 signed into law. Seventy-seven days from DCA domain registration to the first ASAA in the country.
May 2025. Texas passes its ASAA (SB 2420). Senator Mike Lee (R-UT) introduces the federal ASAA. Lee’s former legislative assistant, Annie Chestnut Tutor, had left his office for a position at the Heritage Foundation and appeared on the DCA website on launch day.
June 30, 2025. Louisiana’s HB-570 signed into law. A Meta lobbyist drafted the legislative language and delivered it directly to the bill’s sponsor, Rep. Kim Carver (a first-year lawmaker). Carver confirmed this publicly. The bill passed 99-0. Meta deployed $324,992 across 9 firms and 12 lobbyists in Louisiana alone.
July 2025. Meta’s funding of the DCA becomes public. Tiffany Justice, co-founder of Moms for Liberty (a named DCA coalition member), becomes Heritage Action Executive Vice President.
2025 (full year). Meta’s federal lobbying spend hits a record $26.29 million, exceeding Lockheed Martin and Boeing. 87 federal lobbyists across 40+ firms, 86+ lobbyists across 45 states. California alone: $1,036,728 in three quarters. Over $70 million across four state-level super PACs, registered at the state level to scatter disclosures across individual ethics commissions.
2025 (Louisiana Senate hearing). DCA Executive Director Casey Stefanski is pressed under oath about who funds the organization. She says “I don’t feel comfortable with answering these questions.” She eventually admits tech companies fund the DCA but refuses to name them. The DCA claims to represent 140+ organizations. Only six have ever been publicly named. Three of the six are funded by the Heritage Foundation.
March 2026. ASAA bills have been introduced across 30+ jurisdictions within 18 months. Meta’s Forge the Future PAC spends $1.3 million in Texas primaries. In New Mexico, Zuckerberg’s deposition is played for jurors in a trial about child exploitation on his platforms.
The international tell#
If Meta genuinely believed age verification belongs at the app store or device level, it would advocate for that architecture everywhere.
In the EU, Meta spends EUR 10 million annually on lobbying (the largest single-company expenditure) and proposed a “Digital Majority Age” requiring parental approval before minors download apps, shifting the burden to families. In Brazil, Meta testified at Senate hearings. The resulting law (Lei 15.211/2025) placed compliance burden directly on platforms, not app stores. The ASAA playbook failed. Brazil’s legislators rejected the argument.
Childnet International, a Meta Safety Advisory Board member for 17 years and a named DCA coalition member, signed a January 2026 joint statement calling for “a requirement on platforms to use highly effective age assurance.” Not app stores. Not device manufacturers. Platforms. Different countries, different arguments, and Meta’s own advisory board member lands on the one place Meta’s U.S. strategy is designed to avoid.
These are not apps#
Meta’s argument depends on a premise it abandoned years ago: that its products are apps distributed through someone else’s store. They are not. Meta intentionally evolved every major product into a platform.
Facebook is not a social feed. It is a platform for advertisers, game developers, and third-party businesses that build on its Graph API. Messenger is not a chat app. It is a platform for chatbots, automated business tools, and payment integrations. Instagram is not a photo app. It is a platform for marketing tools, analytics dashboards, and shopping integrations built on the same API infrastructure. WhatsApp is the clearest example: there is a consumer messaging app, and a separate WhatsApp Business Platform API that enterprises integrate into their own customer service systems and CRMs.
These are not apps sitting in a store waiting to be downloaded. They are ecosystems. Third-party developers build on them. Businesses depend on them. Advertisers pay to reach users through them. Meta built the platforms, operates the platforms, and profits from the platforms. The app store is a distribution channel. The platform is where the product lives, where the data is collected, and where minors are monetized.
And here is the strategic payoff. By pushing verification to the app store or the device, Meta reframes the question. It is no longer “should my child use Instagram.” It is “should my child go online.” A parent might say no to Instagram. But a phone is how their child does homework, talks to friends, and navigates the world. “Should my child go online” is a much easier yes. That is not a federated gate where each platform checks its own door. It is a single gate over all internet access, one that Meta does not manage and one that lets more customers through. The parent says yes once, and every platform behind that gate gets a verified user without lifting a finger.
The road is not the problem#
We published the technical architecture three days ago. A canonical hash. A government API. A signed boolean. No PII in transit. No document uploads. No biometric databases. No third-party vendors. The system is simpler than NICS, E-Verify, or IRS e-file. The government already runs harder systems.
The technical solution does not get built because the entity with the most to lose is the one writing the laws.
The ASAA gates the app store. The DAAA gates the device. Between them, they propose to verify age at every layer of infrastructure except the one that profits from children. Apple builds the gate. Google builds the gate. The device manufacturer builds the gate. The operating system builds the gate. The platform that generates $4 billion a year from minors, that 42 attorneys general allege harms children, that the FTC fined $5 billion and then found in violation of its own consent order? That platform is carved out of every bill it helped write.
You do not ban children from the road because the road leads to a bar. You do not build a single gate across the road that the bar does not manage, that the bar did not pay for, and that lets more people through than the bar’s own door ever would. You require the bar to check IDs at its own door. Four billion dollars a year in revenue from children flows through Meta’s doorway. Meta spent $26.29 million making sure no one ever hangs a door on it.
Part 3 of the Age Verification series · ← Previous · Next →
This post draws on the TBOTE Project, an open-source intelligence investigation documenting Meta’s age verification lobbying operation from public records. The project’s findings, documents, timeline, and methodology are published in full.