404 Media

2025-08-13 13:37:24

Wyoming and South Dakota Age Verification Laws Could Include Huge Parts of the Internet

Last month, age verification laws went into effect in Wyoming and South Dakota, requiring sites hosting “material that is harmful to minors” to verify visitors are over 18 years old. These would normally just be two more states joining the nearly 30 that have so far ceded ground to a years-long campaign for enforcing invasive, ineffective methods of keeping kids away from porn online.

But these two states’ laws leave out an important condition: Unlike the laws passed in other states, they don’t state that this applies only to sites with “33.3 percent” or one-third “harmful” material. That could mean Wyoming and South Dakota would require a huge number of sites to use age verification because they host any material they deem harmful to minors, not just porn sites.

Louisiana became the first state to pass an age verification law in the US in January 2023, and since then, most states have either copied or modeled their laws on Louisiana’s—including in Arizona, Missouri, and Ohio, where these laws will be enacted within the coming weeks. And most have included the “one-third” clause, which would theoretically limit the age verification burden to adult sites. But dropping that provision, as Wyoming and South Dakota have done, opens a huge swath of sites to the burden of verifying the ages of visitors in those states.

Louisiana’s law states:

“Any commercial entity that knowingly and intentionally publishes or distributes material harmful to minors on the internet from a website that contains a substantial portion of such material shall be held liable if the entity fails to perform reasonable age verification methods to verify the age of individuals attempting to access the material.”

A “substantial portion” is 33.3 percent or more material on a site that’s “harmful to minors,” the law says.

The same organizations that have lobbied for age verification laws that apply to porn sites have also spent years targeting social media platforms like Reddit and X, as well as streaming services like Netflix, for hosting adult content they deem “sexploitation.” While these sites and platforms do host adult content, age-gating the entire internet only pushes adult consumers and children alike into less-regulated, more exploitative spaces and situations, while everyone just uses VPNs to get around gates.

Florida Sues Huge Porn Sites Including XVideos and Bang Bros Over Age Verification Law
The lawsuit alleges XVideos, Bang Bros, XNXX, Girls Gone Wild and TrafficFactory are in violation of Florida’s law that requires adult platforms to verify visitors are over 18.
404 MediaSamantha Cole

Adult industry advocacy group the Free Speech Coalition issued an alert about Wyoming and South Dakota’s dropping of the one-third or “substantial” requirement on Tuesday, writing that this could “create civil and criminal liability for social media platforms such as X, Reddit and Discord, retailers such as Amazon and Barnes & Noble, streaming platforms such as Netflix and Rumble,” and any other platform that simply allowed material these states consider “harmful to minors” but doesn’t age-verify. “Under these new laws, a platform with any amount of material ‘harmful to minors,’ is required to verify the age of all visitors using the site. Operators of platforms that fail to do so may be subject to civil suits or even arrest,” they wrote.

I asked Wyoming Representative Martha Lawley, the lead sponsor of the state's bill, if the omission was on purpose and why. "I did not include the '33% or 1/3 rule' in my Age Verification Bill because it creates an almost impossible burden on a victim pursuing a lawsuit for violations of the law. It is more difficult than many might understand to prove percentage of an internet site that qualifies as “pornographic or material harmful to minor'" Lawley wrote in an email. "This was a provision that the porn industry lobbied heavily to be included. In Wyoming, we resisted those efforts. The second issue I had with these types of provisions is that they created some potential U.S. Constitutional concerns. These Constitutional concerns were actually brought up by several U.S. Supreme Court justices during the oral argument in the Texas Age Verification case. So, in short the 1/3 limitation places an undue burden on victims and creates potential U.S. Constitutional concerns."

I asked South Dakota Representative and sponsor of that state's bill Bethany Soye the same question. "We intentionally used the standard of 'regular course of trade or business' instead of 1/3. The 1/3 standard leaves many questions open. How is the amount measured? Is it number of images, minutes of video, number of separate webpages, pixels, etc. During oral argument, a Justice (Alito if I remember correctly) asked the attorney what percentage of porn was on his client’s websites. The attorney couldn’t give him an answer, instead he mentioned the other things on the websites like articles on sexual health and how to be an activist against these laws," Soye told me in an email. "The 1/3 standard also calls into question the government’s compelling interest in protecting kids from porn. Are we saying that 33% is harmful to minors but a website with 30% is not? We chose regular course of business because it is focused on the purpose of the business/website, not an arbitrary number. If you look into the history of the bill, 33% was a totally random number put in the first bill passed in Louisiana. Other states have just been copying it since then. We hope that our standard becomes the norm for state laws moving forward."

Kansas Is About to Pass the Most Extreme Age Verification Law Yet
The bill would make sites with more than 25 percent adult content liable to fines, and lumps homosexuality into “sexual conduct.”
404 MediaSamantha Cole

A version of what could be the future of the internet in the US is already playing out in the UK. Last month, the UK enacted the Online Safety Act, which forces platforms to verify the ages of everyone who tries to access certain kinds of content deemed harmful to children. So far, this has included (but isn’t limited to) Discord, popular communities on Reddit, social media sites like Bluesky, and certain content on Spotify.
playlist.megaphone.fm?p=TBIEA2…
On Monday, a judge dismissed a case brought by the Wikimedia Foundation that argued the over-broadness of the new UK rules would “undermine the privacy and safety of Wikipedia’s volunteer contributors, expose the encyclopedia to manipulation and vandalism, and divert essential resources from protecting people and improving Wikipedia, one of the world’s most trusted and widely used digital public goods,” Wikimedia Foundation wrote. “For example, the Foundation would be required to verify the identity of many Wikipedia contributors, undermining the privacy that is central to keeping Wikipedia volunteers safe.”

"As we're seeing in the UK with the Online Safety Act, laws designed to protect the children from ‘harmful material’ online quickly metastasize and begin capturing nearly all users and all sites in surveillance and censorship schemes,” Mike Stabile, director of public policy at the Free Speech Coalition, told me in an email following the alert. “These laws give the government legal power to threaten platform owners into censoring or removing fairly innocuous content — healthcare information, mainstream films, memes, political speech — while decimating privacy protections for adults. Porn was only ever a Trojan horse for advancing these laws. Now, unfortunately, we're starting to see what we warned was inside all along."

Updated 8/13 2:35 p.m. EST with comment from Rep. Lawley.

Updated 8/13 3:35 p.m. EST with comment from Rep. Soye.

Wikimedia Foundation Challenges UK Online Safety Act Regulations – Wikimedia Foundation

UPDATE: On Monday, 11 August, the High Court of Justice dismissed the Wikimedia Foundation’s challenge to the UK’s Online Safety Act (OSA) Categorisation Regulations.

^{Wikimedia Foundation}

404 Media

2025-08-13 13:12:35

Podcast: Why Are DHS Agents Wearing Meta Ray-Bans?

We start this week with Jason’s article about a CBP official wearing Meta Ray-Bans smart glasses to an immigration raid. A lot of stuff happened after we published that article too. After the break, Sam tells us about the bargain that voice actors are making with AI. In the subscribers-only section, Jason tells us how a DEA official used a cop’s password to AI cameras to then do immigration surveillance.
playlist.megaphone.fm?e=TBIEA7…
Listen to the weekly podcast on Apple Podcasts,Spotify, or YouTube. Become a paid subscriber for access to this episode's bonus content and to power our journalism. If you become a paid subscriber, check your inbox for an email from our podcast host Transistor for a link to the subscribers-only version! You can also add that subscribers feed to your podcast app of choice and never miss an episode that way. The email should also contain the subscribers-only unlisted YouTube link for the extended video version too. It will also be in the show notes in your podcast player.
youtube.com/embed/nxHFsQSVRkE?…

• ⁠Get your subscriber code and tickets for the live event here⁠
• ⁠A CBP Agent Wore Meta Smart Glasses to an Immigration Raid in Los Angeles⁠
• ⁠Voiceover Artists Weigh the 'Faustian Bargain' of Lending Their Talents to AI⁠
• ⁠Feds Used Local Cop's Password to Do Immigration Surveillance With Flock Cameras⁠
• ⁠Congress Launches Investigation into Flock After 404 Media Reporting⁠

The 404 Media Podcast

Tech News Podcast · Updated Weekly · Welcome to the podcast from 404 Media where Joseph, Sam, Emanuel, and Jason catch you up on the stories we published this week. 404 Media is a journalist-owned digital media company exploring the way …

^{Apple Podcasts}

404 Media

2025-08-13 12:55:58

LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds

📄
This article was primarily reported using public records requests. We are making it available to all readers as a public service. FOIA reporting can be expensive, please consider subscribing to 404 Media to support this work. Or send us a one time donation via our tip jar here.

The Los Angeles Police Department (LAPD) has shown interest in using GeoSpy, a powerful AI tool that can pinpoint the location of photos based on features such as the soil, architecture, and other identifying features, according to emails obtained by 404 Media. The news also comes as GeoSpy’s founder shared a video showing how the tool can be used in relation to undocumented immigrants in sanctuary cities, and specifically Los Angeles.

The emails provide the first named case of a law enforcement agency showing clear interest in the tool. GeoSpy can also let law enforcement determine what home or building, down to the specific address, a photo came from, in some cases including photos taken inside with no windows or view of the street.

“Let’s start with one seat/license (me),” an October 2024 email from an LAPD official to Graylark Technologies, the company behind GeoSpy, reads. The LAPD official is from the agency’s Robbery-Homicide division, according to the email. 404 Media obtained the emails through a public records request with the LAPD.

Upgrade to continue reading

Become a paid member to get access to all premium content
Upgrade

LAPD Eyes ‘GeoSpy’, an AI Tool That Can Geolocate Photos in Seconds

^{Joseph Cox (404 Media)}

404 Media

2025-08-12 15:04:32

Feds Used Local Cop's Password to Do Immigration Surveillance With Flock Cameras

A Drug Enforcement Administration agent used a local police officer’s password to the Flock automated license plate reader system to search for someone suspected of an “immigration violation.” That DEA agent did this “without [the local police officer’s] knowledge,” and the password to the Flock account, which belonged to the Palos Heights PD, has since been changed. Using license plate readers for immigration enforcement is illegal in Illinois, and casual password sharing between local police and federal law enforcement for access to surveillance systems is, at the very least, against Flock’s terms of service.

The details of the search were first reported by the investigative news outlet Unraveled, which obtained group chats about the search using a public records request. More details about the search were obtained and shared with 404 Media by Shawn, a 404 Media reader who filed a public records request with Palos Heights after attending one of our FOIA Forums.

DEA agent used Illinois cop’s Flock license plate reader password for immigration enforcement searches
A federal Drug Enforcement Administration agent on a Chicago area task force used Palos Heights Detective Todd Hutchinson’s login credentials to perform unauthorized searches this past January. Group chat screenshots obtained via public records request show the detective and the feds discussing the incident.
Unraveled Press

Flock makes automated license plate reader (ALPR) cameras, which passively collect the time, plates, and model of cars that drive past them and enter them into a network that can then be searched by police. Our investigation in May showed that federal agents were gaining side-door access into this system by asking local police to perform immigration enforcement searches for them; the new documents show that in some cases, local police have simply given federal agents their passwords.

The documents obtained by Unraveled show details of an internal investigation done by the Palos Heights, Illinois police department in response to a series of questions that I asked them for an article we published in May that appeared to show a Todd Hutchinson, a police officer in Palos Heights, performing a series of Flock searches in January as part of their research into an “immigration violation.”

At the time, Palos Heights police chief Mike Yott told me that Hutchinson was a member of a DEA task force “that does not work immigration cases.”

“None of our officers that work with federal agencies have cross designation as immigration officers, and therefore have no immigration authority, and we and our partner agencies are very sensitive to the fact that we and the State of Illinois do not pursue immigration issues,” Yott said. “Based on the limited information on the report, the coding/wording may be poor and the use of Flock may be part of a narcotics investigation or a fugitive status warrant, which does on occasion involve people with various immigration statuses.”

Our reporting set off an internal investigation into what these searches were for, and who did them, according to the documents obtained by Unraveled. According to a July 9 investigation report written by the Palos Heights Police Department, Hutchinson was the only task force member who had access to Flock. Information about what the search was actually for is redacted in the internal investigation, and neither the Palos Heights Police Department nor the DEA has said what it was for.

“Hutchinson advised that it was common that he allowed others to use his login to Flock during the course of their drug investigations. TFO Hutchinson spoke to his group and learned that one of the DEA agents completed these searches and used his login information,” the report says. The DEA agent (whose name is redacted in the report) “did in fact use Hutchinson’s login for federal investigations in late January 2025 without Hutchinson’s knowledge of said use.”

“When I had shared my account with the Special Agent, I believed it would only be used for DEA/narcotics related investigations,” Hutchinson wrote in an email to his bosses explaining why he shared his password. Hutchinson said in a series of text messages to task force officers, which were also obtained by Unraveled, that he had to change the password to lock other members of the task force out of the system.

“What’s the new password?,” a task force member wrote to Hutchinson.

“Sorry man. Keys had to be taken away,” he responded.

The task force member replied with a gif of a sad Chandler Bing from friends sitting in the rain.

“Hey guys I no longer have access to Flock cause Hutch took my access away,” another group text reads. “Apparently someone who has access to his account may have been running plates and may have placed the search bar ‘immigration’.. which maybe have brought undue attention to his account. Effective immediately Defer all flock inquiries to Toss Hutchinstein[sic].”

“Dear Todd, I hope you don’t get in trouble cause of my mistake,” the DEA agent joked in the group chat. “U were so helpful in giving the group access but now that is gone, gone like dust,…..in the wind … Trust is broken / I don’t know if bridges can be mended … one day we might be back to normal but until then I will just have to sit by this window and pray things will return … Best Regards. Ps, can u flock a plate for me”

“Only time will tell my fate, I suppose,” Hutchinson responded. “What’s the plate? And confirming it is NOT for immigration purposes…”

“It was a test …… and u passed ….,” the DEA agent responds.

In response to a separate public records request filed by Shawn, the 404 Media reader, and shared with us, the Palos Heights Police Department said “Our investigation into this matter has revealed that while these inquiries appear to have been run as part of a taskforce assignment, no member of the Palos Heights Police Department ‘ran’ those queries. They were, apparently, run by another, non-Palos Heights, task force member who used a Palos Height's member's sign in and password information without his knowledge.”

The Palos Heights Police Department said in its investigation files that “this incident has brought to light the need to review our own protocols of LPR use.” The police department said that it had decided to limit searches of its Flock system only to agencies within the state of Illinois, rather than to police departments around the country. The department also turned on two-factor authentication, which had not been previously enabled.

“Lastly, I believe there is a need to start a monthly review of our own flock searches to ensure our officers are working within standards and compliant with all policies and laws,” the report says.

Palos Heights’ casual sharing of passwords to a powerful surveillance system is a violation of Flock’s terms of service, which states “Authorized End Users shall not share their account username or password information and must protect the security of the username and password.”

More concerningly, it shows, as we have been reporting, that there are very few practical guardrails on how Flock is being used. The DEA does not have a contract with Flock, and police generally do not obtain a warrant to use Flock. We have repeatedly reported on police officers around the country who have offered to either run plates for their colleagues or to give them access to their logins, even when those agencies have not gone through proper acquisition channels.

The Palos Heights police department did not respond to a request for comment from 404 Media. The DEA told 404 Media “we respectfully refer you to the Palos Heights Police Department.” Flock also did not respond to a request for comment. The House Oversight Committee announced last week that it had launched an investigation into how Flock is being used to search for immigration violations.

ICE Taps into Nationwide AI-Enabled Camera Network, Data Shows

Flock's automatic license plate reader (ALPR) cameras are in more than 5,000 communities around the U.S. Local police are doing lookups in the nationwide system for ICE.

^{Jason Koebler (404 Media)}