On 27 June 2026, the Australian government announced it would double the maximum penalty for social media platforms that fail to keep children under 16 off their services — from $49.5 million to $99 million. The justification was simple and, on its face, decent: a study published in the British Medical Journal had just found that 85% of Australians aged 12 to 15 were still using social media three months after the world's first under-16 ban came into force. Two-thirds had simply lied about their age, or uploaded a selfie that an algorithm decided looked old enough.
Nobody is arguing children should be algorithmically profiled, fractionated, and sold outrage at scale from the age of eleven. That case has already been made on this site. What this page asks is a different, colder question: what is the infrastructure that a ban like this requires — and what else, exactly, has that infrastructure been built to do?
Because a ban that needs you to prove your age to a platform needs you to have a verifiable digital identity. A verifiable digital identity, once built, does not stay in its lane. And once a government has built the rails for who you are online, the rails for what you can buy, what you can say, and what you might do next are not a separate project. They are the same rails, extended.
Start with what is true and undisputed. Since 10 December 2025, ten major platforms — Facebook, Instagram, Snapchat, TikTok, X, YouTube, Reddit, Twitch, Threads and Kick — have been required to take "reasonable steps" to keep Australians under 16 off their services. The government says more than 5 million under-16 accounts have been deactivated or restricted. The Prime Minister calls it a success the world is watching.
It is also, by the government's own admission six months in, not working. The BMJ study of 408 adolescents found the age-assurance mechanisms — selfies, self-declared birthdates — are trivially defeated by anyone who looks vaguely old enough or knows how to angle a camera. So the government's answer was not to ask whether the mechanism itself was flawed. It was to make the fine bigger and give the regulator more power to compel companies to hand over evidence of what they have done.
This is a worldwide first-mover experiment, and the rest of the world is openly using Australia as the test case. That is not commentary — it is the explicit, stated framing of multiple governments now moving on the same policy.
More than twenty countries, in other words, are at some point on this spectrum. The European Commission president has already framed the stakes in language worth sitting with: "The question is not whether young people should have access to social media. The question is whether social media should have access to young people." It is a good line. It is also, conveniently, a line that applies just as well to a government as it does to a platform — and nobody in Brussels is asking that version of the question out loud.
Before going anywhere near what is being built next, it is worth being completely clear about something: this is not a slippery-slope hypothetical. Mass data collection on civilian populations, by corporations and by governments, has already happened, has already been weaponised, and has already been confirmed in court, in congressional testimony, and in regulatory fines. Three cases. All documented. All settled fact.
In 2014, a Cambridge University researcher named Aleksandr Kogan built a Facebook quiz app called "thisisyourdigitallife." Around 270,000 people were paid a dollar or two to take a personality test. The app didn't just collect their data — Facebook's API at the time allowed it to pull data from everyone in their friend networks too, without those friends ever installing anything or consenting to anything. The harvest scaled from 270,000 consenting users to as many as 87 million Facebook profiles.
That data was used to build psychographic personality profiles — the "OCEAN" model: Openness, Conscientiousness, Extraversion, Agreeableness, Neuroticism — on tens of millions of voters. Cambridge Analytica then sold targeted political messaging built from those profiles to the Ted Cruz and Trump presidential campaigns and to the UK's Leave.EU Brexit campaign. This was not a hack. Facebook's own platform was designed, by deliberate choice, to allow exactly this kind of bulk extraction. The company only closed the loophole in 2014–2015, years after the data had already left the building.
In June 2013, NSA contractor Edward Snowden leaked documents revealing a program called PRISM, under which the NSA had direct access to user data held by nine major US technology companies: Microsoft (from 2007), Yahoo (2008), Google and Facebook (2009), YouTube (2010), Skype and AOL (2011), and Apple (2012). The access covered email, video and voice chat, photos, file transfers and social networking data — and it was, according to leaked NSA briefing slides, the agency's single largest source of raw intelligence, accounting for 91% of all internet data acquired under Section 702 of the Foreign Intelligence Surveillance Act.
A companion program, Upstream, tapped the physical fibre-optic cables that carry the bulk of global internet traffic directly, without needing the cooperation of any tech company at all.
This is the part that is not history. It is happening right now, and it is the direct, current-generation descendant of both cases above. The Fourth Amendment in the United States — and equivalent privacy protections elsewhere — require a warrant before government can compel a company to hand over your location, your communications, or your personal records. But there is no such requirement if the government simply buys that same data on the open market from a commercial broker who collected it legally through an app's terms of service.
In March 2026, FBI Director Kash Patel was directly asked by a US senator whether he would commit to not purchasing Americans' location data. He declined to make that commitment, stating the agency "uses all tools" and that the practice has "led to some valuable intelligence." In the same month, it was confirmed that the Department of Homeland Security had signed a $1 billion contract with Palantir to build AI-powered analytics across its surveillance operations, and that ICE holds a separate $30 million Palantir contract for a platform called ImmigrationOS, built for "near real-time visibility" on people targeted for deportation.
One privacy researcher offered the analogy that has stuck: if the FBI wants to search your apartment, the Fourth Amendment says they need a warrant from a judge. If they instead pay your landlord for a key, most people would not call that "buying access" — they would call it exactly what it is. As of mid-2026, the legislative fight to close this loophole is ongoing and unresolved in the US Congress.
Australia has not been a bystander here. Since 2015, telecommunications companies have been required to retain customer metadata — call duration, location, timestamps, who you contacted and when, though not message content — for two years, for warrantless access by around 20 specified law enforcement and security agencies.
A 2020 Parliamentary Joint Committee review found that a loophole had allowed the scheme to balloon far beyond that. More than 80 additional agencies — local councils, the Taxi Services Commission, a state fisheries department, and the RSPCA — were found to have accessed the scheme via a separate legal provision never intended for this purpose. Government records showed nearly 750,000 warrantless metadata requests in the five years to 2014, and more than 296,000 in a single financial year by 2018 — against just over a thousand actual warrants for message content in the same early period. Reform was promised in 2023. The full extent of agency access remains, by the government's own admission, incompletely tracked.
A social media age ban cannot function without a way to prove who you are online. That requirement does not vanish once the ban is in place — it becomes the permanent justification for the next piece of infrastructure, and the one after that.
In the European Union, Regulation (EU) 2024/1183 is a legal obligation, not a goal: every member state must make a Digital Identity Wallet available to citizens, residents and businesses by the end of 2026. The wallet links a person's national digital ID with their driving licence, diplomas, professional qualifications and bank account in a single app. Use by individuals is technically voluntary. Acceptance of the wallet by banks, public services, and — within a further year — by every Very Large Online Platform under the EU's Digital Markets Act, is not voluntary at all. It is a legal requirement on the other side of the transaction.
The EU is, simultaneously, negotiating a permanent successor to "Chat Control" — a regulation that would mandate scanning of private messages. The temporary, voluntary version expired in April 2026 after the European Parliament declined to extend it. The permanent version remains in trilogue negotiation, with a target deal in July 2026. It is not law. It is also not dead.
Australia's version of this is already further along than most Australians realise. The government's Digital ID system — myID, formerly myGovID — already has more than 15 million users. From 30 November 2026, accredited private sector companies become eligible to join the same government identity system, expanding it from a tool for accessing Medicare and the ATO into infrastructure the private economy is explicitly being invited to plug into.
If a verified digital identity becomes the gateway to your bank account, the logical next infrastructure project is a currency that is native to that identity from the start. This is not speculative. It is already under construction in dozens of countries, at very different speeds and with very different degrees of compulsion.
China's e-CNY is the furthest advanced of any major economy's digital currency, with 2.25 billion wallets created to date. In January 2026, the People's Bank of China reclassified e-CNY balances as deposit liabilities — a technical-sounding shift that brings the digital yuan structurally closer to an ordinary bank deposit than to the digital cash it was originally pitched as.
The Bahamas offers the clearest case study of the carrot-to-stick pattern worth watching everywhere else. Its central bank initially relied on incentive schemes — rebates, holiday promotions — to get citizens to adopt the Sand Dollar, its CBDC. In 2026, the approach changed: the central bank now plans to require commercial banks to distribute the digital currency, shifting from persuasion to regulatory mandate.
Russia has set a date for its largest banks to enable Digital Ruble transactions for customers: September 2026. Brazil's Drex CBDC is rolling out in two phases this year. The European Central Bank has a draft rulebook and selected technical providers for a digital euro, with possible issuance by 2029 if EU lawmakers adopt the regulation this year.
That last point matters for balance: this is not a uniform global march in one direction. The United States has now legislated against its own central bank doing this. Florida was the first US state to ban government payments in CBDC form, citing privacy. The pushback is real, organised, and in at least one major economy, it has already won. The contest is not settled. It is live, and Australia has not yet declared which side of it the country will land on.
Identity infrastructure and currency infrastructure both generate one thing in vast quantities: data about where you are, what you buy, and who you associate with. That data does not sit idle. Increasingly, it feeds directly into software designed to forecast — not record, forecast — who is statistically likely to commit a crime.
This is not metaphorical. The 2002 Spielberg film Minority Report coined the term "PreCrime" as dystopian fiction. Law enforcement agencies and policy researchers now use the term themselves, without irony, to describe systems already deployed.
| System | What It Does | Outcome |
|---|---|---|
| Pasco County, Florida — Sheriff's "Intelligence-Led Policing" | Compiled a list of residents, including minors, judged statistically likely to offend, then sent deputies to repeatedly visit their homes | More than 1,000 residents cited for unrelated minor infractions like missing mailbox numbers; sheriff's office admitted in a 2024 settlement it had violated residents' constitutional rights. Program discontinued. |
| Chicago — "Strategic Subject List" | Used analytics to rank prior offenders by likelihood of committing new crimes or becoming shooting victims | Decommissioned in 2020 after evidence of limited effectiveness and racial bias in the underlying data |
| Los Angeles — PredPol | Forecast crime hot spots using historical crime data to direct patrols | Discontinued in 2021; criticised for low accuracy and for reinforcing existing policing patterns in over-policed neighbourhoods |
| India — NCRB "CCTNS 2.0" (in development) | Person-based risk scoring of named individuals, named-entity recognition for "repeat offenders," geospatial crime-hotspot mapping | Tabled in parliament March 2026; not yet fully deployed |
For balance: predictive policing has not been a universal failure, and some narrower, place-based versions report genuine results. Japan's Crime Nabi system, exported to parts of Latin America, is credited by its operators with measurable reductions in specific low-level property crime. The honest position is not that all of this is fraudulent — it is that the person-based version, the one that puts your name on a list because of who you are rather than where a crime occurred, has a documented history of getting it wrong, and a documented history of being expanded quietly, with oversight arriving only after the fact.
The final piece of this architecture does not touch your movements or your money. It touches what you are willing to say out loud, knowing the rest of it exists.
The United Kingdom recorded over 12,000 arrests in a single year for offences under its 2003 Communications Act and 1988 Malicious Communications Act — laws that criminalise sending a message that is "grossly offensive" or causes "needless anxiety." Freedom House, the independent watchdog, downgraded the UK's internet freedom score in 2025 specifically over the growth of these prosecutions, noting that the figure had more than doubled since 2017.
Both of those columns are true at the same time, and the site's own standard applies here as much as anywhere else: the existence of a large, rising arrest figure for online speech is a documented, verifiable fact. So is the fact that the overwhelming majority of those arrests do not end in any meaningful penalty. The honest concern is not that Britain has become a country where saying the wrong thing online guarantees prison. It is that the threshold for an arrest — a knock on the door, a seized device, a police interview — has fallen dramatically, even where it almost never leads anywhere further. A chilling effect does not require a conviction. It only requires enough people to hear that the knock is common.
This page is not saying child protection is a pretext invented in bad faith. The harms social media does to developing minds are real, documented, and worth legislating against — this site has made that case on its own terms elsewhere. It is not saying every government official involved in digital ID, CBDC research, or predictive policing is acting with surveillance as the secret goal. Most are very likely solving the specific problem in front of them, sincerely, one piece at a time.
That is exactly the mechanism worth naming. No single agency needs a totalising plan for a surveillance architecture to be assembled. Each piece — a child safety law, a banking efficiency upgrade, a crime-reduction pilot, a hate-speech statute — can be independently reasonable, independently popular, and pass with overwhelming public support, while still combining into something that no public, in any country, was ever asked to approve as a single package. Nobody voted for the wallet, the ledger, the list, and the word as one proposition. They were offered, and accepted, one at a time.
The test this site would suggest is not whether any individual measure sounds reasonable in isolation — almost all of them do. It is whether you would have voted for the complete, combined architecture, knowing everything above, in a single referendum, with no measure allowed to hide behind another. If the honest answer is no, the conversation worth having is not about any one law. It is about why the pieces were never offered together.