Not sharing Johnson's optimism, Goldman wrote that "there is no 'preferred' or 'ideal' way to do online age authentication." Even a perfect system that accurately authenticates age every time would be flawed, he suggested.

"Rather, they each fall on a spectrum of 'dangerous in one way' to 'dangerous in a different way,'" he wrote, concluding that "every solution has serious privacy, accuracy, or security problems."

Kids at “grave risk” from uninformed laws

As a "burgeoning" age verification industry swells, Goldman wants to see more earnest efforts from lawmakers to "develop a wider and more thoughtful toolkit of online child safety measures." They could start, he suggested, by consistently defining minors in laws so it's clear who is being regulated and what access is being restricted. They could then provide education to parents and minors to help them navigate online harms.

Without such careful consideration, Goldman predicts a dystopian future prompted by age verification laws. If SCOTUS endorses them, users could become so accustomed to age gates that they start entering sensitive information into various web platforms without a second thought. Even the government knows that would be a disaster, Goldman said.

"Governments around the world want people to think twice before sharing sensitive biometric information due to the information’s immutability if stolen," Goldman wrote. "Mandatory age authentication teaches them the opposite lesson."

Goldman recommends that lawmakers start seeking an information-based solution to age verification problems rather than depending on tech to save the day.

"Treating the online age authentication challenges as purely technological encourages the unsupportable belief that its problems can be solved if technologists 'nerd harder,'" Goldman wrote. "This reductionist thinking is a categorical error. Age authentication is fundamentally an information problem, not a technology problem. Technology can help improve information accuracy and quality, but it cannot unilaterally solve information challenges."

Lawmakers could potentially minimize risks to kids by only verifying age when someone tries to access restricted content or "by compelling age authenticators to minimize their data collection" and "promptly delete any highly sensitive information" collected. That likely wouldn't stop some vendors from collecting or retaining data anyway, Goldman suggested. But it could be a better standard to protect users of all ages from inevitable data breaches, since we know that "numerous authenticators have suffered major data security failures that put authenticated individuals at grave risk."

"If the policy goal is to protect minors online because of their potential vulnerability, then forcing minors to constantly decide whether or not to share highly sensitive information with strangers online is a policy failure," Goldman wrote. "Child safety online needs a whole-of-society response, not a delegate-and-pray approach."