Whenever government promises to solve a vexing problem, the first thing to consider is whether the solution even would work. That includes when it comes to protecting kids online.

This legislative session, a handful of bills are targeting social media and online gaming. Fewer and less involved than last year’s proposals, perhaps, but still problematic.

Case-in-point: SB26-51, which would mandate “age attestation on computing devices.”

Sen. Matt Ball, a Denver Democrat and father of three young children, is sponsoring the bill to put “guardrails,” he says, on the internet to protect children. The goal is well-meaning, and the premise seems simple: When you set up a new device, you enter your birth date.

This operating-system signup step generates an “age bracket signal” that gets sent to app developers, who can then restrict content accordingly. It’s similar to California’s recently passed AB1043.

No ID verification or personally identifiable information. Only a birthdate. So, what’s the catch?

Plenty.

For starters, it won’t work. The system depends on kids voluntarily self-reporting their birth dates. Any child determined to access “restricted” content can simply lie.

Moreover, kids today are clever digital natives in a way even Millennials like me never were. By the time Colorado puts this into practice, kids will have already figured ways to circumvent it — VPNs, borrowed logins, secondary devices, tricks yet to be devised. Meanwhile, the mandate remains, compliance costs and all.

And if a child is using a parent’s device, the parents’ age applies — meaning, no restrictions whatsoever.

Supporters might argue it’s better to add hurdles than to do nothing. But government mandates are no substitute for parental responsibility. The ease with which kids can find workarounds only underscores the obvious: Parents — not government — are best positioned to decide what content is appropriate for their children.

A one-size-fits-all law cannot account for a family’s values, a child’s maturity or a parent’s risk tolerance. Some parents may believe their 13-year-old is ready for certain apps or content that another parent wouldn’t allow their 16-year-old to access. Government shouldn’t supplant that discretion under the pretense of child safety.

In fact, the market is already addressing these concerns. Companies offer all kinds of app- and device-level controls — from search filters and time limits to app installation restrictions and limiting who can contact a user.

Many of these tools have become industry best practices, as Cato Institute Senior Fellow Jennifer Huddleston notes, and “static” government is unable to keep pace with “dynamic” innovation.

“What may be seen as a best practice today to verify an individual’s age could become outdated in the future,” Huddleston writes. “Law can rarely evolve as fast as technology, and regulations can lock in what was the best option at the time while preventing services from using better options in the future.”

One-size-fits-all mandates assume all technologies work the same and target identical users, Huddleston adds. But different apps serve different purposes, target audiences and functions. Intervening in the private market in this way ignores those differences.

This discourages innovation by requiring app and operating system developers to build infrastructure to collect, transmit and act on age signals — diverting resources from new innovations or features parents count on. Smaller developers might exit Colorado’s market rather than figuring out how to comply. And for those who do, compliance costs inevitably get passed onto consumers.

After all, there’s no such thing as a free lunch.

All the while, data gets passed along to the tech companies. That data could become more invasive over time. Do we really want to risk sensitive age data about young people being susceptible to breaches? One breach of Discord’s government-mandated age verification records in the UK compromised over 70,000 IDs. Government can only promise so much.

Using age “brackets” rather than exact birthdates in SB51 doesn’t change the fact that it’s still data collection.

Moreover, this plan lays groundwork for worse regulations with even deeper problems. Once the infrastructure is in place, verification becomes the next logical step — biometric scans, ID upload requirements, third-party age-verification services. Once that door is open, the temptation for lawmakers to add more restrictions only grows, as each step feels easier than the last.

Kids these days have easy access to video games with unmoderated chats, photo apps like Instagram that shape social self-image, AI chatbots, adult content and more. Concerns about online child safety are very real and deeply felt. Our legislators should be commended for caring about it.

Yet objectives aren’t outcomes. Where online regulation is concerned, they’d do well to remember: There’s no such thing as a free lunch — and the road to hell is often paved with good intentions.

Jimmy Sengenberger is an investigative journalist, public speaker, and longtime local talk-radio host. Reach Jimmy online at Jimmysengenberger.com or on X (formerly Twitter) @SengCenter.