The hidden impact of two Colorado bills: Privacy risks few are talking about

By Maria Orms | Guest Commentary, Rocky Mountain Voice

When I heard about two bills recently proposed in the Colorado State Legislature, I don’t want to sound overly dramatic—but I felt a real chill.

Right now, our Constitution and modern technology are on a collision course. We’re being forced to decide how to embrace powerful tools without sacrificing privacy and the rights those tools were never meant to undermine. Consider the debate over Flock cameras in Denver: 400 to 800 people showed up to a community meeting in November, and another 24,000 watched online. People are paying attention—and they’re concerned.

Yet these new bills are moving forward with little fanfare and even less public scrutiny. Because they deal with technology, they’re easy to overlook—but their potential impact on everyday life is significant. At stake are two proposals: SB26-051, Age Attestation on Computing Devices, and HB26-1110, Vulnerable Adult Financial Exploitation.

SB26-051 is being pitched as a commonsense effort to protect children online. It would require operating system providers to “provide an accessible interface at account setup to indicate the birth date or age of the user.” On its face, that sounds reasonable. But policies like this rarely stop at simple self-reporting.

We’ve already seen how this plays out elsewhere. In the European Union, app marketplaces such as Apple’s App Store and the Google Play Store have moved toward requiring proof of age. According to an associate at an Apple Store here in Colorado, the latest version of Apple’s operating system in Europe already requires users to submit a government-issued ID just to access apps.

That’s the trajectory we should be watching—not just what the bill says today, but the system it sets in motion.

The Electronic Frontier Foundation has long warned against age-verification mandates, arguing that they undermine free expression for both adults and young people, create barriers to internet access, and put at risk the privacy, anonymity, and security of all users. Requiring service providers to verify age, they argue, is not the right way to keep people safe online.

Because this bill would do more than verify age. It risks eroding online anonymity and laying the groundwork for greater control over personal devices. By requiring systems capable of verifying identity, it opens the door to infrastructure that could one day enable a “kill switch” on phones, tablets, laptops—even televisions.

That may sound extreme. But the concept isn’t new. A version of it appeared in federal policy through the 2021 Infrastructure Investment and Jobs Act, which included provisions related to vehicle shutoff technology—provisions that some Republicans in Congress attempted, unsuccessfully, to remove this year.

HB26-1110 raises a different—but equally troubling—concern. While framed as a way to protect vulnerable adults from financial exploitation, it grants financial institutions the authority to restrict access to a person’s own money.

Under this bill, banks and credit unions can notify law enforcement or adult protective services if they suspect exploitation and may alert a trusted third party. More significantly, they can delay transactions or withdrawals while conducting a review.

Those delays can remain in place until the institution is satisfied no exploitation has occurred, authorities complete an investigation, or a court intervenes. In some cases, that means access to funds could be restricted for up to 90 days—or even 180 days.

Supporters will argue these measures are about safety. But the scope of authority they create raises serious questions about oversight and potential misuse. Imagine, for example, a scenario where financial activity—such as donating to a political candidate—triggers scrutiny. Whether justified or not, this bill creates a mechanism that could make such intervention possible.

Taken together, these proposals reflect a broader trend: policies that promise protection, but expand control.

We all want safer communities. We all want to protect children and vulnerable adults. But we should be wary of solutions that quietly build systems capable of restricting privacy, autonomy, and access—especially when those systems arrive without robust public debate.

Because in the end, the question isn’t just how far technology should go. It’s how much control we’re willing to give up in the name of safety—and whether we’ll be able to get it back.

Maria Orms is a U.S. Air-Force veteran with a M.S. in Engineering from the University of Colorado – Boulder and an M.S. in Cybersecurity from the University of Denver and has worked in technology for almost 40 years with her CISSP, CCNA and SANS GIAC Forensic Analyst Certification. Currently she is running for the Republican nomination to be Colorado’s next governor because of the concerns she has with the collision of technology and our rights.

Editor’s note: Opinions expressed in commentary pieces are those of the author and do not necessarily reflect the opinions of the management of the Rocky Mountain Voice, but even so we support the constitutional right of the author to express those opinions.