Global Age Verification Investigation: Brazil and the United Kingdom
This investigation documents how age verification legislation is coordinated across jurisdictions by overlapping advocacy networks, shaped by compromised legislators, and implemented by private verification companies with intelligence agency connections. The children are real. The exploitation is real. The protection is not what it appears to be.
The Global Architecture
2022 was the inflection point. In a single calendar year, the European Union signed the Digital Services Act, the United Kingdom introduced the Online Safety Bill, the United States Senate received KOSA, Brazil introduced PL 2628, California signed the Age-Appropriate Design Code (copied from a UK framework), Louisiana passed the first US state age verification law, and the European Commission unveiled its Chat Control proposal. By 2026, Australia, France, Malaysia, Indonesia, Italy, and multiple US states had followed. ComplianceHub
The same organizations appear across every jurisdiction. 5Rights Foundation (Baroness Kidron) shaped legislation in the UK, EU, US/California, Australia, Indonesia, Canada, and Argentina. Oak Foundation funded 5Rights, ECPAT, SaferNet Brasil, and Fairplay/ParentsTogether across all these regions. WeProtect Global Alliance connects 100+ member governments with Thorn (CEO Julie Cordua on the board), ECPAT, and technology companies. Thorn spent $630,000 or more lobbying the European Union for Chat Control while its CEO sat on WeProtect's board and its own technology could enforce the laws it lobbied for. EDRi Fortune
The coordination operates through a normative pipeline. Joint submissions by Instituto Alana, 5Rights, Save the Children, ECPAT, Plan International, and World Vision shaped UN CRC General Comment No. 25 (2021). That document is now cited as the legal basis for both the UK Age Appropriate Design Code and Brazil's Digital ECA. International policy frameworks become national legislation through domestic advocacy coalitions funded by the same philanthropic networks. UN OHCHR
One Person, One Foundation
Baroness Beeban Kidron founded 5Rights Foundation in 2018. She wrote the UK Age Appropriate Design Code, which became law in 2020. A June 2024 FARA filing confirmed that 5Rights directly lobbied California legislative and executive officials, developed letters and materials for elected officials, reviewed proposed amendments, and negotiated the language of California's AB 2273, which copied the UK code almost verbatim. 5Rights hired Nichole Rocha as Head of US Affairs. Rocha was formerly Chief Consultant to the California Assembly Privacy and Consumer Protection Committee, the very committee that considered the bill. FARA Filing DC Journal
Kidron co-vice-chaired the IEEE 2089.1 standard for online age verification. The Chair of the IEEE 2089.1 certification program is Iain Corby, who simultaneously serves as Executive Director of the AVPA (Age Verification Providers Association), the trade body for companies that profit from mandatory verification. Yoti, which Meta pays for Instagram age verification, is certified under this standard. The person who writes the legislation co-chairs the standard. The industry trade body chairs the certification. The companies that pay trade body dues sell compliance solutions for the legislation. IEEE 2089.1 ACCS Certification
5Rights then spent three years campaigning with Instituto Alana and Human Rights Watch to pass Brazil's Digital ECA. Kidron resigned from 5Rights' board on 28 July 2025, nine days before the Felca video that fast-tracked the Brazilian legislation she campaigned for. The former UK Information Commissioner, Elizabeth Denham, who oversaw the Age Appropriate Design Code's implementation at the ICO, joined 5Rights as a director in January 2022. Shoshana Zuboff, author of The Age of Surveillance Capitalism, sat on the board of the organization whose policy framework creates the market for surveillance companies. She resigned 30 June 2025. Companies House
The Funding Pipeline
Pierre Omidyar's philanthropic network connects both the US and Brazilian advocacy pipelines. Luminate (spun off from Omidyar Network in 2018) funded Data Privacy Brasil with $500,000. Imaginable Futures (spun off in 2019) partners with Instituto Alana. Omidyar Network funds Common Sense Media, the primary US organization behind KOSA. The same philanthropic network funds the Brazilian pipeline and the American pipeline in parallel. Luminate Imaginable Futures
The Itau banking dynasty is the central Brazilian node. Ana Lucia Villela, an Itau board member with a net worth of approximately $1.5 billion, founded Instituto Alana and the Alana Foundation USA ($8.15 million in grants in 2022). Jose Luiz Setubal, a separate Itau heir, founded Fundacao JLES, which directly funds the Coalizao Brasileira pelo Fim da Violencia contra Criancas e Adolescentes. Two branches of one banking family fund different nodes of the same advocacy network. The coalition's membership grew from 40 organizations to 77, with growth coinciding with the PL 2628 advocacy push. ProPublica/IRS 990 FJLES
Oak Foundation (Swiss) funded the "Disrupting Harm" project ($15 million) with INTERPOL, ECPAT, and UNICEF across 25 countries. Oak funds 5Rights Foundation, SaferNet Brasil, and Fairplay/ParentsTogether. Its president, Douglas Griffiths, sits on WeProtect's board. A funder sits on the policy board of the grantee organization. Oak Foundation
Brazil: The Digital ECA
Lei 15.211/2025, known as the Digital ECA, took effect on 17 March 2026. Article 12 explicitly covers "provedores de sistemas operacionais de terminais" (providers of terminal operating systems). Windows, macOS, iOS, Android, ChromeOS, SteamOS, and Linux distributions must implement age verification and provide age signals to applications via a secure API with privacy-by-design protections. Platforms must also implement their own verification independently, creating a layered architecture: OS verifies, app store verifies, each app verifies. Full Law Text
The impact on open-source software is visible. Linux distributions including Arch 32, Bazzite, CachyOS, and MidnightBSD have begun geoblocking Brazilian IP addresses because 95% of Linux distributions are maintained by volunteer communities without legal representation (CNPJ) in Brazil and cannot practically implement age verification. A protest distribution called "Ageless Linux" launched as an intentionally non-compliant distro. Proton VPN reported a 250% increase in Brazilian signups between 16 and 17 March 2026. Linuxiac Cybernews
The law contains privacy principles (LGPD references, data minimization, privacy by design) but no enforceable security requirements. No specific technical requirements exist for how verification data must be stored, encrypted, transmitted, or deleted. No mandatory data retention limits appear in the law. No independent security audits of verification providers are required. All technical specifics are deferred to ANPD regulation not finalized until August 2026, with enforcement beginning January 2027. NYU Stern called the absence of protections for end-to-end encrypted services "the statute's most significant weakness." NYU Stern
Brazil: Corrupted Legislature
Deputy Jadyel Alencar (Republicanos-PI) was designated rapporteur of PL 2628/2022 in April 2025 by his own party colleague, the CCOM president. Alencar has a criminal conviction for receiving stolen medical supplies, confirmed by the TRF1 with a sentence of 3 years and 6 months. He is a criminal defendant in an active MPF case for COVID supply fraud, where his company Dimensao Distribuidora raised mask prices from R$11 to R$189 during the pandemic and the Federal Police tracked R$48 million in suspected money laundering. He declared R$107.5 million in personal assets but had a court-ordered 90-day prison sentence for failing to pay R$6,306.48 in child support for his two minor children. He has 93 judicial processes on record. Portal AZ MPF
Meta's lobbyist Marconi Machado ghost-authored two amendments filed under Deputy Fernando Maximo's name. EMC 18/2025 eliminated the obligation for platforms to publish content moderation reports. EMC 19/2025 removed fines and criminal sanctions. The authorship was discovered through document metadata. Meta confirmed the substance while framing it as routine. Maximo is separately under Federal Police investigation for R$3.2 million in COVID ambulance fraud with R$30 million in suspicious bank movements through a shell company. He has no background in technology policy. Intercept Brasil
Every deputy Meta was documented contacting on PL 2628 voting day is under criminal investigation or has been convicted. Gustavo Gayer (PL-GO) was indicted by the Federal Police for embezzlement and criminal association; his group listed a baby as a board member of a fake charity, and R$70,000 in cash was seized at an aide's home. Sostenes Cavalcante (PL-RJ) had R$469,700 in cash seized in Operation Galho Fraco; he later produced a property sale deed dated eleven days after the police seizure. Gilvan da Federal (PL-ES) has 10 judicial processes and a conviction for gender-based political violence. CNN Brasil CNN Brasil
Rapporteur Alencar removed the "dever de cuidado" (duty of care) from PL 2628, the bill's most significant structural obligation. His substitute text was entered into the system 47 seconds before the Chamber president initiated the order of the day. Rafael Zanatta of Data Privacy Brasil assessed that the change "freed Big Tech from active responsibility." Meta and Google had both filed technical notes opposing duty of care. The Conselho Digital filed a collective note in March 2024. Data Privacy Brasil
The Bible Document
Meta produced a document listing biblical passages (Colossians 3:18, Timothy 2:12, Deuteronomy 22:28-29, Ephesians 5:22-23, Leviticus 20:13) that would allegedly be censored under PL 2630, the Fake News Bill. Three internal Meta sources confirmed this to Agencia Publica. The document was delivered on paper "to leave no traces." Coletivo Bereia, a Brazilian digital verification collective, classified the document's claims as false. No provision of PL 2630 would have censored Bible passages. Agencia Publica Coletivo Bereia
Camara Brasileira da Economia Digital (camara-e.net), whose members include Meta, Google, and TikTok, publicly claimed authorship after the document became public. The discrepancy is consistent with content laundering: Meta produces the material, the trade association claims authorship for distance. Deputy Eli Borges (PL-TO), then leader of the Evangelical Parliamentary Front, mobilized the entire caucus after receiving this document. PL 2630 was removed from the agenda on 2 May 2023 as a direct result. Nucleo
Kaliana Kalache, Meta's Director of Public Policy for the Legislative Branch, reportedly played the key coordinating role in securing Evangelical Caucus support. She was promoted to Director in early 2024, reportedly in recognition of her success in killing PL 2630. The Evangelical Caucus had oriented 95% of its members to vote against PL 2630, but did not take the same oppositional stance on PL 2628, the child protection bill. The implicit arrangement: the caucus supported the child protection bill after the duty of care provision was removed. Agencia Publica
The Revolving Door
Dario Durigan served as Director of Public Policies at WhatsApp (Meta) from 2020 to 2023. He became Executive Secretary of the Ministry of Finance in June 2023. On 19 March 2026, five days before this research was compiled, President Lula named him Minister of Finance. The Finance Ministry oversees SECOM advertising budgets, tax policy affecting technology companies, and the SPA (Secretaria de Premios e Apostas) that signed a cooperation agreement with the Conselho Digital. A former Meta executive now controls all of this. O Tempo
SECOM spent R$35.8 million on Meta platforms in 2025 (R$129.6 million total internet advertising, a record). Meta has the largest government relations team of any tech company in Brazil: 19 professionals. Two-thirds previously worked in government. Yana Dumaresq served as Deputy Minister of Economy (2019-2021) before joining Meta. Murillo Laranjeira and Google's Marcelo Lacerda both came from Patri, the same Brasilia lobbying firm. Tais Niffinegger moved from Anatel (telecom regulator) and the General Secretariat of the Presidency to Meta. About half of all Big Tech government relations hires in Brazil happened between 2021 and 2023, a preemptive staffing surge as regulation accelerated. Agencia Publica
Conselho Digital do Brasil (CNPJ 35.808.843/0001-01) has R$0 declared capital and a single registered officer, Felipe Melo Franca. Its corporate members include Google, Meta, Amazon, TikTok, Discord, Uber, Kwai, and Hotmart. No public financial statements exist. The entity received the Chamber of Deputies' Medal of Legislative Merit. Franca co-founded Movimento Brasil Livre (MBL) in 2013 as a Students for Liberty front, moved from Congressional staffer to Frente Parlamentar Digital executive secretary to Conselho Digital president. An entity funded by companies with a combined market cap exceeding $5 trillion operates with zero public financial transparency. Brazil has no lobbying disclosure law. Nucleo
The Verification Companies
Persona, an American company backed by Peter Thiel's Founders Fund ($150 million Series C, $200 million Series D), partnered with Serpro since September 2022 for biometric ID verification against Brazilian government databases. A February 2026 exposure revealed the company runs 269 distinct surveillance checks per user under internal codenames "Project SHADOW" and "Project LEGION." Checks include facial recognition against watchlists and politically exposed persons, "adverse media" screening across 14 categories including terrorism and espionage, built-in filing to FinCEN (US Treasury) and FINTRAC (Canada), and 3-year data retention of IP addresses, device fingerprints, government IDs, faces, and selfie analytics. Discord tested then dropped Persona after its front-end code was found on a US government-authorized endpoint. The Persona-Serpro partnership remains active. ANPD has not opened any investigation into Persona. CyberNews PR Newswire
AU10TIX Technologies B.V. is a subsidiary of ICTS International, established in 1982 by former Shin Bet (Israel's internal security agency) members. Its founder Ron Atzmon served in Shin Bet. Confirmed Unit 8200 veterans are on staff. Major clients include X, TikTok, Uber, PayPal, LinkedIn, Coinbase, and Google. In 2024, admin credentials compromised by malware in December 2022 appeared on a public Telegram channel and were still working when security researchers checked in June 2024: an 18-month-plus exposure of identity documents, names, dates of birth, and nationalities. Only Upwork switched providers after the breach. State of Surveillance Malwarebytes
Yoti (UK) is already partnered with Serpro and shares users' CPF numbers with Serpro to verify age. Serpro retains the CPF number for 5 years as a billing record. Yoti's revenue grew 62% in 2025 to GBP 29 million, reaching profitability. The Instagram partnership is a significant revenue driver. Yoti is certified under IEEE 2089.1, the standard Kidron co-vice-chaired. The money flows from the law Kidron wrote, through the standard she co-chairs, to the company certified under that standard, paid by the largest social media company in the world. Biometric Update
Where Your Data Goes
Serpro (Servico Federal de Processamento de Dados) processes 33 billion transactions annually and manages 30.4 petabytes of data. Its Datavalid API validates CPF data and performs facial recognition against 85 million CNH (driver's license) database images. Serpro retains query logs showing which company queried which CPF and when. When the Digital ECA drives mass age verification queries, Serpro will hold a comprehensive map of which citizens use which platforms. The ANPD found that Datavalid operates without full LGPD legal basis (Technical Note 39/2021). The MPDFT filed a representation with TCU in 2019 alleging Datavalid illegally uses CNH biometric data without consent. That case remains pending after six years. Capital Digital
ABIN (Brazil's intelligence agency) requested full access to 76 million citizens' driver data through Serpro in 2020. The government revoked the authorization only after Intercept Brasil published the leaked documents. The Federal Highway Police (PRF) purchased an off-the-books copy of the entire 80-million-person biometric database for R$205,722.80 in August 2022. The contract was never published in any transparency portal or the Official Gazette. In February 2026, a Serpro employee seconded to the Federal Revenue Service accessed the tax records of STF ministers and over 100 family members using an automated tool, directly contradicting Serpro's official claim that employees "do not have access to the content of client agencies' databases." Intercept Brasil Intercept Brasil
Serpro's "Nuvem de Governo" (Government Cloud) uses AWS Outpost and Google Distributed Cloud hardware installed inside Serpro data centers. Sean Roche, the AWS executive who arranged the partnership with Brazil's GSI, previously served as vice-director of the CIA's Directorate of Science and Technology (2015-2019). The US CLOUD Act allows the US government to compel any company with American jurisdictional nexus to produce data stored anywhere in the world. Brazilian government data on AWS Outpost inside a Serpro data center may still be reachable by US court orders. Total Brazilian government spending on big tech: R$10 billion in one year. Capital Digital Conjur
The UK: VPN Bans and Device Scanning
On 21 January 2026, the House of Lords voted 207 to 159 to pass Amendment 92 to the Children's Wellbeing and Schools Bill. The amendment, tabled by Lord Nash (Conservative venture capitalist, former Parliamentary Under Secretary of State for Schools), requires VPN providers to prevent anyone under 18 in the UK from using their services within 12 months. All VPN providers serving the UK market must implement "highly effective" age assurance for all users. Amendment 93 required "tamper-proof system software" on all smartphones and tablets that scans for CSAM. Lord Nash withdrew this amendment after discussions with ministers, but it remains a live proposal. Amendment 94A, a social media ban for under-16s, passed 261 to 150. Lords Division Amendment 92
The device scanning provision goes further than the system Apple abandoned. Apple planned to scan only images uploaded to iCloud. The UK amendment covers recording, transmitting by any means including livestreaming, and viewing: active real-time scanning of what a user sees on their device. Germany's 2024 CSAM scanning data showed a 48.3% false positive rate. Signal President Meredith Whittaker stated Signal "would absolutely, 100% walk" from the UK rather than implement scanning. WhatsApp head Will Cathcart threatened to pull the app. Signal
On 9 March 2026, the House of Commons rejected the VPN amendment (307 to 173) and the social media ban. But the government passed "amendments in lieu" granting the Secretary of State broad discretionary powers to restrict or ban children's access to social media, limit access to harmful features, age-restrict VPN use, and change the age of digital consent in the UK GDPR. Open Rights Group titled their response "MPs give ministers powers to restrict entire Internet." Their analysis warned this is potentially more dangerous than the original Nash amendments because it grants open-ended regulatory authority without requiring parliamentary debate for each restriction. The bill returned to the Lords on 25 March 2026. Open Rights Group
After the Online Safety Act age verification requirements took effect on 25 July 2025, UK VPN signups surged 1,400%. Proton VPN surpassed ChatGPT as the most downloaded free app on Apple's UK App Store. A petition demanding repeal of the Online Safety Act gathered over 550,000 signatures. France's Digital Affairs Minister declared "VPNs are next on my list." Michigan proposed ISP-level blocking of VPNs and proxy servers, with fines up to $500,000 for non-compliant ISPs. CyberInsider TechRadar
The Financial Layer
Barclays holds approximately GBP 1.6 billion (roughly $2 billion) in Palantir shares. Palantir was given a trial contract with the Financial Conduct Authority (FCA) to process the FCA's "data lake" of regulatory intelligence, including case files, fraud reports, and money laundering reports. The FCA regulates Barclays. A bank holds $2 billion in shares of the company now processing its own regulator's data. The Nerve The Register
Peter Thiel is the connective tissue. He co-founded Palantir (in which Barclays holds $2 billion). His Founders Fund backs Persona (the verification company running 269 surveillance checks through Project SHADOW and Project LEGION). He sat on Facebook/Meta's board from 2005 to February 2022, selling approximately $1 billion in shares from his original $500,000 investment. Persona joined Meta's OpenAge initiative in January 2026 alongside Incode and Veratad. The Thiel-backed company caught running surveillance checks is now part of Meta's age verification infrastructure, with a direct partnership to Serpro (Brazil's government biometric database). CNBC
Barclays participates in OneID open banking age verification (OneID is an AVPA member). Barclays invested in Evernym ($8 million pre-Series A via Barclays Ventures) for self-sovereign identity. Barclays was a GOV.UK Verify identity provider. Barclays is a founding member of Stop Scams UK, sharing real-time intelligence with Meta, Google, and Amazon. Barclays was a joint bookrunner on Meta's first bond offering ($10 billion, August 2022). The Itau banking dynasty in Brazil funds both sides of the advocacy pipeline. Serpro recently partnered with the London Stock Exchange Group for anti-money-laundering verification, connecting the Brazilian and UK financial identity ecosystems. AVPA/OneID Ledger Insights
UNICEF: The Contradiction
UNICEF hosts the Global Partnership to End Violence Against Children and its Fund, which has raised over $83 million since 2016. UNICEF is not a partner. It is the institutional host. The UNICEF Executive Director chairs the board by design. The Safe Online window holds a $100 million portfolio across 106 projects. The Tech Coalition (Google, Meta, Microsoft) contributed $2.5 million through a joint research fund. UNICEF administers all of these as hosted trust funds. End Violence Fund
UNICEF Brazil explicitly called for "urgent approval" of PL 2628/2022. UNICEF runs a joint program with Itau Social, the social arm of the banking family that controls Instituto Alana, the NGO that submitted technical notes on the same bill. Ana Lucia Villela sits on the Itau Social Guidance Council. The same organization that lobbied for the law is embedded with the banking dynasty that funded the advocacy coalition for the law. UNICEF Brazil
UNICEF's own December 2025 policy note states that "age estimation measures using biometric data pose an unacceptable risk and should not be used." The same organization that lobbied for PL 2628 warns against the verification methods the law requires. UNICEF's D-CRIA Toolbox is embedded in WeProtect's 2025 Global Threat Assessment as the recommended compliance framework, while UNICEF's Director of Child Protection (Sheema Sen Gupta) sits on WeProtect's board. The organization on the policy board is the same organization whose tool is mandated. UNICEF Policy Note
Meta: Playing Both Sides
In the February 2026 Zuckerberg trial (New Mexico v. Meta), internal documents revealed: a 2018 document stating "if we wanna win big with teens, we must bring them in as tweens"; a 2020 review showing 11-year-olds were four times more likely to keep returning to Facebook than older users; approximately 4 million children under 13 using the platform in the US; 216 million users whose age was "unknown"; and Zuckerberg overruling safety teams who found appearance-enhancing filters contributed to body-image issues. Nick Clegg described the platform's age restrictions as "practically impossible to enforce" in an internal email. CNN TIME
Meta spent $26.3 million on US federal lobbying in 2025 with 63 federal lobbyists. Meta simultaneously funds the Tech Coalition (which contributed $2.5 million to the End Violence Safe Online Fund supporting SaferNet Brasil, which advocated for PL 2628) and NetChoice (whose revenues surged from $3 million to $34 million since 2020), which filed the lawsuit blocking the California AADC. Accountable Tech's report "The Two Faces of Big Tech" documents how Meta funds child safety advocacy through the Tech Coalition while funding NetChoice's legal challenges against the same protections in at least 27 states. CNBC described this as "regulatory capture disguised as compromise": platforms accept a verification requirement they can easily meet while it burdens smaller competitors disproportionately. OpenSecrets CNBC
Meta also covertly funded the Digital Childhood Alliance (DCA), an astroturf group with no EIN or incorporation records, to push the App Store Accountability Act that shifts the compliance burden from social media platforms to operating system manufacturers. Meta funds ICMEC ($25,000+ major donor), which writes model legislation for device-level verification. Both models protect social media platforms. In Brazil, Meta ghost-authored amendments through a deputy with no technology background, manufactured a fake document about Bible censorship to mobilize the Evangelical Caucus, and placed a former executive as Finance Minister. Meta operates at every level simultaneously: funding the advocacy, shaping the legislation, selling the verification, and capturing the regulators. Accountable Tech
The Pattern
The investigation reveals a consistent architecture across jurisdictions. First, one person (Baroness Kidron) and her foundation write the policy framework, the legislation, and co-chair the technical standard. The AVPA Executive Director chairs the certification program. AVPA members sell compliance solutions. The organization that defines "compliant" is the same network lobbying to make compliance mandatory. Second, UNICEF hosts the fund ($83 million+), chairs the partnership board, administers the money, provides the compliance framework, and lobbies for national implementation, while its own policy says biometric age estimation poses "an unacceptable risk."
Third, national advocacy coalitions, funded by the same philanthropic networks (Omidyar, Oak, Ford, Open Society) and domestic banking dynasties (Itau/Setubal in Brazil), translate international frameworks into national legislation. Fourth, big tech companies publicly "oppose" the legislation while privately shaping it through ghost-authored amendments, revolving-door lobbyists, manufactured disinformation, and compromised decision-makers. Fifth, the legislation creates a mandatory market for private identity verification companies backed by surveillance-capital investors or founded by intelligence veterans.
Sixth, the verification infrastructure funnels through government data brokers (Serpro in Brazil) that retain query logs, have documented intelligence agency access, and sit on foreign cloud infrastructure subject to the CLOUD Act. Seventh, financial institutions and banking dynasties provide the capital layer connecting surveillance, regulation, and implementation. Eighth, no transparency mechanism captures any of these flows. Brazil has no lobbying law. Conselho Digital publishes no financial statements. Serpro's Datavalid operates without full LGPD legal basis. The TCU case challenging Datavalid has been pending for six years. The IEEE 2089.1 working group membership list is restricted. The result is a surveillance infrastructure built under the banner of child protection, shaped by overlapping networks, and accountable to nobody.
What Is Not Being Claimed
This investigation does not claim that child exploitation is not real. It is. This investigation does not claim that the people involved have evil intentions. Many of them sincerely believe they are protecting children.
What the investigation documents, using 470 public sources, is that the system being built to protect children also functions as a mass surveillance infrastructure, that the people building it have financial and political conflicts of interest, and that no democratic process in any affected country has considered these connections because no one had mapped them before.
The children are real. The exploitation is real. The protection is not what it appears to be.
Verify It Yourself
Every claim in this investigation can be independently verified using public records. The commands below retrieve primary source documents directly. No trust required.
FARA Filing: 5Rights lobbied California legislators
# Download the FARA short-form filing and verify hash
$ curl -sL "https://efile.fara.gov/docs/7427-Short-Form-20240627-4.pdf" \
-o 5rights-fara-filing.pdf
$ sha256sum 5rights-fara-filing.pdf
# Verify contents: lobbying CA legislative/executive officials for AB 2273
UNICEF policy note: biometric age estimation "unacceptable risk"
# Download UNICEF policy note on age restrictions
$ curl -sL "https://www.unicef.org/documents/policy-note-drawing-line-digital-spaces" \
-o unicef-policy-note.html
# Search for the biometric risk statement
$ grep -i "unacceptable risk" unicef-policy-note.html
Brazil CNPJ: Conselho Digital zero capital entity
# Query the Brazilian CNPJ registry for Conselho Digital
$ curl -s "https://casadosdados.com.br/solucao/cnpj/conselho-digital-do-brasil-35808843000101" | \
python3 -c "
import sys, re
html = sys.stdin.read()
# Look for capital social = R$ 0,00
if 'R$ 0,00' in html or 'capital_social' in html:
print('Confirmed: R\$0.00 declared capital')
"
# Alternative: cnpj.biz/35808843000101
UK Parliament: Amendment 92 (VPN ban) vote record
# Retrieve Lords Division 3503 via Parliament API
$ curl -s "https://votes.parliament.uk/votes/lords/division/3503" | \
python3 -c "
import sys
html = sys.stdin.read()
if '207' in html and '159' in html:
print('Confirmed: Division 3503 passed 207-159')
"
# Full amendment text:
$ curl -sL "https://bills.parliament.uk/bills/3909/stages/20215/amendments/10027478"
5Rights Foundation: Companies House officers
# Query Companies House for 5Rights Foundation (company 11271356)
$ curl -s "https://find-and-update.company-information.service.gov.uk/company/11271356/officers" | \
python3 -c "
import sys, re
html = sys.stdin.read()
# Check for Kidron resignation date and Denham appointment
for name in ['KIDRON', 'DENHAM', 'ZUBOFF']:
if name in html.upper():
print(f'Found: {name}')
"
# Verify: Kidron resigned 28 Jul 2025, Denham joined 1 Jan 2022
Persona-Serpro partnership: still active
# Verify Persona-Serpro partnership announcement (September 2022)
$ curl -sL "https://www.prnewswire.com/news-releases/persona-partners-with-serpro-to-combat-identity-fraud-in-brazil-301628227.html" | \
grep -i "serpro" | head -5
# Check if Persona API docs for Serpro are still live
$ curl -sI "https://docs.withpersona.com/reference/retrieve-a-serpro-database-verification" | \
grep -i "HTTP"
# HTTP/2 200 confirms the endpoint is active
