$2 billion in grants. Zero requirements for the company that paid. The organization advocating for these laws refused to answer a senator’s question about who funds them. On camera.

I am a father who raised his son without screens. I have spent my entire life in technology, 20+ of those years professionally. I am not against child safety legislation. If these laws made sense, I would be first in line to support them.

A few weeks ago, I wrote about California’s AB 1043 and how it forces every Linux distribution to build age verification infrastructure they cannot afford. MidnightBSD banned California users. The Ageless Linux project (agelesslinux.org) declared civil disobedience. Volunteer maintainers with zero legal budgets faced fines of $7,500 per child.

That article asked a simple question: Do legislators understand what an operating system is? The answer was no.

But I missed the bigger question. I was focused on the technical absurdity. I should have asked: who wrote these bills, and why do they all look the same?

A researcher using the handle “upper-up“ on GitHub pulled IRS 990 filings, Senate LD-2 lobbying disclosures, state ethics databases, campaign finance records, corporate registries, WHOIS lookups, and Wayback Machine archives. What started as curiosity about a single bill turned into documenting what the researcher calls “a multi-channel influence operation,” one that builds surveillance infrastructure at the operating system level. The full investigation is also archived at The TBOTE Project.

Every dollar is sourced from public records. The trail leads to one company. That company’s platforms face zero new requirements under the laws it funded.