Slashdot Mirror
FTC Fines Xanga for Violating Kids' Privacy
WebHostingGuy writes "As reported by MSNBC, the FTC has fined Xanga.com $1 million dollars for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent. This is the largest penalty ever issued for violations of the Children's Online Privacy Protection Act." From the article: "'Protecting kids' privacy online is a top priority for America's parents, and for the FTC,' FTC Chairman Deborah Platt Majoras said in a statement. 'COPPA requires all commercial Web sites, including operators of social networking sites like Xanga, to give parents notice and obtain their consent before collecting personal information from kids they know are under 13. A million-dollar penalty should make that obligation crystal clear.'" What impact, if any, do you think this will have on other community sites that may not always follow the COPPA statutes?
The FTC is trying to prevent child predators access to young children, a noble endeavor. The problem is that there are few good ways to confirm a person age online. If they disallow users under 13 from creating accounts, the users will lie about there age. If they want age confirmation, then it costs much more, and less people will wan tto go throug the trouble. I have credit cards but I am not about to use one online for age verification purposes. What about all the legitmate users over 13 that do not have the ability to confirm ones age. I don't know how a 15 year old would go about this online. A 15 year old would not have a drivers license, a credit card, or any other indentification. This will do nothing to help thier goals of protecting children.
That being said, they seem to have broken the law, it doesn't matter that the law has no value.
quis custodiet ipsos custodes
I think that other sites may be more careful and attempt to at least appear to follow COPPA, but that truly little will change. As will all age-laws, they are not entirely comprehensive as many under-13 year olds are much more intelligent/mature than others.
Cogito, ergo sum, fosho!
'cause on the internet nobody knows that you're a dog.
Thus, they have no rights online. Therefore, this should not be filed under YRO.
End of message.
Sites will move their hosting out of the US, and their executives won't visit the US.
More realistically, social networking sites will add more verification layers (that don't work) for greater plausible deniability, and those that think they can, will start requiring credit card info.
Nostalgia's not what it used to be.
most of these sites just ask are u over 13, or over 18/19/21 depending on the state you live in. All you do is click yes, and you are in. What kid in there right mind well get there parents premision to be on a social site for fun, I never would when I was a kid.
"What impact, if any, do you think this will have on other community sites that may not always follow the COPPA statutes?" I think it will depend on how popular the sites are - if a site has only a modest number of users, it can probably count on a low profile to stay safe; the larger communities will probably make an effort to comply due to their higher visibility.
This space intentionally left blank.
How exactly is a site supposed to enforce this kind of agreement? On the TOS it says that you must be over 13 to sign up for this site. Beyond that age verification gets costly and irritating. I for one am not going to give my credit card number to a site simply for age verification. AND, if you are over 13, there is no guarantee that you will be able to prove that over the internet.
What we actually need is fewer lawsuits from the FTC and have the FTC put their money into a viable and secure way to verify age over the internet. While it won't stop everyone, it will stop many.
To understand recursion, one must first understand recursion...
How do you prove that a kid got his parent's permission?
Have your parent click here [__] to proceed.
Let's face it, our society coddles children far too much, parents included. We should have laws that protect the privacy of kids -- but the other way. Kids should have the fundamental human right to access any information they want. Kids should be trusted to know for themselves what's good and what's not. How else are they going to learn?
It should be considered child abuse for parents or anyone to intentionally keep kids away from whatever they want to access. If they're old enough to want it, they're old enough to get it.
If sites are held accountable for verifying the age of users (a very difficult task) what should the parents be responsible for when thier child bypasses measures in place?
this seems sort of silly. What if the kid lies? Do they need to start collecting DNA and verify against the national database? Hope that no adult shares their account with a kid, or a stolen CC is used?
Take this far enough and NO site will able to function taht has any age requirement. Oh wait, but its for the kids, and can raise taxes.. lets go push this thru!
---- Booth was a patriot ----
I thought they had none, according to the last case i heard of the government/school searching students at will. " children do not have the same rights as adults "...
Lets make up our minds, ok?
---- Booth was a patriot ----
From the article, the following happened:
People were first presented with a question asking if they were over 13. If the users clicked yes, they proceeded to the registration page. The registration page included fields for birthdays. People who had lied on the first part could then enter their age. The form did not automatically reject users whose birthdates were not at least 13 years prior. In this case it looks like (IANAL) Xanda DID comply with the law. The FTC seems to be punishing them for making it "too easy" to get around it. This is where I have a problem. Where does it end? The FTC could just as easily say requiring a CC (to verify age) is too easy because they could borrow someone else's. There doesn't seem to be a hard line for where reasonable precautions start and end.
"According to the Federal Trade Commission, children who wanted to open a Xanga account didn't even have to show that level of ingenuity. Children merely had to check a box confirming they were over 13, according to FTC lawyer Mary Engle -- even if they'd previously entered a birth date indicating they were under 13. "
Sure, not kids can just as easily lie like they do on myspace and put a different birth year.
What more could they have done? They asked for age verification upon sign-up. No parent is going to give their thirteen year old child a credit card for the use of age verification on a site like that.
The policy makes sense, parents should know what their pre-teen children are doing. The problem is that this is the parents responsibility, not the website providing the service. It's one thing for a movie theater or porn-shop to let minors in, it's on their premises. These kids are (mostly) accessing the internet from their own home, where the parents should be able to monitor their activities.
There's only so much that can be done and putting a million dollar fine on Xanga is a completely ridiculous way to try and make the government look like it's actually doing something to help the problem. They're laying a huge portion of the blame in the wrong camp.
There is a problem, this is clearly an overzealous attempt at creating an appearance of action to hide the fact that there is simply nothing effective that they can really do. Xanga is the unfortunate victim.
Wow, it only costs $1,000,000 to ignore child privacy? Myspace must be pissed with itself. At fines like that, how can they afford NOT to allow 11 year old cam whores on their site? They complied and implemented better child protections, only to loose their competitive edge and see their competitors surge ahead in advertising revenues from "Bratz" dolls and voyeur equipment companies,
...and trial Lawyer groups. "Have you been molested by someone you met online? Have you molested someone you met online? Call the offices of XYZ, and we will sue everybody over it, cause thats who should be responsible in the place of deadbeat parents and poor upbringings. EVERYBODY ELSE"
(an after thought)
Rupert Murdoch this morning, "Damn! Damn! Think of the children! Only 1-mil upfront, and we could have cornered that market! Think of the children, I say!"
What effect will the websites have on the law? That's the question I would ask.
Laws like this are clearly unenforceable. More importantly, it is not morally the website's job to police the people who visit it. It's the job of the parents. Legislators don't seem to win their positions based on campaigns of parental responsibility, however. The trend seems to be "blame everyone else for your kid's problems".
Look at the crap going on involving Grand Theft Auto: someone makes a game modification to show a tit, a tit that isn't even available without modifying the game, and tons of legislators go apeshit about how it's inappropriate for children. Clearly these people aren't worried about justice, and instead are worried about winning the votes of emotional parents, the Security Moms.
A reasonable argument can be made that, for example, liquor stores have a duty to prevent children from buying alcohol in them. However, you must also consider that it is extremely easy and reliable to verify the age of store patrons. No analogy exists online -- it is impossible.
Expecting websites to perform such policing is unquestionably unfair, and I suspect that the courts will agree. The law might have effect on some websites in the short term. In the long term, the websites will have the law overturned as unreasonable.
We just have to hope that the justices who hear these cases really have an interest in justice, unlike the legislators who passed these braindead laws in the first place.
America needs to raise its own damn children (and I say this as an American)
I know sites like Xanga and MySpace should provide safeguards to the kids, But what about the parents? Why can't we sue them for not protecting their children? Why is it always the large corperation's fault, and never the parents?
N. A. Stuart
Sounds like they settled with the FTC.
They should've fought, legal fees would very likely be less than $1M.
How much could a court fine them had they fought and lost? More than $1M?
Just because it CAN be done, doesn't mean it should!
If you really want a sensationalist headline you need to tighten that baby up a bit.
Try:
"FTC Fines Xanga for Violating Kids"
That one is a nice head turner.
DON'T COLLECT PERSONAL INFORMATION, STUPID!
Sheesh!
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
Yes, lameness filter, I want to yell.
I have a fake birthdate (I'm over 21 anyway, but the real one can be used for identity theft). I also have a fake name and zip code (way away from where I am) handy. I want to correlate a good fake address and phone number for that too. Helps to always use the same thing. I don't see why kids can't do all the same thing.
From TA: "Protecting kids' privacy online is a top priority for America's parents, and for the FTC," FTC Chairman Deborah Platt Majoras said in a statement. Apparently it's not enough of a priority to the parents with underage children signing up on Xanga, or these parents would be stepping in themselves.
Why are parents allowing their 12 year olds to surf the net without supervision?
It isn't the government's problem to solve - it belongs to the parents.
Of course, it's the US, so it'll never fall in the lap of the sperm & egg donor.
It's ironic that because of this law, to "protect children's privacy", websites are REQUIRED BY LAW to get the age of thier visitors, while otherwise children would not be required to give this information.
COPPA does not exist to be a pain, it exists as a way to help make sites that target tweens and children (intentionally or not) responsible for the content they are making public. It exists to protect children from having their personally identifiable info available in a public forum.
No one makes people enter into the business of social networking. Like any other business there are ethics and laws by which that business must abide. If a site is blatantly ignoring basic safeguards COPPA requires, they are breaking the law and should suffer the sanctions outlined under those laws.
Yes, parents should be the primary dispensers of the morals needed for their kids to navigate the sometimes age-inappropriate corners of the Internet. But if a site has an open journaling tool or has fields requesting information that would make a child easy to find and possibly hurt, that site DOES has an obligation (ethically and legally) to put the necessary hurdles in place to protect those children.
There are many levels of personal identification described in COPPA, all with different levels of verification needed. For example, if a child is signing up for a newsletter, no parental consent is needed. If their comments are not screened and made public, parental consent is needed.
There are many ways to verify parental consent. Credit card is one, 1-800 # is another, signed fax form is another. Once the parent agrees, anything the kid puts up is fair game. For more limited access, there is a new amendment to the act describing an email plus verification. The safeguards are actually not that hard, and many of those who target children specifically in their communities place much higher barriers to entry just to be sure.
Fines for COPPA violations are based on a per occurrence measurement.
And I am sure any of you who would like to donate your time or money to the exploration of more efficient and easier ways of verifiable parental consent would be greeted with open arms by the folks at the FTC.
Joi Podgorny
Director of Online Community
Star Farm Productions
It's really a daft law in the first place. It's supposed to protect the online privacy of children under age 13, but then the same law demands that websites violate COPPA by gathering personal information about these kids in order to verify their age. The law requires that we violate it in order to comply with it.
A quick summary of this situation:
A) They had a "Are you over 13" check box
B) They had a entered birthdate
They only checked A, but not B, to determine if a user could register. If they hadn't asked for B, then A would have been sufficient as a "legal" check under this law. Also, if they had checked B, the users would have very likely gone back and lied about it, but they still would have been legal.
The fact that these checks are easily bypassed is not the issue at hand. Instead it is much like the issue with saved search data or saved email. Any piece of data, especially "people" data, that you save can potentially bring liability for you down the road. Both Xanga and Google in Brazil are examples of this principle.
In the past we've seen the manta "Storage is Cheap." Any time there's data, why not just hang onto it? You might be able to use it for something, someday. That has already proven to be a bad idea in many circumstanes (and it sure to get worse as more and more politicians start to realize how powerful all that aggregate data can be). A better rule is any time there is data that anyone might want for purposes other than immediate application, get rid of it as soon as reasonably possible!
Courts do not expect you to check data that you didn't collect because you didn't need it. Brazil cannot order you to turn over data that you don't have. You can still get in trouble, but they will need to establish that you're committing some kind of crime by keeping less personal data on people. That's a much harder standard to argue!
In short, ignorance is bliss, a principle for the digital millenium.
I am a youth leader at my church and I administer phpbb2 forums on our youth group website where the youth can talk about things online between Sunday nights. In this case, because I know all the youth that have joined or will be joining, I had to hack the phpbb2 code to get rid of the COPPA-related code. I also disabled new members from posting automatically, and I have to approve them before they can post or reply. That way I make sure I know who's joining my youth group forums and it keeps the gambling-site-spammers at bay.
There are only 10 types of people in the world: Those who understand binary, and those who don't.
GameFAQs has a very interesting policy which perhaps might save sites like Xanga and MySpace from getting reamed with fines. Anytime somebody on GameFAQs makes a post which implies or states that the user is underage, their account is immediately suspended pending verification of age. If the person really is underage, then their account is suspended until they are old enough.
~ C.
What impact, if any, has COPPA had on anything?
At my age I find coming up with a witty signature too exhausting.
Xanga settled with the FTC for $1 million dollars plus certain policy changes (such as setting up a community moderation system which allows users to flag other users as "underage", and setting up a rating system for user created content), they weren't fined $1 million.
The difference is important; a settlement doesn't mean anything was proven, it means Xanga felt the cost of complying with the settlement terms was worth paying considering the cost of fighting the issue and the risk that they might be fined.
And, really, looking the settlement terms, it looks like the FTC may well have been looking not for real violations, but an opportunity to impose defacto standards by finding someone who'd be willing to settle; particularly the requirement for a rating system for user-generated content looks like an effort to start imposing new rules on the web through bullying that would have little chance of being imposed by legislation or regular public rulemaking (but, once established in several settlements like this with large sites, might have a better chance of being imposed by law or rule on every site allowing public access and community-generated content.)
After all, I could go to this site and say I'm 11 years old and they could rack up more fines.
If your 13, you can... buy and play games which depect sexual violence, disembodyment, satanic ritual, murder of inocents, horific gore and blood curding horror, without having to ask your parents.
But you can't make a account on a website without the permission of your parents.
Even more funny, the courts inforce both of these strongly.
I don't know how a 15 year old would go about this online.
A Time magazine article from a month or two ago indicated that the state attorney general's were having panicked meetings regarding this issue (including the famous quote from the Connecticut AG along the lines of "if we can put a man on the moon, we can verify age online.")
For a time they actually considered requiring sites like Myspace to collect SSNs...and according to the article, they rejected the idea once they realized that most of the world does not have an SSN, but does use the internets.
If that doesn't give you an idea of the caliber of people we're dealing with, I dunno what would. Requiring teens to submit their SSNs to use these types of sites would be a disaster along biblical proportions--imagine how easy phishing would be--all you'd need to do is send out an email that claims it's from Xanga needing your SSN.
The people I wanted to protect my privacy from WERE my parents.
Don't ask the kids their ages. Ask everyone if they're a pedophile. Anyone who says yes is barred from signing up. It works for keeping terrorists out of the country.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
No prohibition on collecting information based on age.
But, you can't distribute or use for marketing purposes any information that appears to be from someone 13 or under.
See, that wasn't that hard, was it?
paintball
I always knew that Alge-Blaster was missing something ... I wouldn't have guessed that hard-core sex was it, though.
Although, such a product would dovetail well with the excellent Celeste's Guide to Grammar, and Advanced Grammar (NSFW if your boss lacks a sense of humor). Everyone says that education needs to be 'more relevant' today; you can't get more relevant than that.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
seriously, it's not too hard to figure out how to circumvent age checks and parental permissions. 'oh nos, a kid lied about his or her age in order to sign up for some social networking site and got into some sort of trouble, the website must be to blame!' well, if parents aren't teaching their kids that publishing detailed personal information about oneself on the internets is a potentially dangerous thing to do, then we have another problem on our hands - parents not taking responsibility for raising their kids. and while social networking sites and online journals may facilitate kids talking to strangers, it's nothing new - before Myspace and Xanga there were chat rooms and IM.
other sites will make sure there's a checkbox the kids can check to pretend they have permission....
Parents, all you have to do to to get out of parenting and monitoring the child YOU created is to tell Xanga/MySpace/etc. that they have to do it for you! What fun! No longer do you have to actually watch your own children! And it's only a matter of time before they'll even have to change your infant child's diapers and potty train for you!! Because you, as a parent, should have to take NO responsibility for parenting!!!
Damned parents. Learn to watch your children closer and to take responsibility for raising them. If you aren't raising your children to be ethical people, ones truthful about their ages who won't go where they know they shouldn't, that's your problem. I know it's hard work, but it can be done. If you aren't ready to take the responsibility, don't have kids. And if you already chose to, don't bitch about it. You made your choice.
It's a girl!
For the "reservoir dog" game I wanted to check the official web site. So I went to it : there is an age verification thingy. I clicked inadvertently on the OK button before entering the correct year. I got the answer "you are not authorised". Naturally they used a trick with activex to put some random file data somewhere, because even after having deleted all cookie, offline content, changed IP , used a proxie I still could not go in the web site. I will definitly not buy the game when it is such an hassle just to watch a web site. I have LESS DIFFICULTY trying to get porn where they ask for your age with an agree/disagree button :).
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
I agree. A far better solution would be for the parents of poor children to sell their excess children to rich as a foodstuff and use the money thus gained to feed their remaining children. I realise that I am not the first to make such a suggestion.
Stephen
"Don't write down to your readers, the only people less intelligent than you can't read" - Sign on Newspaper Office Wall
Yeesh that's as bad as pop culture. Apparently people over 36 don't matter. Try using Julian Date (it's something like 4000ish BCE). No reference to religion either (yeah, geeks are atheist).
It would be trivial for the government to issue age verification cards. Difficult for just about anyone else. They could issue them at driver's license offices, tax offices, and such. And to make it somewhat private and resonably secure, they could do something as simple as hashing a name and birth year together and putting it on a card. Then websites could just collect a name, birth year and the hash, send them to a government server, and get a result back real or fake, and the site would know whether or not it is legal to allow them to post, view pr0n, buy kitten juice or whatever.
Yeah, children might get an adult's card and use it. Yeah, some government workers might decide they don't like someone and modify the server so it will reject their hash, denying them access to many websites, just like the no fly list. Not perfect, but it would be better than the stupid credit card/identity fraud assistance ideas.
The problem with this is the people enacting these laws and enforcing them don't really care about what they say. The usually want to force people to follow their religion, politics or such. It is the taliban pure and simple. They want to ban pr0n, alcohol, gambling, or just keep people from communicating on the internet. It has nothing to do with "protecting the children" or "public safety." They probably rape and eat baby heads for dinner.
I remember this one city I was living, they used 9/11 as an excuse to shut down most of the bars and dance clubs (not that there were many left after all the things they did anyway). They passed a law requiring many public places to have metal detectors and all sorts of things--convienently, schools and churches were left out. Made it very expensive to run any sort of social gathering place (except a church or school-- which was essentialy run by the local clergy anyway) The few who managed to comply were harassed out of business anyway. I think the only place which managed to survive was a bar, and they probably did because they were used to that kind of harassment. There was already a law in place where alcohol could only be served in "private clubs" and undercover police would constantly go in without a membership and try and buy something. (by their crazy law was illegal) The reason these laws were created had nothing to do with protecting anyone. They made them to take away all social access from anyone who didn't go to their church.
Later they also created some "parking" laws to basicly kick out everyone who was over 25 and single, because one of their clergy had declared these people a "menace to society."
Seems like at least one point of the age limitation was to screen out those kids who were so young they had no clue about online predators - so why not at least try to educate 'em - the ones over 13 who can't pass maybe shouldn't be there anyway (?)
Or... work it like a game. Get some folks (maybe even other 13 year olds) to act in the guise of an online predator (special login, interactions logged, etc.) The folks on the board who fall for the fake predator, get sandboxed until they show (more tests, I guess) that they're competent. The faker-predators get points, and maybe get to tell the gullible that they "own all their bases" - or whatever.. And the non-gullible also get points for turning in predators, real or fake.
Sure, there'll still be real predators - but the kids will be "playing" against them. Ever seen a grown up try to compete agains kids in an online game?
the internet is so fickle because there really isnt any real life intervention that can monitor these things. Maybe there should be some sort of system where you can get an age comfirmation card from software retailers, which gives you a code to type in. This could be a free of charge service... or like most things in life someone can capitilize on this... however something needs to be done to make sure people are the age they say they are.