Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Fines Xanga for Violating Kids' Privacy

Posted by ryuzaki0 on from the get-your-parents-permission-to-read-this-post dept.

WebHostingGuy writes "As reported by MSNBC, the FTC has fined Xanga.com $1 million dollars for repeatedly allowing children under 13 to sign up for the service without getting their parent's consent. This is the largest penalty ever issued for violations of the Children's Online Privacy Protection Act." From the article: "'Protecting kids' privacy online is a top priority for America's parents, and for the FTC,' FTC Chairman Deborah Platt Majoras said in a statement. 'COPPA requires all commercial Web sites, including operators of social networking sites like Xanga, to give parents notice and obtain their consent before collecting personal information from kids they know are under 13. A million-dollar penalty should make that obligation crystal clear.'" What impact, if any, do you think this will have on other community sites that may not always follow the COPPA statutes?

10 of 200 comments (clear)

  1. The impact it'll have: by smellsofbikes · · Score: 3, Interesting

    Sites will move their hosting out of the US, and their executives won't visit the US.

    More realistically, social networking sites will add more verification layers (that don't work) for greater plausible deniability, and those that think they can, will start requiring credit card info.

    --
    Nostalgia's not what it used to be.
  2. Re:what does this accomplish by antifoidulus · · Score: 2, Interesting

    Well, according to the article what Xanga got in trouble for is not validating the birthdate the users gave to see if it was over 13. They just had to check a box stating that they were over 13. However, suppose they did put an extra check in there that rejected the user if the birthdate indicated they were under 13. The ones with minimal ability in math(given the trackrecord in education, I'm not sure how big a percentage of the local population that really is :P) would just change their birhdate to be older than 13.

    But of course, the bigger issue is why the FTC and Xanga have to be parents to these kids. It's not like there isn't a massive ad campaign targeting internet ads, radio, tv, and billboards as well as countless news "exposes" about online predators. Parents cannot claim they didn't think their child could be targeted by these things. Parents need to have talks with their kids explaining the risks and above all educate themselves about what goes on. Parents can then monitor their childs internet activity or install filters at either the local or ISP level(though I'm not sure those ISPs that filter are even around anymore).

    But who am I kidding? That would be taking personal responsibility for something, which is becoming vastly unpopular in America(and elsewhere really) these days. Even the conservatives like to exculpate themselves from their own bad behavior by blaming faceless entities....Now that I have gotten way off topic, I'll shut up now.

    --
    Monstar L
  3. Re:what does this accomplish by tonyr1988 · · Score: 2, Interesting

    It shouldn't be that easy for children (under 13) to accomplish. The article is correct - it should ask for the birthday, not a box.

    An average 13 year old kid will know that they have to check the box to get in. Asking for a birthday (especially if you put it between some other boxes) won't get a second thought from most kids. It's an easy, yet effective (not perfect, but pretty close) age validation.

    As far as the "kids will go back and change their birthday" - that's avoidable, too. I remember many years ago I tried signing up for a Yahoo account (goodbye positive karma), but was underage (I think you had to be 16. Either way, I wasn't old enough). They used the birthday trick. However, when I went back to change the birthday, they told me that I was trying to trick them. They kept a log of recently applied-for accounts that were denied because of age, and if too many fields match, they wouldn't let you re-apply.

    Why can't Xanga do something like that? We're talking about "tricking" 13 year old kids to tell the truth about their age. It shouldn't be that hard.

  4. Re:what does this accomplish by coleopterana · · Score: 2, Interesting

    It's always been recognized that children under the age of 13 can do the following: unknowingly disclose personal information that makes them vulnerable to people skilled in exploiting and manipulating individuals with limited experience in some areas (like avoiding being prey) and lying about their ages. It's not going to be possible under most circumstances to background check a user's personal information such as his or her age--it's not feasible, it's expensive, and most of the time it's just a waste of time. So why do we even have this act where we require people to declare that they are 13, 18, 21 and up and so on? Well, if it's just that, it doesn't do any good. A 12 year old won't necessarily understand why they are supposde to be at least 13 to have an account on some site or interact with certain people and material, and that's where I think sites should probably, to comply with the spirit of the protection laid out in the law, advise people when registering on their sites WHY they are asking for ages, not just that they are complying with some particular legistation. The child who's aware of the potential that his or her personal information or details inadvertantly disclosed through action or writing on a site or in chat or on a blog like Xanga is much more likely, in my humble opinion and experience with such people, is going to be more careful about their information. We protect children because they don't always have the experience or perspective to think of the things that they could be doing or saying that make them vulnerable to acts by predatory individuals. I don't think so far the legislation is achieving that sort of goal because it's not directed at the people who are doing the revealing, it's been directed at the site owners and parents. These people have some responsibility for sure, but if you ignore the kids out there, you're just asking for trouble. I'd be interested to hear from people who own or run sites like Xanga on what they think about their responsibilities, both in the letter and the spirit of the law, and how they think things in any respect might be changed to be more informative and protective of a potentially vulnerable class of Internat users.

  5. Re:Children have no rights by mdwh2 · · Score: 2, Interesting

    Well children obviously do have rights - but more to the point, what about the rights of someone hosting a website?

  6. COPPA does not exist to be a pain by joily · · Score: 2, Interesting

    COPPA does not exist to be a pain, it exists as a way to help make sites that target tweens and children (intentionally or not) responsible for the content they are making public. It exists to protect children from having their personally identifiable info available in a public forum.

    No one makes people enter into the business of social networking. Like any other business there are ethics and laws by which that business must abide. If a site is blatantly ignoring basic safeguards COPPA requires, they are breaking the law and should suffer the sanctions outlined under those laws.

    Yes, parents should be the primary dispensers of the morals needed for their kids to navigate the sometimes age-inappropriate corners of the Internet. But if a site has an open journaling tool or has fields requesting information that would make a child easy to find and possibly hurt, that site DOES has an obligation (ethically and legally) to put the necessary hurdles in place to protect those children.

    There are many levels of personal identification described in COPPA, all with different levels of verification needed. For example, if a child is signing up for a newsletter, no parental consent is needed. If their comments are not screened and made public, parental consent is needed.

    There are many ways to verify parental consent. Credit card is one, 1-800 # is another, signed fax form is another. Once the parent agrees, anything the kid puts up is fair game. For more limited access, there is a new amendment to the act describing an email plus verification. The safeguards are actually not that hard, and many of those who target children specifically in their communities place much higher barriers to entry just to be sure.

    Fines for COPPA violations are based on a per occurrence measurement.

    And I am sure any of you who would like to donate your time or money to the exploration of more efficient and easier ways of verifiable parental consent would be greeted with open arms by the folks at the FTC.

    Joi Podgorny
    Director of Online Community
    Star Farm Productions

  7. Re:what does this accomplish by kosmosik · · Score: 2, Interesting

    > If, as you admit, there is no reasonable way for a website to
    > enforce minimum-age restrictions,

    I live in Poland/Europe. For starters. :)

    Here when you are born you get a PESEL number which is date of birth +some ID. The same number is printed on your ID documents whenever you are an adult on a minor.

    My point is that only you and the state knows that fe. 198402234214 == Jane Kowalski - so all websites need to do in order to verify age is require that PESEL number and then pass it to another organization that is trusted to send snail mail to the person owning the PESEL number. The company only knows the number (not the data associated to it) the special organization knows the address. Then the organization sends (via snail mail) token to verify in WWW service to the owner of the number (theoretically only the owner is entitled to read his own snail mail).

    Of course it would be more expensive than just online registration (by few factors). But it depends on scale - if sending snail mail letter costs you $0.1 and on average you earn $10 on an user and 1/5 registered confirms tokens it is still viable.

    That is how our biggest auction site operates (something like eBay) - but they need to verify the real adress and person, not the age. And it somehow works. :)

    So I think that there may be reasonable ways.

  8. GameFAQs by MostAwesomeDude · · Score: 2, Interesting

    GameFAQs has a very interesting policy which perhaps might save sites like Xanga and MySpace from getting reamed with fines. Anytime somebody on GameFAQs makes a post which implies or states that the user is underage, their account is immediately suspended pending verification of age. If the person really is underage, then their account is suspended until they are old enough.

    --
    ~ C.
  9. Re:what does this accomplish by fm6 · · Score: 4, Interesting
    Basically the FTC is saying that Xanga needs to make sure the kids are smart enough to lie in 2 different places (both by checking the box saying that they are over 13 and entering a fake date of birth), and because they didn't do that they should have to pay a fine.

    In other words, Xanga was negligent because they failed to implement a safeguard that is known to be useless. The main purpose of this fine seems to be to allow the FTC to claim that they're doing everything they can to protect children. And, technically speaking, they are!

  10. Re:what does this accomplish by arose · · Score: 2, Interesting

    What he described doesn't require PESEL to be secret, in fact I doubt the Polish would be stupid enough to use a number you give left and right (if it's anything like the Latvian version) as the sole mechanism for identification, that's what the snail mail he mentioned is for--the PESEL in this case only serves as a "hash" for a snail mail address.

    --
    Analogies don't equal equalities, they are merely somewhat analogous.