Slashdot Mirror
FTC Regulates Kids' Privacy Online
If you have the time you might also want to read the actual rule and public comments. Most online news services have covered it; Wired has a lengthy analysis sourced to an anonymous Republican staffer, but News.com has one without the Republican political spin. Fundamentally, the act regulates those commercial websites that target themselves to children (12 and under) and collect personal information about them - if you aren't commercial, or don't target yourself to children (even if you collect personal information from people) or just don't collect personal data from the kids, you aren't affected. Nevertheless, it is a significant step in privacy regulation - businesses must contact parents before collecting such information from an individual that they have actual knowledge is a child (for instance, by asking their age), but have no duty to ask the age of the general population. Thus most websites, even commercial ones that collect personal information, will have no change in day-to-day operations - they target themselves to a general audience, don't care about their visitors' ages, and need not take any steps under the new regulations.
Sites which do target kids for marketing will have to get parental permission before doing so. Parents also must be offered the option to prevent their kids' information from being shared with third-parties - to prevent the sale of that data, in other words. Parents can also opt-out entirely on behalf of their children and the site must honor their request. In school situations, teachers can give the requisite permission for their students so school activities won't be hampered.
The law and rule are likely to put a significant damper on online marketing to kids aged 12 and under. Specialized kids' sites will have to get parental permission to collect the data that is their primary reason for existence, and presumably many parents will prevent these sites from selling it. How well will they be enforced? That's uncertain. According to EPIC, the FTC has received hundreds of privacy-related complaints and has investigated only three.
"Self-regulation" of privacy concerns is an obvious failure. TrustE, the leading light of the businesses trying to prevent consumer protection on the internet, spends more time covering up privacy breaches by its members than investigating complaints... Will targeted government intervention have any better effect?
The FTC didn't issue the act; it simply wrote regulations that Congress authorized it to write under the act.
(Which explains why the FTC didn't do anything about the previous complaints: because it didn't have the statutory authority to do so. Without the statutory authority, it's illegal for the FTC to do anything [not that they wouldn't, of course, but the bureaucracy's doing something illegal is a little harder than doing something with Congress's blessing].)
My Blog. Sela Ward can sell me long distanc
There is no foolproof system to ensure that you are who you say you are online - as the old saying goes "on the net, nobody knows you're a dog".. or for that matter a cybernetic being running a news for nerds site (how else does he put in 20 hours a day?!)...
--
Maybe I'm missing something, but the FTC seems to be thinking it terms of selling a child's address along with marketing data, rather than just reporting demographics to marketers. I don't think prevening demographics collection was the intent of the FTC. Regardless, I'm still opposed to this. Although it's not as bad as most examples, it still takes responsibility over children away from their parents and gives it to the rest of the world. If a parent gives their child unsupervised access to the internet then they should trust their child enough to either make those judgements on their own or ask a parent's permission on their own ("this is important Timmy. Never give anyone on the internet your address or phone number with out Mommy's permission").
Of course, there's a big difference between someone that wants to kidnap children, and a web site aimed at kids. But there's still the same possibility that things could happen. Example: If a web site aimed at kids asks an 'innocent' question such as "Do you go home to an empty house after school?" and the answers were matched up with the address and name, that could lead to robbery and maybe kidnapping if the right person got a hold of the info. There's also the idea that many kids might inadvertantly answer "yes" to something that they should say no to , which can open a number of doors either being advertizing or personal or property threat, which might have been stated in a way most children would not understand.
This bill basically seems like a natural extention of what most media does with stories that revovle around children: the names are protected to prevent further harm.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
I agree. If I were in business, I'd love to have a nice database full of parent's names, associated with their kids. Then I could send the parents a letter saying something like "Dear Mr. Jones, We all want the best for our children, and I'm sure that you want the best for little William You must be worried about him going into the 4th grade next year, and that's why you should buy him Mace for Kiddies, otherwise known as Bully B Gone (TM)...
So, the kid rats out the parents, and the parents get a load of customized spam.
If tits were wings it'd be flying around.
The statute and rule apply to commercial Web sites and online services directed to, or that knowingly collect information from, children under 13. To inform parents of their information practices, these sites will be required to provide notice on the site and to parents about their policies with respect to the collection, use and disclosure of children's personal information. With certain statutory exceptions, sites will also have to obtain "verifiable parental consent" before collecting, using or disclosing personal information from children. The rule will become effective on April 21, 2000, giving Web sites six months to come into compliance with the rule's requirements.
So, is this to mean that the kiddies will have to get their parent's permission to sign up with Slashdot? Does anyone have the text of the actual act, and can comment on WHAT has to be collected to count? Do cookies count? Username/password registration? What?
Sigh, more "protect the kiddies" legislation. Would someone please run for office on the "please don't protect me" agenda?
No offense, but if your schools are actually hiring people like this, it's time you wrote a letter to the school board. If nothing else, take your child to a private school or just enroll him/her in another school altogether. Public schools are funded with your tax dollars. You can bet you have a say in how they're run.
In any case, your "somebody should speak up about this" comment seems better directed towards yourself than to any of us. They held quite a lengthy public comment period where you were more than welcome to voice your opinion.
Funny how people always have things to say after the fact, but nobody is willing to give a rat's ass about stuff like this while it's in the planning stages (when it counts). THIS is what's wrong with our government today, not "idiot" or "evil" politicians.
I'm working on a kid's website for a client, and the FTC regulations aren't making my work any easier.
The client knew that these regulations have been coming for a while, so we have been actually dealing with these issues for the past two months.
Implementing the parental consent process has actually been quite easy. The hard part is trying to figure out out how to spin things so that the parents want to sign the consent form! Granted, it's kind of hard to put a spin on using kids for market research data.
The strategy we ended up using was the same concept drug sellers use - give the kids a free hit or two on the web site, but to keep using it, they have to register. Hopefully by then, they are addicted.
I'm not sure if I morally agree with the purpose of the web site (no it's not evil or anything, but I don't like tricking kids/parents into revealing their shopping habbits online), but it pays pretty well!
Scott Severtson
Applications Developer
Scott Severtson
Senior Architect, Digital Measures
Well, while I won't go so far as to defend the FTC and FCC -- everyone is entitled to their own opinions about the government -- I think it's worth pointing out that FCC commissioners go through an approval process by the legislature. (I can't say from my own knowledge that the FTC works exactly the same, but the head of the FTC must be approved). So there, representatives elected directly by the people no more than 6 years ago (the length of a Senate term) are approving each appointment.
Further, as a general rule, these commissions can only make rules for which they have the authority to do so. The FCC can't suddenly decide that it wants to regulate the price of hay, for example, nor can it (currently) mandate less comedy and more news on TV. It doesn't have the statutory authority to do so. While that's not to say that bureaucracies never overstep their bounds, the judicial branch (see? checks and balances, just like we learned in school!) has the power to strike down regulations for which a commission has no power to create.
IOW, according to the law and even the Constitution, everything matches the original theory. Legislative branch makes the laws, executive branch implements them, judicial branch interprets them.
Of course, IANAL.
"You can never have too many elephants on your team."
Of course, there's a big difference between someone that wants to kidnap children, and a web site aimed at kids. But there's still the same possibility that things could happen.
So, there's a big difference, but "things could happen"? Things could happen when a kid walks down the street. Let's require people to be pulled over, and their cars searched every time they drive through a school-zone too!
If a web site aimed at kids asks an 'innocent' question such as "Do you go home to an empty house after school?" [...] that could lead to robbery and maybe kidnapping if the right person got a hold of the info.
Oh, yeah, of course! So, the obvious solution is to make collecting the information illegal. Gee, if a site is collecting this sort of information in order to break into someone's home and steal their stuff and maybe kids, making an HTML form illegal will certainly be a major deterant....
On the other hand, if you simply monitor the Web (not packet snooping, just visiting the same sites that the kids do) for such suspicious activity as people asking kids if they go home alone, maybe you'd STOP these crimes. Actually, this law is unenforcable, since anyone who wants this sort of information can get it in subtler ways (e.g. a site for "Kids who are home alone", which does not require any information be given, but has a chat forum in which you can then ASK questions, which is still not illegal).
I get so sick of "protect the kiddies" as a battle cry for minimal-effort regulation that actually does more to hurt kids and the Net than help....
The FTC is an executive body. Congress passed legislation required them to come up with these rules.
Contrary to what you seem to think, appointed positions are in fact a very necessary part of our government. The people we elect make these appointments. If you don't like the appointments, elect somebody else to make them next time. The reason we don't elect every major official position in our government is precisely the reason people seem to loathe "politicians" nowadays: they seem to be more concerned with the upcoming elections than they are about the job they're supposed to be doing.
People appointed to these positions have no elections to worry about, only the job they're doing, so they have more of a reason to do it well.
Disney, Nickelodean, they have money, employees, etc that will allow the to comply with this act. It is the small guy who loses by government intervention such as this. Imagine a person trying to market a product made for ADD elementry school children--any information he collects via the Internet is now subject to more paperwork than it is worth to him.
That same principle applies to those newcomers who would wish to provide games and entertainment for 11 year olds. Any information they gather would be subject to miles of red tape, and a small company simply cannot afford to send time dealing with that.
You already have it. This is supposed to prevent children (who, under the law, are not considered capable of making binding decisions) from revealing information that their parents feel they should not. If you are 18 or older, you are presumed capable of making that decision. Then again, that could be a flawed assumption as well.
"You can never have too many elephants on your team."
This was NOT a random regulation implemented by the government. This is a reasonable response to the way that corporations have acted.
AN ANALOGY:
Let's say I run a toy company, and so I need demographic information for children. Now, let's say that, in order to get the information, I got to a playground and start asking kids their names, their address, and all other kinds of personal information. In order to get kids to give me this info, I gave them candy. How long do you think it would be before somebody's creep-dar went off, and someone called the police (or just kicked my...)? Even if I explained my legitimate reason for wanting this info, I doubt I would be allowed to continue.
What many companies did was equivalent to this, except they used the web. They put forms on web sites geared towards kids, and they often gave kids incentive for providing info. The only real difference is that kid's web activity isn't so closely supervised that a parent would notice a kid filling out a form. Few parents would not notice a stranger talking to their child at a park.
This is, in my opinion, good legislation. It doesn't prevent companies from doing anything, it just makes them responsible for their actions, and it prevents them from using kids' trusting nature to violate the kids' (and their families) privacy.
-Josh
I can already hear people screaming over this, because it sounds as if the first waves of profound censorship is making its way unto the Net. Actually, I think it's quite different. This is not about censoring Internet content, it's about giving the parents the legal means to censor the Internet themselves.
As such, it's a little like NetNanny. It means parents have some form of control over what their children do. Well, that works wonderfully well for me. Think of the Internet as a giant video rental store. The idea is not to censor some movies, but to make it clear to everyone what each section contains.
And so, we have the little doors leading to the pr0n section. That's cool by me. As a matter of fact, if parents feel they're controlling what their children will see on the Internet, they might losen up and stop calling the Internet a den of depravation.
Protect your children the way you see fit, I don't care. Just don't try to protect me.
Caveat: unfortunately, this system sounds as if it's impossible to implement. How do you tell if a person is below 18 from an anonymous email? I've seen 30-odd year-old people spell like crap, so that's not even a consideration. And heck, everyone, adult or children, visits a children site at some point. (Best example: I have my own page on the LegoManiacs webpage.) So controlling everyone won't work either.
So, it just makes it mandatory to include some sort of silly button saying, 'I am over 18'. Yeah, porn sites have been doing that for ages.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Like it or not, parents have become very apathetic with children these days. This is why we have l33t packet kiddies on IRC and why we have the bulk of our "web site defacements" that we do. If parents really gave a rats ass what their kids were doing online, your suggestion would work.
Now, I don't disagree with you that this is the way things SHOULD work, with parents being able to supervise and guide their child in their online activities, the real world just doesn't work this way.
Instead, parents would rather whine loudly to the government until said government passes legislation that lets the parents take yet another step away from parenting their children.
Quite sad, yes?
Personally, I would much rather the government pass a law making parents increasingly liable for their child's behavior and activities online. If their child bids in an eBay auction, the parents should be liable for the costs. If their child breaks a law by way of insufficient parental supervision, the parents should be considered negligent and tried accordingly.
OK I think I'm starting to rant a little bit, but really this is just another symptom of the problem, and instead of solving it, the government is just patching up the effects, allowing it to grow worse as a result.
I don't understand why the FTC needs to enforce this control. Last time I checked, getting internet access is at least $10/mo + $300 for a computer-- that's just bare bones, dirt cheap system with a 14.4kb bottle neck for an internet connection. Most kids don't have this much money. (I'm refering to 12 year olds, not the 17 year old "kids" who already know what naked women look like and drink more than their parents.)
Parents, if you don't want your kinds to look at pr0n, monitor their computer use. It's still YOUR computer, not theirs. If they know more about it than you, it's your responsibility to learn about the computer and wrest control back. Remember, understanding is the key to true power, whether its understanding of people or understanding of computers.
-Ted
Presumably they're not restricting access to the site itself, only to information gathering mechanisms. If a kid desperately wants to give a web site his e-mail address or phone number, going to the extents you suggest, there's not much that can be done about it. The site operator made an honest attempt to verify the child's age and/or get parental permission. It's not his fault that the kid makes an enormous (and/or clever) effort to side-step that.
IMO, if parents want the ability to supervise this sort of thing, it's time they started supervising instead of making our government pass legislation that means they don't have to.
Yes, kids don't necessarily have the skills to avoid marketing traps, but neither do a lot of adults. Why do you think people bother advertising? It's cos they know 99.999% of the population thinks with it's wallet half the time. (The other half doesn't involve the brain, either.)
The legislation is clearly drawn up by someone who has some excellent thoughts and ideas, but is clueless as to how to implement them. The same has been true of most Internet regulation. Some sound ideas, mixed with flawed logic, shoddy reasoning and liquid lunches, half-baked, and left to sit in a mildew-infested cupboard.
IMHO, this is why this kind of regulation should be done IN CO-OPERATION with ISP's and computer specialists. THEY are the ones who know what would work and what wouldn't, and what would be acceptable to the population as a whole.
Legislation by force of arms achieves nothing, least of all it's intended goal, and gets everyone so hostile to the idea, there isn't a hope of anything sensible being implemented for years to come.
Which is more important? The egos of the legislators (in Congress, or wherever), or getting effective, workable, useful legislation where it's NEEDED, in the WAY that it's NEEDED, to achieve the things that are NEEDED?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Read the privacy policies on the sites you do business with, and if it's clear that the site intends to sell your information, don't do business with them. Send them an e-mail address stating that.
What is the position on use of these sites by nonhuman entities such as web robots? After all, most web robots are under 13 (the Internet being a considerably smaller place back in 1986), but they don't usually have a parent or guardian. Perhaps the robot would have to get permission from its author to give out personal information.
Usually I'm against anything the government does to "regulate" content of any medium, but this doesn't look like a content filter. However the article doesn't really state exactly what they are targeting...if the site requires you to enter demographic info before you can look at the site, then it does amount to content filtering. Personally I wouldn't want to look at any page that requires a lot of personal / demographic information up front, however.
But lets face it, most kids aren't smart enough to know any better until they reach a certain age. If I had kids I wouldn't want them giving away our address, email addresses, household income, etc. This age is different for everyone, which makes it important for parents to have the FINAL word on what their kids can or can't see, or what information to give out as is the case here. If a site falls into the category outlined in this bill, it could prompt the kid to have his parents enter a password, or some similar security measure. Hopefully parents would be able to disable a security measure like this, if they don't want to deal with it every 5 minutes and/or when the kid reaches an age where the parents think the kid is ready to decide for him/herself.
Somehow I doubt the gov't will allow this level of personal control, however. This bill is also vague, as are most bills related to technology, particularly relating to the internet. Thus if they try to sue a company over this, the bill probably won't stand up very well in court. It's too vague as to what specifically requires controls and how to go about implementing them, and what passes as a decent implementation.
Kids in the us today are often spoiled and do what ever the hell they want. Parents are often working and not supervising these kids. This will hopefully start to make parents responsible for there children.
They have curfu in DC now too. 12pm. So tell me what the hell is a child under 12 doing outside at midnight if he is not coming home from a job? Hanging outside leads to boredom. Bordom leads to mischief. Mischief usually leads to trouble.
It is terrible that the goverment has to regulate things like this when the parents should be doing this anyway, but in light of the fact that many people want to just have the kids and then have socuiety raise them, I for one am glad to see that society is saying you had your kids now it is time you took care of them!
Note this is not all children but there is a large majority out there that fall in this category. It is a shame when adults do not feel safe around there children.
Only 'flamers' flame!
Ethical/moral arguments regarding the voting status of minors is out of the scope of this thread. The fact is that minors are not permitted to vote. The parent has final say in what their child can and can not have, which includes property and money. I may not have been totally accurate in my last post when I said the children weren't earning the money themselves, but they ARE earning that money with the permission and under the umbrella of their parents.
It's not a matter of two or more people "combining their say". The parents are the voters, not the children. The parents can certainly base their decision on what their child has to say, but they're naturally under no obligation to do so.
In my opinion, lowering the voting age would be dangerous. Children tend not to have any real world experience with respects to how the world works and the ramifications of their decisions. It would be foolish to give them the ability to influence the government in such a way.
Do you honestly think Dell does this? How many IP addresses do you think on the 'Net actually map back to a domain name owned by the person browsing on that IP? Count the number of domains with unique contacts and divide by the number of total people that use the Internet. It would not make good business sense to pursue this incredibly small marketing target. I have dealt with Dell several times over the past few years, and visit their web site at least a few times per year. I have never once been contacted by Dell at the address listed in a contact for any of the domains I own.
If Dell has your address (likely purchased from a computer-related list elsewhere, assuming you never gave it to them in the past), they're not going to wait until you browse their site one day before the send you out a mailer.
The two incidents are almost certainly unrelated. Dell sent you a mailout because you either gave them your address or you've given your address to somebody that in turn gave it to Dell. Your web site visit had nothing to do with it.
Contrary to what you seem to think, web sites out there aren't going around automatically track your IP addresses and through some feat of network magic find postal addresses for every person browsing their site just so they can send out mailers. There are much more efficient ways to do marketing.
I'd suggest you take a look at Dell's posted online privacy policy at http://www.dell.com/policy/privacy.htm. If you don't trust them and think they're lying, don't do business with them.
There are pedophiles on the net and in real life. There are people that have very low morals that will stalk children and harm/kill them...
...there is something to be said about obtaining without the consent of the parent personal info about a child, much less being able to sell that info across a number of other companies.
Yes there are, but I'm so tired of hearing about them every time I read a mainstream media piece about the 'net. There are a handful of pedophiles (on the 'net and in "real life"), but there are thousands of companies (on the net and in "real life")that may want to collect information about children. They don't want to sexually abuse the precious moppets, but they do want to exploit them. They want to exploit you and me too, but that doesn't make it okay.
That having been said, I agree somewhat that
Without consent is bad. But who is entitled to give consent? The law (in most states) says an individual must be 18 in order to give consent for sex (unless he/she is married). But a girl can (f'rinstance) consent to an abortion at any age.
Children (not their parents/guardians) should be able to give consent to have information collected from/about them once they reach a certain age. Younger than that, and they're their parents'/guardians' responsibility. What is that magical age? I don't know, but I do know it's younger than 18, and older than 5. YMMV.
How to enforce it? I don't know that either. It seems unenforceable.
First, I agree with your overall point - many parents use Television (and increasingly the PC/Internet) as electronic babysitters, which is abhorrent..
But another (equally valid) point is that it's simply not possible to supervise a child 24 hours a day.. and if a kid REALLY wants to do something, they are going to find a way to do it..
If Mom is surfing with the child, and she doesn't let him/her fill out a form (even if she explains why,) if the kid wants to see that site, the parent is not going to be able to stop the child from getting up early and going down to the computer room (ok, it _IS_ possible, if you're running a multi-user OS, and have proper permissions on the browser.. but let's be realistic, how many home users can actually do this - or even know it's possible?).. or what if little Bobby decides to go play at his friends place, who's parents don't supervise 'net activity? And let's face it - most children know way more than their parents about computers.
My little sister once got it into her head that she wanted to smell everything (including everything that came in a bottle..) my parents warned her not to - it was dangerous, blah, blah... but when nobody was looking, she would always try to see what something smelled like... until she tried the bottle of bleach my mother kept under the bathroom sink (yes, the one with the child-proof lid) and she ran around screaming "my nose is on fire! my nose is on fire!"
I agree that responsible parents will supervise their children when they're online, but if a website offers enough of an incentive, a child will always find a way to do it without consent.
This article reminded me of something that happened earlier this year. Many years ago, I created a web page on Geocities (this was back when Geocities didn't suck). After the creation of the COPPA (last year), Geocities made a parent's permission required to create a web page on it for children under 13. I didn't really care, because I was over 13 at the time they made the announcement. Then, in February (I think), Geocities sent me an email saying that because I was under 13 at the time I had started my web page, they would require information from my parents or my page would be deleted. They wanted things like my address, my phone number, and other things that weren't required to sign up initially. I wrote Geocities an angry letter, knowing very well that nobody actually reads the email that gets sent to them. Not that I actually cared. My web page was fairly popular, but I was fed up with Geocities anyway (the slow speed, the lack of support, the pop-up banners, etc.) So I let them delete my page.
I believe that the COPPA is not neccesary. If parents don't want their children visiting particular web sites, they should be monitoring their children's Internet usage. Parents shouldn't be required to give web sites a lot of information just to let their children visit the sites.