Obama administration needs to take on Facebook and Google: cybersecurity under the COPPA cabana

It came to my attention looking through my own Facebook Timeline that children being born right now could very well have their entire lives documented online – from birth, if their parents have accounts and upload photos of them. And it brought up a few thoughts: one, what a colossal bummer it would be to have your awkward stage documented for hundreds of people to see; and two, how children are growing up online now and need security.

The Obama administration made its mark as a campaign of technology, and as such they’ve made it a point to take on issues of broadband coverage and cybersecurity in legislation. But their latest set of changes has a hurdle to jump – and it’s not Congressional gridlock or stubborn Republicans. For maybe the first time, the Obama administration has to take on a force that helped win the election in the first place.

They have to take on Facebook and Twitter.

The fight is breaking out over a Clinton-era law called the Children’s Online Privacy Protection Act of 1998 – more commonly known as COPPA, because all Internet laws get catchy acronyms. The law was designed to protect children 13 or younger from having personal information collected by Web sites, as well as to set standards for all Web site privacy policies. It also sets guidelines of verifiable consent from parents or guardians and sets restrictions on online marketers advertising to Internet users under the age of 13.

Currently Facebook, Google+ and social media relic Myspace have bowed to this law and required all of their users to be 13 or older – though it doesn’t take a rocket scientist of a 12 year-old to fake a birthday and get an account. Twitter used to require users to be 13 or older, but no longer does.

The law is great in theory, but not very well enforced. And like many other Internet laws, it has the unfortunate problem of being outdated – in 1998, sites like Facebook and Twitter hadn’t been created, and the first smartphone (the Blackberry) wasn’t introduced until a year later in 1999. Issues that we have now, as a society of gadgets, didn’t exist at the time – which is exactly why the Federal Trade Commission wants to make these changes. From the Washington Post:

“[The FTC] did not foresee how easy and commonplace it would become for child-directed services to integrate social networking and other personal information collection features into the content offered to their users, without maintaining ownership, control, or access to the personal data.””Given these changes in technology the Commission now believes that an operator of a child-directed site or service that chooses to integrate into a site or service other services that collect personal information from its visitors should be considered a covered operator under the rule.”

The proposed changes the administration are trying to make concern the third-party buttons on Web sites, and the challenges posed by tablets and smartphones – trying to take these gaps in cybersecurity law and find a solution to closing those gaps. On almost every Web page out there now (including this one), there are buttons to “like” something on Facebook, to “Tweet” something out on Twitter, to “+1” something for Google+, and probably an e-mail button if you’re old-school. When a user clicks on one of these buttons, it lets the third party site gather their information for future use – usually for online advertising. This is a technological loophole to parental consent and the subject of a bunch of online cybersecurity concerns.On the smartphone and tablet front, it aims to protect children under 13 from advertising through applications, some of which are marketed to children and even toddlers. If a kid is borrowing Mommy’s tablet and playing Angry Birds, is he or she really going to think about the security implications of that app?

The opposition to these proposed changes says that changing COPPA – already controversial – would violate their companies’ 1st Amendment rights by holding these sites accountable for what their advertising partners do with the gathered information. Google said that the amended legislation would keep them from providing educational and “engaging” information to children, and Facebook said that the FTC “fundamentaly misunderstands” the link between plug-in providers and the sites they partner with. Facebook founder Mark Zuckerberg went so far as to say that children should be allowed to use Internet sites before they turn 13, so they can learn how to be safe online on their own – and argues that this Internet education could help the United States economically in the long term.

I believe that the FTC needs to sharply tailor their language on restrictions to third party sites and information gathering. If the wording of the law is too loose, as it was with the last incarnation of COPPA, it won’t be effective in keeping children safe – it hasn’t been very effective thus far because of lack of enforcement. It will also tie up free speech on these sites. Lawmakers also need to consider what they’re doing with Do Not Track and the concurrences and conflicts between the two laws.

Furthermore, the FTC and lawmakers need to have a discussion of how protected and how free children should be online. Obviously this is a discussion that needs to involve parents and involve a certain amount of freedom for parents to decide what is appropriate for their children and what is not (seeing as how a good portion of COPPA involves parental consent).

What lawmakers have to keep mind is that their restrictions aimed at protecting children cannot infringe on the freedom of speech of those above 13 – something easier said than done. Unlike legal “special places” (such as schools, prisons and military bases with judicially-allowed restrictions of free expression) the Internet was designed to be a forum of ideas and information, and a technological free space for speech, discussion, and expression. While children undoubtedly need special consideration online, the measures that the administration comes up with should respect adults’ 1st amendment rights and protect children from unnecessary information sharing online.

Above all, as a nation we should educate our children on cybersecurity and how to use the Internet responsibly. Technology is unavoidable, and children are exposed to it earlier and earlier – my two year-old cousin knew how to work an iPhone before I, a 23 year-old, ever owned one. Demonstrating to kids under 13 how to use the Internet sooner rather than later can only help in the fight to keep Internet users secure, and to make cybersecurity a collaborative effort between Internet users and legislators.

1 reply »