Category Archives: Uncategorized

How COPPA Fails Parents, Educators, Youth

Ever wonder why youth have to be over 13 to create an account on Facebook or Gmail or Skype? It has nothing to do with safety.

In 1998, the U.S. Congress enacted the Children’s Online Privacy Protection Act (COPPA) with the best of intentions. They wanted to make certain that corporations could not collect or sell data about children under the age of 13 without parental permission, so they created a requirement to check age and get parental permission for those under 13. Most companies took one look at COPPA and decided that the process of getting parental consent was far too onerous so they simply required all participants to be at least 13 years of age. The notifications that say “You must be 13 years or older to use this service” and the pull-down menus that don’t allow you to indicate that you’re under 13 have nothing to do with whether or not a website is appropriate for a child; it has to do with whether or not the company thinks that it’s worth the effort to seek parental permission.

COPPA is currently being discussed by the Federal Trade Commission and the US Senate. Most of the conversation focuses on whether or not companies are abiding by the ruling and whether or not the age should be upped to 18. What is not being discussed is the effectiveness of this legislation or what it means to American families (let alone families in other countries who are affected by it). In trying to understand COPPA’s impact, my research led me conclude four things:

  1. Parents and youth believe that age requirements are designed to protect their safety, rather than their privacy.
  2. Parents want their children to have access to social media service to communicate with extended family members.
  3. Parents teach children to lie about their age to circumvent age limitations.
  4. Parents believe that age restrictions take away their parental choice.

How the Public Interprets COPPA-Prompted Age Restrictions

Most parents and youth believe that the age requirements that they encounter when signing up to various websites are equivalent to a safety warning. They interpret this limitation as: “This site is not suitable for children under the age of 13.” While this might be true, that’s not actually what the age restriction is about. Not only does COPPA fail to inform parents about the appropriateness of a particular site, but parental misinterpretations of the age restrictions mean that few are aware that this stems from an attempt to protect privacy.

While many parents do not believe that social network sites like Facebook and MySpace are suitable for young children, they often want their children to have access to other services that have age restrictions (email, instant messaging, video services, etc.). Often, parents cite that these tools enable children to connect with extended family; Skype is especially important to immigrant parents who have extended family outside of the US. Grandparents were most frequently cited as the reason why parents created accounts for their young children. Many parents will create accounts for children even before they are literate because the value of connecting children to family outweighs the age restriction. When parents encourage their children to use these services, they send a conflicting message that their kids eventually learn: ignore some age limitations but not others.

By middle school, communication tools and social network sites are quite popular among tweens who pressure their parents for permission to get access to accounts on these services because they want to communicate with their classmates, church friends, and friends who have moved away. Although parents in the wealthiest and most educated segments of society often forbid their children from signing up to social network sites until they turn 13, most parents support their children’s desires to acquire email and IM, precisely because of familial use. To join, tweens consistently lie about their age when asked to provide it. When I interviewed teens about who taught them to lie, the overwhelming answer was parents. I interviewed parents who consistently admitted to helping their children circumvent the age restriction by teaching them that they needed to choose a birth year that would make them over 13. Even in households where an older sibling or friend was the educator, parents knew their children had email and IM and social network sites accounts. Interestingly, in households where parents forbid Facebook but allow email, kids have started noting the hypocritical stance of their parents. That’s not a good outcome of this misinterpretation.

When I asked parents about how they felt about the age restrictions presented by social websites, parents had one of two responses. When referencing social network sites, parents stated that they felt that the restrictions were justified because younger children were too immature to handle the challenges of social network sites. Yet, when discussing sites and services that they did not believe were risky environments or that they felt were important for family communication, parents often felt as though the limitations were unnecessarily restrictive. Those who interpreted the restriction as a maturity rating did not understand why the sites required age confirmation. Some other parents felt as though the websites were trying to tell them how to parent. Some were particularly outraged by what they felt was a paternal attitude by websites, making statements like: “Who are they to tell me how to be a good parent?”

Across the board, parents and youth misinterpret the age requirements that emerged from the implementation of COPPA. Except for the most educated and technologically savvy, they are completely unaware that these restrictions have anything to do with privacy. More problematically, parents’ conflicting ways in which they address some age restrictions and not others sends a dangerous message.

Policy Literacy and the Future of COPPA

There’s another issue here that’s not regularly addressed. COPPA affects educators and social services in counterintuitive ways. While non-commercial services are not required to abide by COPPA, there are plenty of commercial education and health services out there who are seeking to help youth. Parental permission might be viable for an organization working to help kids learn arithmetic through online tutoring, but it is completely untenable when we’re thinking about suicide hotlines, LGBT programs, and mental health programs. (Keep in mind that many hospitals are for-profit even if their free websites are out there for general help.)

COPPA is well-intended but its implementation and cultural uptake have been a failure. The key to making COPPA work is not to making it stricter or to force the technology companies to be better at confirming that the kids on their site are not underage. Not only is this technologically infeasible without violating privacy at an even greater level, doing so would fail to recognize what’s actually happening on the ground. Parents want to be able to parent, to be able to decide what services are appropriate for their children. At the same time, we shouldn’t forget that not all parents are present and we don’t want to shut teens out of crucial media spaces because their parents are absent, as would often be the case if we upped the age to 18. The key to improving COPPA is to go back to the table and think about how children’s data is being used, whether it’s collected implicitly or explicitly.

In order for the underlying intentions of COPPA to work, we need both information literacy and policy literacy. We need to find ways to help digital citizens understand how their information is being used, what rights they have, and how the policies that exist affect their lives. If parents and educators don’t understand that the 13 limitation is about privacy, COPPA will continue to fail. It’s time that parents and educators learned more about COPPA and start sharing their own perspective, asking Congress to do a better job of addressing the privacy issues without taking away their rights to parent and educate. And without marginalizing those who aren’t fortunate enough to have engaged parents by their side.

John Palfrey, Urs Gasser, and I submitted a statement to the FTC and Senate called “How COPPA, as Implemented, is Misinterpreted by the Public: A Research Perspective. To learn more about COPPA or submit your own letter to the FTC and Senate, go to the FTC website.

This post was originally posted at the DML Central blog.

Image Credit: WarzauWynn

i can haz housesitting tool pls?

Dear enterprising developers of the world, I have a request:

I travel a lot. I prefer staying in apartments to staying in hotels. But I hate imposing on friends and, frankly, crashing on couches isn’t as fun as it used to be. When I’m lucky, I randomly learn that a friend is out of town and I have the opportunity to housesit. And when I’m lucky, I randomly learn that someone I trust is in Boston when I’m not and can get them to catsit/housesit. Cuz I’m always begging for housesitters. But there has to be a better way of getting this information in our world of interconnectedness.

I want an application that lets me announce to my friends when I’m out of town and my apartment is vacant or when I need a housesitter. And I want to know when people that I know are out of town and would welcome me to housesit/catsit/plantsit. As wonderful as couchsurfing.com and airbdb are, they don’t serve my needs. I don’t want the burden of having to socialize with strangers (or, realistically, friends) when I travel for work nor do I typically want to stay at strangers’ places (or have strangers stay at my place). I want an easy way to trade apartments with people that I already know. And I want to know when people’s homes are vacant, not when I’m welcome to crash at their place.

I want to be able to create a calendar of when my place is empty and see when my friends’ places are empty. I want to be able to indicate who I trust to see my empty apartment calendar. I want to be able to pivot based on location and see when there’s a specific need (like catsitting). It’d be great to message out to friends when I have a catsitting need. I don’t want to make my calendar available to just anyone that I know so opening it up to anyone in my Facebook social graph isn’t the solution. I want it to be really easy for my friends to indicate when they’re gone so that it’s not a crazy burden to keep the calendar updated. .

Perhaps there’s a tool out there that would meet my needs that I don’t know about and, if so, please tell me. But so far, I haven’t been able to find one. And I don’t think that it would be that hard to build; a minimalist tool would be good enough. I’m not sure that such an application is actually monetizable because no money is being exchanged, but perhaps travel ads could make it profitable.

Anyhow, I throw this desire to the coding wolves in the hopes that someone might make it a reality. I would be eternally grateful.

ktxby

Deception + fear + humiliation != education

I hate fear-based approaches to education. I grew up on the “this is your brain on drugs” messages and watched classmates go from being afraid of drugs to trying marijuana to deciding that all of the messages about drugs were idiotic. (Crystal meth and marijuana shouldn’t be in the same category.) Much to my frustration, adults keep turning to fear to “educate” the kids with complete disregard to the unintended consequences of this approach. Sometimes, it’s even worse. I recently received an email from a friend of mine (Chloe Cockburn) discussing an issue brought before the ACLU. She gave me permission to share this with you:

A campus police officer has been offering programs about the dangers inherent in using the internet to middle and high school assemblies. As part of her presentation she displays pictures that students have posted on their Facebook pages. The idea is to demonstrate that anyone can have access to this information, so be careful. She gains access to the students’ Facebook pages by creating false profiles claiming to be a student at the school and asking to be “friended”, evidently in violation of Facebook policy.

An ACLU affiliate received a complaint from a student at a small rural high school. The entire assembly was shown a photo of her holding a beer. The picture was not on the complainant’s Facebook page, but on one belonging to a friend of hers, who allowed access to the bogus profile created by the police officer. The complainant was not “punished” as the plaintiff above was, but she was humiliated, and she is afraid that she will not get some local scholarship aid as a result.

So here we have a police officer intentionally violating Facebook’s policy and creating a deceptive profile to entrap teenagers and humiliate them to “teach them a lesson”??? Unethical acts + deception + fear + humiliation != education. This. Makes. Me. Want. To. Scream.

“Transparency is Not Enough”

At Gov2.0 this week, I gave a talk on the importance of information literacy when addressing transparency of government data:

“Transparency is Not Enough”

I address everything from registered sex offenders to what happens when politicians don’t like data to the complexities of interpretation.  In doing so, I make three key points:

  1. Information is power, but interpretation is more powerful
  2. Data taken out of context can have unintended consequences
  3. Transparency alone is not the great equalizer

My talk is also available on YouTube if you prefer to listen to a different version of the same message (since my crib is what I intended to say and the video is what actually came out of my mouth).

Pew Research confirms that youth care about their reputation

In today’s discussions about privacy, “youth don’t care about privacy” is an irritating but popular myth. Embedded in this rhetoric is the belief that youth are reckless risk-takers who don’t care about the consequences of their actions. This couldn’t be further from the truth.

In my own work, I’ve found that teenagers care deeply about privacy in that they care about knowing how information flows and wanting influence over it. They care deeply about their reputation and leverage the tools available to help shape who they are. Of course, reputation and privacy always come back to audience. And audience is where we continuously misunderstand teenagers. They want to make sure that people they respect or admire think highly of them. But this doesn’t always mean that they care about how YOU think about them. So a teenager may be willing to sully their reputation as their parents see it if it gives them street cred that makes them cool amongst their peers. This is why reputation is so messy. There’s no universal reputation, no universal self-presentation. It’s always about audience.

The teenagers that I first started interviewing in 2004 are now young adults. Many are in college or in the army and their views on their reputation have matured. How they think about privacy and information flow has also matured. They’re thinking about a broader world. At the same time, they’re doing so having developed an understanding of these challenges through their engagement with social media. Are their ideas about these technologies perfect? Of course not. But they’re a whole lot more nuanced than those of most adults that I talk with.

Earlier today, Pew Research Center’s Internet and American Life Project released a report entitled “Reputation, Management, and Social Media” which includes a slew of data that might seem counter-intuitive to adults who have really skewed mythical views of youth and young adults. They found that young adults are more actively engaged in managing what they share online than older adults. In fact, 71% of the 18-29s interviewed in August-September of 2009 who use social network sites reported having changed their privacy settings (vs. 55% of those 50-64). Think about that. This was before Time Magazine put privacy on their front page.

Now, let’s be clear… Young adults are actively engaged in managing their reputation but they’re not always successful. The tools are confusing and companies continue to expose them without them understanding what’s happening. But the fact that they go out of their way to try to shape their information is important. It signals very clearly that young adults care deeply about information flow and reputation.

Reputation matters. This is why Pew found that 47% of 18-29s delete comments made by others on their profiles (vs. 29% of 30-49s and 26% of 50-64s). Likewise, 41% of them remove their name from photos (vs. 24% of 30-49s and 18% of 50-64s). While Pew didn’t collect data on those under 18, I’d expect that this age-wise trend would continue into that age bracket. Much of this is because of digital literacy – the younger folks understand the controls better than the older folks AND they understand the implications better. We spend a lot more time telling teenagers and young adults that there are consequences to reputation when information is put up online than we do listening to ourselves. This is also because, as always, youth are learning the hard way. As Pew notes, young adults have made mistakes that they regret. They’ve also seen their friends make mistakes that they regret. All of this leads to greater consciousness about these issues and a deeper level of engagement.

As always, this Pew report is filled to the brim with useful information that gives us a sense of what’s going on. Here are some of my favorite bullet points:

  • Young adults are still more likely than older users to say they limit the amount of information available about them online.
  • Those who know more, worry more. And those who express concern are twice as likely to say they take steps to limit the amount of information available about them online.
  • The most visible and engaged internet users are also most active in limiting the information connected to their names online.
  • The more you see footprints left by others, the more likely you are to limit your own.
  • Those who take steps to limit the information about them online are less likely to post comments online using their real name.
  • More than half of social networking users (56%) have “unfriended” others in their network.
  • Just because we’re friends doesn’t mean I’m listening: 41% of social networking users say they filter updates posted by some of their friends.
  • Young adult users of social networking sites report the lowest levels of trust in them.

This Pew report does more than inform us about privacy and reputation issues. Its data sends an important message: We need more literacy about these issues. Ironically, I think that the best thing that’s going to come about because of Facebook’s ongoing screw-ups is an increased awareness of privacy issues. When youth see that they can do one of two things with their interests: delete them or make them publicly visible to everyone, they’re going to think twice. Sure, many will still make a lot of that content publicly accessible. And others will be very angry at Facebook for not giving them a meaningful choice. But this is going to force people to think about these issues. And the more people think about it, the more they actively try to control what’s going on. (Of course, we need Facebook to stop taking controls away from people, but that’s a different story.)

Pew’s report also counters a lot of myths that I’ve been hearing. For example, the desire for anonymity isn’t dead. Facebook tends to proudly announce that its users are completely honest about their names. Guess what? Many youth don’t trust Facebook. And they’re not providing them with real names either. Just take a look at this screen shot that I grabbed from a publicly accessible Facebook profile. This image isn’t doctored and while some of the names reflect real ones, there’s a lot of obscuring going on.

If you care about youth, if you care about issues of privacy and reputation, PLEASE read the Pew report. It is an example of brilliant research and tremendous reporting.

Seeking: Technical Research Assistant for Adhoc Tasks at MSR

This position has been filled.

Microsoft Research New England is seeking an undergraduate research assistant to help out with assorted tasks for 10-20 hours/week to assist Dr. danah boyd, a social media researcher who investigates youth engagement with various genres of new media (e.g., Twitter, Facebook, MySpace, Xanga, etc.).

An RA who would enjoy this job would be technically proficient, a quick technical learner, able to change direction when something comes up, and curious to learn more about technology studies research. Projects might include tracking web content related to ongoing research projects, organizing research bibliographies, writing simple scripts to parse online data, managing mailing lists and blogs, etc.

The ideal candidate will have basic scripting skills and be familiar with Web2.0 technologies to find innovative solutions to various challenges. The ideal RA would be comfortable navigating both Microsoft Server and UNIX-based systems. Some tasks require familiarity with HTML, CSS, Javascript, SQL incarnations, Movable Type, etc. or the ability to quickly learn these languages/platforms. Others would require the candidate to find 3rd party software that could help address the challenge. In short, this position is meant for someone who is a webgeek.

The RA would be required to do most work from the Microsoft Research office in Kendall Square, Cambridge, MA but some tasks can be completed remotely. An undergraduate at a nearby university would be most appropriate for this position, although non-student locals may be considered. The position will be managed through contingent staff agency for Microsoft Research and will pay $15-$20/hour.

To apply, please send a copy of your resume and a cover letter to Paul Oka (poka@mit.edu) and CC danah boyd. Feel free to contact Paul with any questions you might have.

(See also: hiring Research Assistant/Intern for Online Safety Literature Review)

This position has been filled.

Seeking: Research Assistant/Intern for Online Safety Literature Review

The Youth Policy Working Group at Harvard’s Berkman Center for Internet and Society is looking for a research assistant intern to help update the Literature Review produced by the Internet Safety Technical Task Force. This project builds off of the Berkman Center’s work studying how youth interact with digital media and specifically seeks to draft policy prescriptions in three areas: privacy, safety, and content creation.

The ideal candidate would be a graduate student (or individual working towards entering a graduate program) who is fluent in quantitative methodologies and can interpret and evaluate statistical findings. The RA/intern would be working to extend the Lit Review from the ISTTF report to include international studies, new studies in the last year, and studies that cover a wider set of topics with respect to online safety. The products of this internship will be an updated Literature Review and a shorter white paper of the high points. Other smaller tasks may be required. This project should take 10-15 hours per week and will last at least the fall semester.

The RA/intern will work directly with Dr. danah boyd and will be a part of a broader team trying to build resources for understanding issues relating to online safety. The candidate should have solid research skills and feel confident reading scholarly research in a wide array of fields. The candidate must have library access through their own university. Before applying, the candidate should read the Literature Review and be confident that this is work that s/he could do.

Preference will be given to candidates in the Boston area, but other U.S. candidates may be considered if their skills and knowledge make them particularly ideal for this job. Unfortunately, we are unable to hire non-U.S. individuals for this job.

To apply, please send a copy of your resume and a cover letter to Catherine Bracy and danah boyd.

(See also: hiring Technical Research Assistant for Adhoc Tasks at MSR)

furniture for sale

I’m planning on selling some furniture and technology and other random things. Here’s what i’ve got right now – i’ll update this list as i find new things around my house. Photos are at Flickr. You’d have to pick the items up (in San Francisco) before July 30 (except for the mattress which would have to happen on July 31). Let me know if you have any questions!

– Blue/green dresser – $25

– full mattress and boxspring – $10 (pickup: July 31 only)

Amazon’s plastic response to phishing

So, i’m one of those obnoxious people who uses a unique email address on every single site and when i use a site where i put my credit card in, i use a string of odd letters and numbers at the end to make it less guessable. I’m very careful to not give out those email addresses outside of the company i’m dealing with and, because i use pine and a Mac, i’ve never worried about viruses. Plus, business emails go to a separate account that is removed from my primary email.

Over the holidays, i got a phishing message to my Amazon email address and i was quite upset. (I’m one of those people who has an Amazon credit card and gets the free shipping because i spend far too much money there – this is not an account i want to be fucked with.) Amazon has this whole thing about how phishing is important to them and thus they have a special reporting place. So, i write to them. What do i get back? It’s my fault, of course. In response, i get a link to learn more about how to protect myself from phishing with nothing addressing any of my specific concerns.

Fuck you very much, Amazon.

One of the things that i hate about the whole online vendors thing is that we’ve lost customer service completely. What happened to the customer is always right ethos? What happened to being really conscious of valued customers? ::sigh::

In the meantime, i’m really concerned about how the phishers got that email address and i have no idea how that might have happened. Did Amazon send the address to one of the used book people that i bought books from? How else might someone have gotten that address? Hrmfpt.