| Comment Number: | 514511-00004 |
| Received: | 1/28/2005 10:55:48 PM |
| Organization: | Individual |
| Commenter: | Scot Wallace-Zeid |
| State: | VA |
| Agency: | Federal Trade Commission |
| Rule: | Notice of Proposed Rulemaking, Request for Comment |
| Docket ID: | 3084-AB00 |
| No Attachments |
Comments:
To the FTC and other readers of this comment: I enjoy this opportunity to comment on the proposed amendment to the Children's Online Privacy Protection Rule ("COPPR") that will make the sliding scale ("Scale") permanent. First, relating to use of digital signatures for verifying that the person providing verifiable parental consent ("VPC") to use, disclose, and/or collect ("Use") a person under the age of thirteen ("Child")'s personally identifiable information ("PII") is actually the parent or legal guardian ("Parent") of said child, as of the date this comment was submitted (January 28, 2005), any user of the World Wide Web can obtain, for no charge to said user, a digital certificate from a trusted Certification Authority ("Certificate") that certifies that the sender of any e-mail message ("E-Mail") is actually said sender, and not a third party. Therefore, a Child can successfully obtain a Certificate for said purpose. The same can also be done by a Parent. Also, by obtaining a Certificate, a Child could provide fake VPC to Use PII. E-Mail management programs are capable of being set to automatically digitally sign an E-Mail. Therefore, a Child could use his/her Parent's E-Mail Account to provide fake VPC to Use PII, with or without Parent's knowledge. I consider that to be fraudulent because the Child is NOT actually Parent. Unless combined with government-issued identification (driver's license, photo identification, military identification) by means of collecting and verifying a number assigned to said government-issued identification ("GI-ID"), this method of obtaining VPC is unreliable. Use of GI-ID to identify Parent as Parent could be used today to reliably obtain VPC. However, Parent may not be willing to provide a GI-ID number due to fear of identity theft. Use of a secure server certified with a Certificate would be a good workaround for this potential issue. Moving on to eliminating the Scale ("Elimination"), this may encourage disclosure of Child's PII to a third-party (other subscriber to an online service, company, etc.). However, Elimination would greatly simplify the process of obtaining VPC by a company wishing to disclose PII to third-parties. I would probably recommend Elimination. Also, a Child can currently obtain a debit card from a financial institution. GI-ID number verification would overcome this issue. I believe, relating to the Children's Online Privacy Protection Act of 1998 ("COPPA") itself, that most Operators have no intent to harm a Child by Using the Child's PII. Therefore, why do we need the COPPA? Without it, I believe it would be much easier for legitimate companies to Use the Child's PII. Also, to clear Operators’ confusions, do personal Web sites operated by law-abiding, legitimate Operators have to comply with COPPA and COPPR? Thank you for viewing this comment. Sincerely, Scot Wallace-Zeid Send comment on this letter to . The subject should be "RE: FTC COPPR Sliding Scale Comment by Scot Wallace-Zeid." �