June 11, 1999
I submit the following comments in response to the Commission's Notice of Proposed Rulemaking to Implement the Children's Online Privacy Protection Act of 1998. These remarks respond to the Question posed by the Commission, soliciting comments on provisions in the proposed Children's Online Privacy Protection Rule (the "Rule"). This comment is to replace our earlier comment.
We support FTC rules to protect children privacy. High cost of compliance (cost per parent verification) is often mentioned as the main hindrance for companies to obtain parental consent. Our company would like to offer this service free to Internet users and companies with high children traffic. More detail follows:
Representatives of Companies with high children traffic please feel free to contact me for further information about our service.
Analysis of merits of other methods of Parental Consent obtainment and verification mentioned in the Rule:
1. "(1) a consent form to be signed by the parent and returned to the operator by postal mail or facsimile"
This option is inadequate because children themselves can sign for parents and submit it to the operator. How operator will now if the signature is authentic?
2. "(3) a toll-free telephone number that parents could call" - This presumes that operators will have phone staff which can distinguish parents voices from children or their elder siblings. This is often hard to do, say, between mothers and daughters. And there is no track record or technology involved it is just a human judgment call which is subject to errors.
3. "(4) an e-mail accompanied by a valid digital signature. ":
This option is inadequate as well. Here is why:
Anybody including kids can go to, say, Verisign and get free trial digital certificate many times over. If you look in their logs you can see many Bill Clinton's digital certificates, for example, were issued to people who are obviously not him. In, essence as the rule reads there is very little and insignificant difference between a simple email verification and "4) an e-mail accompanied by a valid digital signature." Nowadays anybody can get a valid digital signature by getting a free trial digital certificate in anybody's name even by simply installing Internet Explorer 5! Also many email clients in wide use (like AOL) do not support digitally signing e-mail.
From this analysis it can be seen that the only reasonable way to obtain Parental Consent is to use credit card based verification.