Federal Trade Commission
600 Pennsylvania Ave NW
Washington, D. C. 20580
Subject: Childrens Online Privacy Protection Rule Comment, P994504
As a former early childhood educator, field market research specialist, current small business owner, mother of two and concerned citizen, I feel that this regulation will accomplish a lot toward making children under 13 years of age safer. Thank you for recognizing the importance and addressing this issue. When we began "doing our homework" to write a response to this proposal we already knew of its importance. However it wasnt until my colleague responded to an email inviting her to send her children to a kid-safe, kid-friendly place, that we were force-fed a true dose of reality. She traveled to the site out of professional curiosity but made discoveries there that caused us to see the magnitude and the ramifications of what is happening daily in millions of homes across our nation and throughout the world without the knowledge of computer owners. The gross violation of privacy that was discovered would have escaped most people but she was sensitive to it because of our on-going research for this paper. It was certainly a timely discovery. We sincerely thank you for the opportunity to comment on the Federal Trade Commissions Notice of Proposed Rulemaking to Implement the Childrens Online Privacy Protection Act of 1998. Our response to the Commissions request for comments on various aspects of the proposed Rule is grouped by assigned number and topic.
Question 2 INTERNET definition acceptable
Question 3 a/ 3b Is this definition clear and what is the impact of defining the term in this way?
We perceive this area to be particularly ambiguous because the term "OPERATOR" is all encompassing, including entities that perform vastly different roles in the process. For clarification purposes, we suggest that term "OPERATOR" be divided into descriptive categories. To better illustrate, we have outlined below an example of how the individual entities now termed "OPERATOR" might be classified. There should be differentiation based on responsibility that is assigned to each of them because of the level of control of information, its content and the "OPERATORS" advantage of "inducement".
(A). Silent parent-child- A relationship, in which an undisclosed "parent" owns
The site, is privy to all information gathered but is not identified in the privacy
Statement. (Could even be an international partner)
(B). Identified Business Alliance "Alliance -partners" are separate, but by the
Web site design may have access to each others information.
(C). Referring Site -A site with a hyper-link for the purpose of expanded or
(D). Reflector site (troller) A site which complies with the letter of the
regulation but offers links to sites that collect information in return for
"providing something". This second site may not comply with privacy
(E). Mis-direction - A person becomes comfortable and less guarded and is
referred to another site for a seemingly innocent purpose. [Ex. A child can not
display a picture on the site and is referred to another site to gain the needed
software to properly view it. The new site, in addition to providing the
required software driver or applet with undocumented additional features,
which collect information, and at a pre-determined time returns home without
the family knowing that it has been monitored.]
Question 4 PERSISTENT PERSONAL INFORMATION - We suggest the following additions:
When we log on to a web site, the computer browser offers the server hosting the site, information about your machine its hardware, software, your URL and even us! According to advanced technical manuals, the original intent of this feature was to assist the web designer to account for differences in the hardware and software available in order to ensure a correctly displayed page.
Identifier /revealer (b)
This type of identifier is embedded in software or drivers. The identifier records selected information and at predetermined intervals, without the knowledge or indication to the user, it returns the collected personal data to its point of origin.
AN ANALOGY: would be LIKE: A child brings home a cuddly teddy bear with a hidden recording device inside such as a video or audio tape recorder. The next day the child goes back to school with the toy and returns it to the owner. The owner then plays the tape, which contains very personal & private data.
In conclusion, our research indicates that these feature are not well known to the average user, but that they are well-documented in advanced technical manuals used by Web designers for Reference. However, we have discovered that the most recent browsers, several applets, and programs have deliberately embedded these "little jewels". One company is so bold that they boast that they wont inconvenience the client, by requiring an action on their part and will wait until the next Internet sign-on to automatically glean the information. Our major concern is that this same information, if not required to be protected by law, could reveal and perhaps even sell sensitive material about us, without our knowledge or permission.
In addition to cookies there are information revealer (Q3a), The information revealer works as follows: When we accesses a web site, the server hosting the site receives, from our browser, a data-object named "navigator" (not to be confused with the name of a popular browser). This parameter contains information about the machine hardware, software, and information about the user such as the users URL, several previously visited URL, a log of actions taken while visiting the URL, and a plethora of other information.
In addition we suggest that his section should be expanded to include these additional "elint-types" of collection. (reflector, mis-direction, informer/revealer)
Question 5a & 5b OPERATORs obligations for notice placement the following reservations
This sub-section of the rule is well designed and clearly specifies to Web designers how to place the notice. The challenge is to find a way to find a way to get and hold the attention of an age group that spans a decade. The little ones may not recognize or understand the nature of the warning and the older ones may not care. As an educator, my experience is that young children can be taught to recognize and relate to a universal symbol, or icon and the older children think icons are "awesome" especially when they are animated. We have explored the idea of using a small cat icon, named cyber. We are willing to provide the FTC commission artwork and sample text from our beta site. (Without restrictions).
If this cat symbol was mandated to be on any site that could potentially reach the eyes of children under 13 a campaign to introduce this concept could be included as part of an awareness unit on computer- safety. "Cyber the cat" would show where you can play on the Web.
The icon would hyperlink to a standardized notice written at childs level. This icon would be in addition to the normal icon for adults.
Question 6 Multiple OPERATORS Identify information We agree and hope that this provision will be included in the final draft.
Question 7 Third party agreements: To maintain confidentiality-It is impossible to make an informed opinion about sites potential for harm with out all the facts. We hope you require that third parties must be listed and bound by the privacy statement of the primary site.
Question 8 OPERATOR stated parental right to review information Put it in both places. It is not harmful to a parent to receive the notice twice. What is harmful is to not be informed at all.
Question 9 OPERATOR provided direct notice to parent -If the site uses any on-line form registration collection methods, they should be required to use that same method for requests and parental denials of use for the information. Please consider adding that the web site should immediately e-mail a copy of the current privacy statement and revision number, with the date of posting.
Question 10 Content of parental notice of contact from their child -The proposed rule does not currently require that web sites assign version number to their privacy statement forms or to print an explanation of the revision changes. As a legal maneuver around binding privacy contracts, some sites are now issuing a "user site license" requiring silent agreement with the current terms of the sites privacy statement, which is subject to change without further notice.
Question 11, 12,13,14,15,16,17,18 No comment
Question 19 Protect safety of child -the following reservations -Please be more specific as to your definition of "protection" of the child and the procedure. Did you mean intervention for the safety of the child (i.e. suicide, child abuse,)?
Question 20 Limited purpose data usage - the following reservations
There are are automatic functions available to the web operator to protect the site. As explained earlier in this letter. The data-object named "navigator" provides the URL from which the user came. Further more, the statistical packages used to monitor URL performance will generate a history of visitors.
Question 21 Special exceptions - Why open the door to the political process?
Right of the parent to view personal information provided by the child:
Question 22 -No comment
Prohibition against conditioning a childs participation of personal information:
Question 23 Conditional participation for child My colleague recent visit to a self proclaimed and shielded site asked for the following information as participation in site activities over a 15-min period of time. Each individual tid-bit of information requested was harmless but the cumulative effect created a total breach of privacy:
1. To better view a picture in full color it told her that she needed to load a plug-in. The plug-in provided Frequently Asked Questions describing the current version as fixing the previous security leak. The security leaks was that when any cookie was picked up, their cookie information went too. Their cookie was to collect all the names and URL visited from the entire family. After download and installing she discovered that the "free" download was the old security-leaking version not the new advertised to be secure version.
2. It asked for her initials because she had achieved one of the top 20 highest scores. But, when she reviewed the top 20 scores she discovered that she was not even close. She went to another area of the site and returned later. The second time when she played the game, she was told again that she had a top 20 score, only this time her score was significantly less that the previous one.
3. In order to determine FREE offers, It asked her to identify her state from a predetermined set of states.
4. It asked which city to narrow the listed offers. Experimentation with the options showed that the list was the same no matter what city was chosen. It was clearly a gimmick to acquire her city and state.
5. It asked her to send an e-mail post card to 5 friends. There was no screening for age and the post card had an active link back to the site.
6. It asked her to call an 800 number to register for a free voice mail. This diversion to a phone can take place in minutes at any time of the day or night without any parental supervision. The combination of the security leaking applet and the voice mail and resulting caller ID information provided the website IT Admin with a name, physical address and other information from the computers URL.
7. It offered her a screen saver through download that could be upgraded for certain behaviors. The offered link was to site only identified by xxx.xxx.xxx.xxx.
Upon linking to the home page of that nameless/numbered site, she discovered that the site was a prominent US computer company using an overseas site to provide the freebee.
Question 24a b c Operators to establish and maintain reasonable procedures - The industry uses a secure server to transmit sensitive information for adults because the Internet has leaks. It is widely accepted that a person with a technical level of expertise can monitor other sites information transfer. The web site should be required to use a secure server to transmit childrens information to them. This will prevent the site from convenient leaks of information without the repercussions of improper disclosure.
The concept of Safe harbor is clearly the best incentive for the Internet industry to monitor its privacy activities. As proposed currently, there are problems, which will render this act totally ineffective in the prosecution of violators. We believe that the system can be slightly modified and close up the problem.
We suggest that:
The regulation require the registration of all companies offering a shield program that would qualify participates for safe harbor status at no charge.
FTC Issue its own shield verifying that the Service Company is a registered to provide safe harbors.
Publish on web a list of violators of either privacy act for a period of three years.
Require shield /safe harbor providers to monitor clients, quarterly.
Require shield / harbor companies to actively seek feedback with a response form on the verification page.
Require shield companies to maintain customer complaints for three years, reporting through a standardized database format.
Update and cross-reference databases every 6 months to FTC & carry cross-ref database for companies who change name
Forward every investigation to FTC, who would make the decision to list or sanction.
There is a perfect example of the current system failure. A shield company cited a fortune 500 company. The company made statements on the privacy statement that was contrary to the actual privacy conduct. A citizen complained to the shield for improper handling and collection policies. The fortune 500 company admitted the improper procedure publicly only after disclosure by a third party. The shield company investigation concluded that they had indeed violated the policy, yet took no action. Publicly published statements confirmed this by the Shield Company.
Question 25,26,27,28 - These are ideal topics for the upcoming workshop where brainstorming will perfect the product.