In the Matter of
Children's Online Privacy Protection Rule:
Notice of Proposed Rulemaking To Amend the Rule to Permit Use of a Particular Method of Securing Verifiable Parent Consent Until April 21, 2004
COMMENTS OF THE NATIONAL CABLE & TELECOMMUNICATIONS ASSOCIATION
The National Cable & Telecommunications Association ("NCTA"), by its attorneys, hereby submits its comments in the above-captioned proceeding. NCTA is the principal trade association for the cable television industry, representing the operators of cable systems serving over 90 percent of the nation's cable customers. NCTA's members also include more than 200 cable program networks, and other companies that provide equipment and services to the industry.
In the Notice of Proposed Rulemaking ("Notice"), the Federal Trade Commission ("FTC") proposes to amend its Children's Online Privacy Protection Rule to extend the "sliding scale" mechanism for obtaining verifiable parental consent for two years. In particular, the Notice proposes to extend the period during which websites directed to children can use an e-mail message from the parent, coupled with additional steps, to obtain verifiable parental consent for the collection of personal information from children. The amended rule would extend the deadline for e-mail consent from April 21, 2002 to April 21, 2004, at which time advanced methods of electronic consent would be required.
NCTA supports the two-year extension. But it appears that this will be an inadequate amount of time given the state of development of advanced electronic consent mechanisms. NCTA urges the Commission, therefore, to retain the current "sliding scale" approach to parental consent until such time cost-effective digital signature and other secure electronic technology are widely available.
The Children's Online Privacy Protection Rule governs the online collection of personal information from children under the age of 13. It requires operators of websites or online services directed to children, and general audience websites that knowingly collect personal information from children to, among other things, provide notice of how they collect, use, and disclose such information. The Rule requires operators to obtain verifiable consent from a parent before they collect personal information from children.
The FTC adopted a "sliding scale" approach to obtaining parental consent, which depends upon how the operator intends to use the information. As explained in the Final Rule, "the more reliable methods of consent will be required for activities involving chat rooms, message boards, disclosures to third parties, and other 'disclosures'" as defined in the Rule.(1) These methods include having the parent use a print-and-send form, credit card, toll-free number, or digital signature, as well as other reliable verification products and services to the extent that they are currently available.(2)
For internal uses of information, such as marketing to a child based on the child's preferences, the Rule provides that "operators will be permitted to use e-mail to obtain consent, as long as some additional steps are taken to provide assurances that the parent is providing the consent."(3) The additional steps include sending a delayed confirmatory e-mail to the parent following receipt of consent, or obtaining a postal address or telephone number from the parent and confirming the parent's consent by letter or telephone call.(4) This "sliding scale" mechanism is set to expire on April 21, 2002, and thereafter website operators will be required to obtain verifiable parental consent using the more advanced authentication methods.
At the time the Rule was adopted, the Commission believed that the sliding scale mechanism was necessary only in the short term because, with advances in technology, more reliable electronic methods of verifying consent would soon be widely available for all transactions. The record showed that a number of secure electronic products and services, notably digital signatures, were in development and would soon be available at reasonable cost. However, as the Commission now recognizes, "the expected progress in available technology has not yet occurred."(5) Although some companies are experimenting with the technology, it appears that widespread commercial use is still far off into the future.
Among the major barriers to wide-scale deployment is the cost and still-developing research on consumer acceptance and willingness to invest in the technology for various on-line uses, including children's Internet use. The Electronic Signatures in Global and National Commerce Act (ESIGN) Study and Public Workshop conducted by the FTC and the Department of Commerce earlier this year revealed the many questions surrounding digital signature technology for electronic records and legal documents.(6) Verisign Corporation explained, for example, that its Verisign PKI digital certificate software "may be slow in developing," suggesting that early adoption of the technology is "not likely to result from the consumer consent provisions of ESIGN" but rather through broad deployment for large-scale government applications.(7) Other companies pointed out that even businesses are slow to implement digital signature or certificate technology for e-commerce given uncertainties about what applications will drive the technology.(8)
The evidence shows that electronic on-line methods of verification are in such a nascent stage of development that it is too early to predict when they will ubiquitous. Given this uncertainty, NCTA believes that the Commission should extend the sliding scale approach until such technology is available on a wide-scale and cost-effective basis.
Such action is all the more appropriate since there is no evidence that the current system does not work to protect children. The combination of e-mail consent and additional back-up steps, such as a delayed confirmatory e-mail to parents, has proven to be an effective means of protecting children from any on-line data collection abuses. NCTA member companies that offer television and on-line content have invested substantial resources to implement the sliding scale mechanism for the benefit of those families that use their web-based services. In particular, they have spent significant money designing sites, installing hardware, and deploying technology to develop a very workable and effective parental consent system. NCTA is not aware of any complaints against member companies for infringement of children's on-line privacy. To the extent these companies collect data, it is only being used for internal purposes and is not disclosed to third parties.
In light of the unavailability of digital signature technology and other advanced methods of on-line parental consent, NCTA urges the Commission to retain the current sliding scale mechanism until such time more reliable electronic consent methods are widely available and affordable.
Jill Luckett, Vice President Daniel L.
November 30, 2001
1. Children's Online Privacy Protection Rule, Final Rule, 64 Fed. Reg. 59888, 59902 (November 3, 1999).
5. Notice at 1.
7. Comments of Verisign Corporation, ESIGN Study, Comment P004102, March 16, 2001.
8. 8 ESIGN Public Workshop, Proceedings, April 3, 2001 (see e.g. statements of Thomas Greco, Digital Signature Trust Company).