POCKET Protection

• Author: Janine Hiller,France Belanger,Jung‐Min Park,Michael Hsiao
• Date: 01 September 2008
• DOI: http://doi.org/10.1111/j.1744-1714.2008.00061.x
• Published date: 01 September 2008

POCKET Protection

Janine Hiller,

n

France Belanger,

nn

Michael Hsiao,

nnn

and

Jung-Min Park

****

I. INTRODUCTION

In December 2006 the online Web site Xanga.com was fined $1 million for

failing to protect children’s privacy as required under the Children’s On-

line Privacy Protection Act (COPPA).

1

The Federal Trade Commission

(FTC) estimated that 1.7 million accounts were created by underaged

children without their parent’s knowledge or consent.

2

Although the site

asked for a person’s age before completing registration, warning those

under thirteen that they could not participate, nevertheless the system al-

lowed those who subsequently entered birthdates indicating that they were

under thirteen to simply continue the process of registration and to access

and post information on the site.

3

Xanga also collected information from

the children, including name, address, cell phone number, and instant

messenger identification, which they posted in the child’s online profile.

r2008, Copyright the Authors

Journal compilation r2008, Copyright the Author

417

American Business Law Journal

Volume 45, Issue 3, 417–453, Fall 2008

n

Professor of Business Law, VirginiaTech, Blacksburg, Virginia.This research was supported,

in part, by a grant from the National Science Foundation Cybertrust Program, #CNS-

0524052. We would liketo thank the participants in the 2007 Huber Hurst Research Seminar

for their insightful comments and the University of Florida, Department of Management, for

their sponsorship of the symposium.

nn

Professor, Accounting & Information Systems, Virginia Tech.

nnn

Professor, Electrical & Computer Engineering, Virginia Tech.

nnnn

Assistant Professor, Electrical & Computer Engineering, Virginia Tech.

1

Press Release, FTC, Xanga to Pay $1 Million to Violating Children’s Online Privacy Protec-

tion Rule (Sept. 6, 2006), http://www.ftc.gov/opa/2006/09/xanga.shtm. COPPA is found at 15

U.S.C. §§ 6501–6506 (2000).

2

See Press Release, supra note 1.

3

See id.

The potential danger to young children was that this personally identifi-

able physical information was easily available online; the social networking

site design encouraged communication and personal contact between reg-

istered users. Children could post profiles, pictures, and videos as well as

communicate directly with other users.

4

The FTC fine against Xanga was

the largest ever imposed under COPPA; the settlement of the complaint

required Xanga to pay a $1 million fine, implement policies compliant with

COPPA, file additional status reports, and submit to monitoring by the

FTC.

5

The Internet brings rich content to children and expands their ho-

rizons, but at the same time creates dangers and risks to their privacy and

well-being. The recent massive and blatant failure of Xanga to follow

COPPA is evidence that significant dangers to children still exist, despite

the efforts of statutory protection. Protecting children’s privacy today is

essential because children are online at an increasingly younger age. A

child’s advanced technological sophistication that enables him to use the

Internet does not match his worldly naı¨vete

´, and the dangers to children

who share personal information are significant. Risks of harm can range

from the threats of a child predator to the targeting and profiling of a

commercial online marketer.

In Part II, this article describes the participation of children on the

Internet, noting its exponential growth in recent years. Ne xt, in Part III,

the article examines the history of protecting children online. Part IV re-

views the regulatory parameters of COPPA. COPPA was designed with the

goal of interposing parental involvement in their child’s electronic inter-

actions by requiring parental consent for the collection of a child’s personal

information; ensuing regulations initially relied on the promise of emerg-

ing technologies to aid parents in this endeavor. The promise of a tech-

nological solution never materialized, however, and regulations setting

standards for parental consent continue to be limited to the same methods

as those available in 2000. Clearly, Internet and communications technol-

ogy have progressed rapidly and significantly in over seven years, yet pro-

tection of children’s privacy seems to have been left behind. Finally, in Part

V, we propose a solution to this problem, providing evidence that the legal

protections sought in COPPA can be implemented technically. This section

4

See id.

5

Id.

418 Vol. 45 / American Business Law Journal

briefly describes POCKET (Parental Online Consent for Kids’ Electronic

Transactions), a technologyconcept we developed, under a National Science

Foundation Cybertrust grant, to help protect children’s privacy online.

A technological solution to protecting children online can be inte-

grated into the legal framework, if parents, e-businesses, and regulators

will take responsibility for its development, adoption, and use. We argue

that it is possible, through the coordination of law and technology, to fa-

cilitate a parent’s protection of his or her child in the online environment.

The technology promise to protect children that seemed so near when

COPPA was initially adopted should not be abandoned for less effective

regulatory standards.

II. THE NATURE OF CHILDREN ONLINE

In 1997 14% of school-age children were online.

6

The FTC noted that the

most prevalent activities for children online were ‘‘homework, informal

learning, browsing, playing games, corresponding with electronic pen pals

by e-mail, placing messages on electronic bulletin boards and participating

in chat rooms.’’

7

Foreshadowing the future, the FTC commented in 1998

that the ‘‘most potentially serious safety concern is presented by the post-

ing of personal identifying information by and about children . . . in in-

teractive public areas . . . that are accessible to all online users.’’

8

A few

short years later, 2003 statistics reported the number of children online by

age: 19.9% between the ages of 3–4, 42.0% between the ages of 5–9, and

67.3% between the ages of 10–13.

9

The exponential increase in the num-

bers of children online, at increasingly younger ages, is an important rea-

son to be concerned for their privacy.

Children participate in many activities online, accessing the Internet

for information, help with homework, entertainment, and interaction.

10

6

FTC, PRIVACY ONLINE:AREPORT TO CONGRESS 4 (1998) [hereinafter FTC 1998 REPORT].

7

Id.

8

Id.at5.

9

U.S. DEP’TOFCOMMERCE,ANATION ONLINE:ENTERING THE BROADBAND AGE, app. 2 (Sept.

2004), www.ntia.doc.gov/reports/anol/NationOnlineBroadband04.pdf.

10

Sonia Livingstone, Children’s Use of the Internet: Reflections on the Emerging Research Agenda,5

NEW MEDIA &SOC’Y147, 149 (2003).

2008 / POCKET Protection 419