Privo Privacy Vault: How Safe is Kids Digital Data? Part 2

privo dog

July 14, 2009 Yesterday in my Part One preamble to the interview with Privo executives, I tried to give an overview of how ‘kids online safety’ is more than ‘balancing safety and fun’ it’s politics, it’s opportunistic marketing, it’s regulatory, and…it’s complicated.

With dogged tenacity here’s my attempt to sort out how to keep kids safe online (for parents, as well as for kids’ communities and educators) where the feds fit in with COPPA compliance, and sifting out what “privacy vaults’ like Privo DO to help keep even smaller players in the digital game by navigating the logistics on the ‘back end’ of powerful technology.

There are so many kids’ sites who are making worthy progress towards evolving participatory learning and embedded collaborative play instead of ‘coinage and consumption’ cues…yet I fear bureaucracy and heavy-handedness if the government gets too ‘lopsided’ in privacy lockdowns versus open source ‘permissions.’

We’ll see…Meanwhile, Denise Tayloe of answers questions after the jump. 

Shaping Youth Interview with Privo Privacy Vault Executive Denise Tayloe

privo screen

Amy Jussel/Shaping Youth: Parents just want kids to be safe online…Is it true COPPA compliance is tightening to expand in 2010 to address older ages and age verifications so we don’t have a ‘generation of fakers’ as you called it at Ypulse, where kids just enter any old age for access?

How will this reshape the online safety conversation?

Privo: The Federal Trade Commission has announced that it will expedite the regulatory review of the Children’s Online Privacy Protection Rule from 2015 to 2010 to determine whether the rule should be modified to address changes in the mobile marketplace.

That being said, the review process will provide an opportunity for extensive public comment, which will no doubt include comments seeking an increase in the age under which operators would be required to obtain parental consent prior to collection personal information from users.

The FTC has correctly stated, “[that] Congress and industry self-regulatory bodies have traditionally distinguished children aged 12 and under, who are particularly vulnerable to overreaching by marketers, from children over the age of 12, for whom strong, but more flexible protections may be appropriate.”

However, legislatures in Georgia, Illinois, and New Jersey have all introduced legislation requiring parental consent prior to minors joining social networking sites, indicating a grassroots-level support for increasing the age-level elements of COPPA.

Privo supports maintaining the current age-level elements of COPPA, but would also like to find a way to empower teens to reliably assert an age or age range to websites while maintaining control of their personal information.

Amy Jussel/Shaping Youth: You mentioned that 75% of the kids’ online communities out there “may mean well” but are NOT compliant with COPPA and need to shore up their holes.

Can you explain more about this? (you mentioned at Ypulse the ‘tell a friend’ and ‘password resets’ are often a trigger for compliance holes; what should parents ‘watch for’ in terms of service and privacy settings?)

Privo: The number of children using the hundreds of youth-oriented virtual worlds has grown dramatically recently. And Strategy Analytics expects the number of unique registrants between the ages of 5 and 9 to increase from 50 million this year to nearly 210 million by 2015. Many of the sites are amazing places for kids and are more focused on privacy and safety than their counterparts directed to teens and adults.

However, we still see a number of sites that are not fully compliant with COPPA. Among sites directed to children, the website feature that is most often NOT in compliance with COPPA has to be e-cards – or tell-a-friend – features.

In 2008, the Federal Trade Commission updated its COPPA FAQs to clarify COPPA’s application to e-card systems. This has left many children’s websites out of compliance and struggling to create a kid-friendly e-card system.

Most of the time, the sites are simply collecting too much information for the level of parental-consent that they have. On general interest sites, the problems generally lie in the age-screening process. These sites are generally looking to exclude users under 13 years-old from registering at the site.

The sites often unintentionally invite age falsification by telling users – sometimes before they enter an age, and sometimes right after they enter an age under 13 – that they have to be 13 to register. Some of these sites even allow users to back-button and change their age…

Amy Jussel/Shaping Youth: What does the ‘Privo seal’ really MEAN and why should it matter to parents if it’s self-awarded versus an FTC governing board? e.g. Where’s the value beyond perception?

(Amy’s editorial note: I’ve interviewed several sites that have ‘jumped through the hoop to earn the seal, and looked back into their 2004 ‘Safe Harbor’ app with the FTC here; it’s no easy task, but I’d like to see more disclosure on criteria)

privo sealPrivo: The posting of the Privo Privacy Assurance Program Seal signals to consumers, partners, advertisers and the government that the web site meets or exceeds the COPPA guidelines.

The Privo Seal displayed on a web site lets visitors know that the web site is a site they can encourage youth to visit and enjoy. Privo leads the industry as the first and only identity and permission management solution provider to be granted Safe Harbor Provider status by the FTC.

Amy Jussel/Shaping Youth: Regarding kids’ data: you spoke of encryption and ‘hashed’ information that’s collected and then dumped to ensure no one is ‘keeping’ information for e-havioral profiling and such…Can you explain more about this and about your privacy policies?

Privo_LockPrivo: Generally speaking, one-way hashing is a way to make anonymous – or hide – data by transforming pieces of information into fixed strings of alphanumeric characters.

For example, when the email address ‘’ is hashed, the result (“hash value”) might be ‘b8der413z69’. Every time that hash function is applied to that email address the result will be the same. It’s called one-way hashing because the function allows you to convert the data only one way. So while it is possible to convert an email address to into a hash value, it is not possible to convert that value back into the email address.

One-way hashing can be used to create a password reminder system that does not require the site to retain the user’s email address. To do this, the website collects the user’s email address during registration; applies the hash function to the email address; and associates the resulting hash value with the user’s account. The site then deletes the email address.

When the user forgets the password associated with the account, the site requests the original email address, hashes it, and compares the two hash values. If they match, the site would email the password reminder to the user.

Amy Jussel/Shaping Youth: You mentioned that mobile media is a big issue for privacy issues, particularly the GPS locators etc., so how does this fit into the 2010 expansion of COPPA compliance?

How can parents keep kids safe (from marketing predators as well as perceived strangers and peer to peer ‘prey’?)

ftcPrivo: As I mentioned before, in 2010 the FTC will REVIEW COPPA – not necessarily expand it – partially due to the increasing use of smart-phones to access the mobile Web by children.

The first and most important thing that parents can do is familiarize themselves with their carrier’s parental controls. The top wireless carriers serving the U.S. currently offer for free parental controls generally including the ability to turn off Internet access; the ability to filter web content; and the ability to block unwanted text messages or phone calls.

Once parents know how to control content and access on their kid’s phones, they can make better decisions about what sorts of controls are appropriate for their family.

Amy Jussel/Shaping Youth: How are the state Attorneys General shaping this conversation versus the federal digital dialog on FTC and COPPA compliance?

Where does Privo stand in the mix, beyond trying to get everyone to walk the walk in compliance so regulations don’t freeze out growth of the kids’ digital sandbox?

Privo: COPPA provides enforcement power to both the FTC and the states, generally through the state Attorneys General. The FTC has been the most active government agency in enforcing COPPA, however several states – most notably Texas in 2007, have sought to enforce COPPA in federal court. The Attorneys General Multi-State Working Group on Social Networking has focused extensively on the feasibility of mandatory age-verification in general.

Amy Jussel/Shaping Youth: Are you familiar with Jeff Chester’s work at Center for Digital Democracy? (he was one of the originators of COPPA, a net neutrality advocate, and works to safeguard the internet from marketing monopolies and commercial/predatory practices)

Further, will the Kids Online UnConference in Nov. 09 embrace parents and thought leaders from inside AND outside the industry or is it mostly for industry how-tos and best practices?

Could there be a ‘mashup’ to use the Ypulse vernacular to include all voices in the conversation concurrently, with breakout sessions and table talks?

kids-onlinePrivo: The next Kids Online UnConference will take place in November 2009  in Mountain View, California following the Identity Common Conference.

The Kids Online forum will attempt to reach out to all interested parties to let them know about the UnConference. We’re hoping to have a diverse range of stakeholders with an interest in kids safety online to work collaboratively on understanding and addressing questions and issues regarding standards and norms in the industry.

Jeff Chester brings an important perspective to the conversation and we sincerely hope he will choose to participate in the UnConference. The conference uses open space to support the agenda creation the day of the event.  It’s somewhat unconventional but it’s also had incredible results to support information exchange and field development among the conferences’ participants.

Nov. ’09 Conference participants will include:

Ø     Online Community/Virtual World Managers
Ø     Policy Officers and Security Officers at large companies
Ø     Consultants in the kids online space
Ø     Identity Technologists
Ø     State Attorneys General
Ø     Legislative Staffers
Ø     Parents and Kids
Ø     Academics in the field
Ø     Bloggers
Ø     Kids
Ø     Parents

Amy Jussel/Shaping Youth: I look forward to helping ‘shape’ the conversation with ALL the thought leaders at the Kids Online UnConference…I found it to be an incredibly useful information exchange where people can sort their own sessions, data and advocacy levels, reprioritizing our own interests on the spot, by the hour!

So far it’s right up there with the Ypulse Mashup Lunch Roundtable in terms of favorites for “free exchange” of ideas…and moreover, next steps for implementation.

Readers? You can join the Kids Online Balancing Safety & Fun wiki here and lob your concerns into the mix, youth, parent, educator, or pro…

Like any good startup, the consortium is in its infancy so ripe for leadership, strong voices and listening skills that respect all sides being heard, so join in to help create the community so it’s not over-run by marketers, please!

cdd bannerUp soon? Jeff Chester from the CDD: Center for Digital Democracy will weigh in on all of this from a policy and practices standpoint…(No this isn’t Mary Matalin and James Carville entertaining point-counterpoint fun and games, there’s more overlap than you might imagine)

Meanwhile, weigh in with your thoughts.

It’s no secret I’m a big fan of ‘checks and balances’ so strongly feel NO ‘vested interest’ should have carte blanche or universal mega-monopolies on media and marketing agendas…(whether it’s government agencies, big media, regulators, privacy vaults like Privo, or Google e-havioral divisions for that matter!)

So how CAN and how SHOULD we ‘balance safety and fun?’

How can we sort out the FTC/FCC policies and pragmatics without having them stranglehold utility or creative  concepts that could do a world of good? I’m listening…

Follow me on Twitterp.s. Also, please “Tweet me @ShapingYouth” with your questions for Jeff Chester or leave a comment here and help me ‘shape’ the interview for our next phone chat. (yes, I finally succumbed to Twitter using it sparingly) Do you feel behavioral profiling should be permissions-based ONLY? What about ages for COPPA…Under 13? Under 18? Open source by opt-in only? What say you?

Do you differentiate between ‘privacy practices’ and ‘data mining’ or does it dump into the same kids silo for you?

cell-phone-order-lgp.p.s. And here’s my question/plea for green teens in tech:

Could somebody please create limited opt-in mobile apps for digital e-coupons (versus carte blanche access) and stop wasting trees to redeem a ‘buy one get one’ like I needed for the Jamba Juice promo yesterday? Again, a ‘fabulously frugal’ win-win, if done correctly. Who doesn’t wanna ‘twofer’?

Who else is playing in this realm beyond CellFire who just announced their new Safeway digital coupon dealThis is a classic case where teens may want to ‘opt-in’ for favorite brands’ special savings but it should be in THEIR hands…again, complicated.

I sure don’t know enough about the privacy e-havioral side of mobile, and last thing I need is a cluttered cellphone, no, no, NO! So…there’s my first question for Jeff Chester on how to blend utility without compromising privacy. More questions and ethical concerns, please? Fire away!

7-15-update: Jeff’s on a tight time crunch this week, so standby, interview will post next week…Meanwhile, back to ‘regularly scheduled programming’! 😉


Speak Your Mind