THE BLOG
10/03/2012 05:21 pm ET Updated Dec 03, 2012

Cybersecurity Under the COPPA Cabana

It came to my attention looking through my own Facebook Timeline that children being born right now could very well have their entire lives documented online -- from birth, if their parents have accounts and upload photos of them. And it brought up a few thoughts: one, what a colossal bummer it would be to have your awkward stage documented for hundreds of people to see; and two, how children are growing up online now and need security.

The Obama administration made its mark as a campaign of technology, and as such they've made it a point to take on issues of broadband coverage and cybersecurity in legislation. But their latest set of changes has a hurdle to jump -- and it's not Congressional gridlock or stubborn Republicans. For maybe the first time, the Obama administration has to take on a force that helped him get elected in the first place.

They have to take on Facebook and Twitter.

The fight is breaking out over a Clinton era law called the Children's Online Privacy Protection Act of 1998 -- more commonly known as COPPA, because all Internet laws get catchy acronyms. The law was designed to protect children 13 or younger from having personal information collected by websites, as well as setting standards for all website privacy policies. It also sets guidelines of verifiable consent from parents or guardians, and sets restrictions on online marketers advertising to Internet users under the age of 13.

Currently, both Facebook, Google+, and social media relic Myspace have bowed to this law and required all of its users to be 13 or older -- though it doesn't take a rocket scientist of a 12-year-old to fake a birthday and get an account. Twitter used to require users to be 13 or older, but no longer does.

The law is great in theory, but not very well enforced. And like many other Internet laws, it has the unfortunate problem of being outdated -- in 1998, sites like Facebook and Twitter hadn't been started, and the first smartphone (the Blackberry) wasn't introduced until a year later in 1999. Issues that we have now, as a society of gadgets, didn't exist at the time -- which is exactly why the Federal Trade Commission wants to make these changes. From the Washington Post:

"[The FTC] did not foresee how easy and commonplace it would become for child-directed services to integrate social networking and other personal information collection features into the content offered to their users, without maintaining ownership, control, or access to the personal data."

"Given these changes in technology the Commission now believes that an operator of a child-directed site or service that chooses to integrate into a site or service other services that collect personal information from its visitors should be considered a covered operator under the rule."

The proposed changes the administration are trying to make concern the third party buttons on websites, and the challenges brought up by tablets and smartphones -- trying to take these gaps in cybersecurity law and find a solution to closing those gaps. On almost every webpage out there now (including this blog, I'm sure), there are buttons to "like" something on Facebook, to "tweet" something out on Twitter, to "+1" something for Google+, and probably an e-mail button if you're old-school. When a user clicks on one of these buttons, it enables the third party site to gather their information for future use -- usually for online advertising. This is a technological loophole to parental consent and the subject of a bunch of online cybersecurity concerns.

On the smartphone and tablet front, it aims to protect children under 13 from advertising through applications, some of which are marketed to children and even toddlers. If a kid is borrowing Mommy's tablet and playing Angry Birds, are they really going to think about the security implications of that app?

The opposition to these proposed changes says that changing COPPA -- already controversial -- would violate their companies' 1st Amendment rights by holding these sites accountable for what their advertising partners do with the gathered information. Google said that this law change would keep them from providing educational and "engaging" information to children, and Facebook said that the FTC "fundamentally misunderstands" the link between plug-in providers and the sites they partner with. Facebook founder Mark Zuckerberg went so far as to say that children should be allowed to use Internet sites before they turn 13, so they can learn how to be safe online on their own -- and how this Internet education could help the United States economically in the long term.

Looking at the proposed changes to COPPA, I believe that the FTC needs to sharply tailor their language on restrictions to third party sites and information gathering. If the wording of the law is too loose as it was with the last incarnation of COPPA, it won't be effective in keeping children safe - it hasn't been very effective thus far because of lack of enforcement. It will also tie up free speech on these sites. Lawmakers also need to consider what they're doing with Do Not Track and the concurrences and conflicts between the two laws.

Furthermore, the FTC and lawmakers need to have a discussion of how protected and how free children should be online. Obviously this is a discussion that needs to involve parents and have a certain amount of freedom for parents to decide what is appropriate for their children and what is not, seeing how a good portion of COPPA involves parental consent.

What lawmakers have to keep mind is that their restrictions aimed at protecting children cannot infringe on the freedom of speech of those above 13 -- something easier said than done. Unlike legal "special places" like schools, prisons and military bases with judicially allowed restrictions of free expression, the Internet was designed to be a forum of ideas and information, and a technological free space for speech, discussion, and expression. While children undoubtedly need special consideration online, the measures that the administration comes up should be respectful of adults' first amendment rights as well as protect children from unnecessary information sharing online.

Above all this legislation going forward, I think that as a nation we should educate our children on cybersecurity, and how to use the Internet responsibly. Technology is unavoidable, and children are exposed to it earlier and earlier -- my two-year-old cousin knew how to work an iPhone before I, a 23-year-old, ever owned one. To demonstrate to kids under 13 how to use the Internet earlier rather than later can only help in the fight to keep Internet users secure, and to make cybersecurity a collaborative effort between Internet users and legislators.