Wednesday, December 19, 2012

FTC updates COPPA for 21st Century; some provisions could have hidden consequences for ISP;s and ordinary sites

The Federal Trade Commission has updated its interpretation and administration of the COPPA act, with a press release today, link (website url) here.

One of the most important provisions is to include geolocation as personal information that may not be collected about minors without parental consent.  Other information now regarded as “personal” includes server log information such as IP address (relative and absolute) and routing history.

Theoretically, the latter provision could affect even me (with because I can see IP addresses on server logs, and in some cases identify who might have done the access or Google search.  

This capability was actually important in doing forensics on an incident with one of my web postings when I was substitute teaching in 2005.  I’ll have to stay tuned on this one, to see if there is any downstream impact.   (There more details about that incident on the "Bill Boushka" blog for Jiuly 27, 2007.) 

I don’t normally monitor server logs, because I don’t have time.  Website advertising services encourage webmaster to know how to mine their logs (as well of Urchin) so I do think there can be future issues here. 

Another major provision closes a loophole that let third parties  (and kids’ apps) collect information.  Cecilia Kang explained, in a Washington Post article today (here), that a company like Facebook could not collect information (as with the "Like" button associated with Facebook handles on millions of sites) from websites that it knew collected information from children, but Facebook says it has no way to know that.  Google could have a similar problem with YouTube likes.  It is not apparent that the FTC has a "handle" (pun) on how this could be done. 

Natasha Singer, in a similar story in the New York Times on Wednesday, noted that advertising schemes that use cookies could run into trouble, because they would have no way of knowing when children access them (a conceptual problem we have already seen with COPA - as distinct from COPPA). This could hook up with "do not track" issues and provide an existential problem for the web environment we know today, with user-generated content supported by automated advertising. 

The FTC rule also mentions a “safe harbor” rule.  I don’t know if this has to do with potential third party liability (and possibly with the cookie issue, or the third-party implantation problem).  I’ll have to follow up on this concept with Electronic Frontier Foundation.  I’ll report again on it.  This could become very important, on the level of SOPA. 

Tuesday, December 11, 2012

FTC ups ante on kids' ,mobile app privacy with new report: treat geolocation as personal information!

The FTC continues to scrutinize mobile apps that kids can use, and wants to promulgate a rule that regards geolocation as personal information, that can be collected from minors only with parental consent, according to a new detailed front page story by Cecilia Kang in the Washington Post on Tuesday, December 11, 2012, link here

The FTC recently tested over 400 apps for ultimate compliance with COPPA.

The Federal Trade Commission home page this morning banners us with “Mobile Apps for Kids: Disclosures still not making the grade”, and has a detailed staff report , here

The requirements would effectively make it much easier for adults to privatize their whereabouts, too, since mobile technology would have to become much more forthright in how to hide many aspects of personal use. 

I don’t normally share prospectively my own plans on Facebook (such as concert or play tickets, or especially travel), because there have been cases where people have trolled Facebook and other social media just for those purposes.  Yet I’m always prompted at purchase to let them post on Facebook.  

Friday, December 07, 2012

US pushes new Child Protection Act, uncertain if it could expose people to hackers, viruses

Media are reporting that Senator Jon Coryn (R-TX) is urging passage of a new “Child Protection Act” to protect child witnesses and give US Marshalls and police more leeway in getting “time sensitive documents”, with KSAT story here

 The law would also increase penalties for child pornography. It’s not clear if there would be more exposure to accidental arrest and prosecution after hacking or virus infections, or a stronger idea of "absolute liability offenses".  

The White House is reported to support the bill.