Cyberspace, Washington, and Anytown, USA - September 1998

Here's our lineup for this month:

• Taking stock of cybersafety - interviews with the people making it happen
• What we've learned
• Safety/privacy links

You heard it here: Kids' online safety and privacy is hot - and it's been sizzling all summer long. There's been constant news in the past three months of studies done, reports made to Congress, think tanks' analyses written, conferences held, industry alliances forged, legislation enacted, and the first FTC kids' privacy case settled.

Amid all this, the burning question in our minds is: But are our children safer? Too early to tell, but we seem to be getting there. Has any practical action been taken? Yes.

The settlement last month of the Federal Trade Commission's case against GeoCities and its gathering of children's personal information is solid precedent. And earlier this year, the National Center for Missing and Exploited Children established its CyberTipline for anyone to report instances of children's online exploitation, so that agencies like the FBI can arrest online criminals. But even more immediate help from a child's perspective is right now being put in place by CyberAngels (CA), a 3.5-year-old subset of the Guardian Angels:

• CyberAngels 911
• "Don't Be a Bird Brain"

And there's certainly more to be done, as this month's interviews all indicate. One of the most important elements is general public education, not only about online safety issues, but also about what the Internet is, how to use it, and what it can do for children. One program doing this is America Links Up, a national public awareness and education campaign being launched week of September 14 (National Kids Online Week). We're proud to be one of the sponsors, if you'll allow this brief commercial break. We'll be keeping subscribers up on all ALU activities in forthcoming Sage Extra!s. Meanwhile, for background and the specifics on all the above, see this issue's "meaty links" below and the interviews that follow.

* * * *

Views that Count
We have some heavyweights for you this month - people representing the FTC, the Center for Democracy and Technology (CDT), CyberAngels, and America Online. They're among those who are actually helping to shape our children's online environment. We've learned a lot from talking to them, and we'll share our thoughts after you've heard from them yourselves and drawn your own conclusions. Here are the highlights of our in-depth conversations:

Parry Aftab, Esq., cyberspace lawyer, author of "A Parents' Guide to the Internet" , and executive director of CyberAngels,
With Parry now leading CA, a division of Guardian Angels, it seems that the organization is going in many new directions, from CyberMoms (as grassroots, volunteer watchdog subset of CA) to Our Little Angels and Teen Angels. But the multitasking doesn't seem to be diminishing the effectiveness of CA's cybersafety efforts. We mentioned the two most current and significant ones in our introduction above. Here's a little more detail:

"Don't Be a Bird Brain" is an online quiz that teaches children about privacy and online safety issues. And it's more than that. When they've completed it, the children get a "learning permit." With that, a written (on paper!) parent's permission slip and a letter of good standing from their school (note the inclusion of schools in the mix), they become Little Angels (ages 7 to 12). That means they can interview celebrities and grownups in various fields, write for the Our Little Angels section of the site (there's a section for special-needs kids), set up online penpal relationships, and engage in CyberAngels' safe chats. To gain such privileges, Parry says, "they have to promise to train their parents on certain basics on the Internet." The teen version includes a "Giving Back Journal" chronicling participants' public-service work and a mentoring section called "Mountain Movers" - adults who can server as mentors and help teens prepare for their careers of choice.

When we asked Parry how she'd characterize the current state of kids' online safety, she surprised us: "Kids know an awful lot more about online safety than any of us give them credit for. I speak to kids in school every week, and they really understand online risks: the fifth-to-eighth-graders I've met could've written my book. They know when they're breaking the safety rules, when not to give out personal information, when people are lurking online to hurt them, and when not to put information in online profiles." What we're hearing is, parents need more education than children - but we all knew that!

"The real issue now isn't so much the basic safety rules," Parry continues. "We all have our lists of tips, and they're all the same. The real issue now is teaching kids how to deal with a critical situation - for example, when a predator's actually stalking them, when someone's sending them kiddie porn, when they fear somebody online has found them offline, or when any of this is happening to one of their friends. I want them to know what the 911 is in cyberspace." So CA's creating CyberAngels 911, the program we mentioned above: a 24-hour e-mail hotline (currently under construction, scheduled to debut next month). Parry calls it their "what should you do if" program. It's not just for reporting abuses; it's for children (and adults) to get immediate answers on what to do right when something is happening online (a sexual predator in chat, a porn solicitation, etc.), or even when they wonder or fear that it is.

Regina Joseph, online consultant and specialist on "digital kids"
Regina kicked off last June's Digital Kids conference (held in San Francisco by Jupiter Communications - see our July/August issue) with a study she'd done on their online habits and their parents' concerns. One thing she found is that 68.8% of parents of kids under 13 are concerned about the impact of chat and e-mail on their children. And that concern only climbs - to 75.5% - for parents of teens. As for Web sites, she closed her remarks saying to marketers that they need to make privacy "Issue No. 1." She expanded on that in an interview with us:

"The current state of children's online privacy and safety is, unfortunately, one of earnestness in theory, but incompletion in practice," Regina said. "Too many cases affirm what parents have overwhelmingly suspected, that online companies have either been unwittingly negligent or knowingly deliberate in providing environments that compromise the safety and privacy of children.

"The settlement between the FTC and GeoCities that arose just last [month] from the online company's admission of providing private information about its users to third parties, should be enough to cause people to conclude that privacy and safety online is an issue riven by underreaching entities."

She pointed out the relationship between corporate online practices and corporate financial risks in the Internet industry: "...with the increasingly high stakes needs of online companies who are going or have gone public, coupled with their attendant need to bring in more and more advertising revenue, and thus more and more eyeballs, consumers are by default at the mercy of these online organizations who must meet their shareholders' expectations. As a result, the needs of consumers to maintain their privacy might take a backseat."

And, interestingly, she says there's an age factor in the industry: A lot of the executives of these companies are young. "Many online companies are not even aware of how they compromise the privacy or safety of their consumers/readers. It is a lack of understanding that is common to young, eager online entrepreneurs, who are blinkered by their need to go public or make a return on investment. Privacy and safety usually are not the first considerations when pursuing such businesses."

And, as most experts point out, much of the onus, Regina says, is on us - we're marketers' gateway to our children. "Unfortunately, the requirement for consumer safety and privacy will only be as good as the awareness of parents and children who participate on the Web. Web users are ultimately in control of which Web sites succeed or fail, since they are dependent on numbers of pageviews. Readers should demand verification of privacy and safety measures up front; if a site fails to provide adequate protection, users should not return, and they should communicate their experiences to other parents and children. Regulation by consumers is the only hope for ensuring a Web environment that informs as well as protects."

Deirdre Mulligan, staff counsel, the Center for Democracy and Technology in Washington
Deirdre alerted us to the intersection between online privacy and safety: "Unlike with TV," she said, "when kids go online, they have an unmediated interactive experience with a commercial entity that can ask things about them and their families. Some questions are fairly mundane: what color they like, their favorite food. But some of it's been very invasive - about family income or getting their name, age, and school. Those privacy issues can lead to safety issues in that, if children became inured to those questions and it became a behavior for them to freely give out information about themselves, that could put them under serious risk. Part of the job we all face is creating behaviors that take away that risk."

Deirdre said that a child giving information to a commercial entity, rather than to someone handing out candy on a street, may seem less risky, but it could be more so for two reasons: 1) children "don't always assess risk very well," and 2) "online, it's sometimes easier for a child to have an unmediated experience with a stranger that parents might not know about."

She also pointed out how this medium complicates all this - how we all have to carefully "calibrate" our response to the opportunities and risks it presents: "You want to ensure that kids can have a voice. Though sometimes having a voice might enable them to engage in activities that might be troublesome from a safety standpoint, we don't want to just cut off their activity.... There's a need to make sure that the rules that get crafted to protect kids don't unintentionally hinder their ability to participate and to speak.... I think it's going to take a while and it's going to inspire a lot of discussion to make sure things get calibrated in the right ways. No medium has ever raised the same level of complexity."

And she talked about parents' role in all this: "Part of it is learning how to parent in this environment. I'm not at all suggesting that businesses shouldn't help protect children, but I think it's naive to think that kids aren't going to be kids. Legislation can't stop kids from being kids, and it can't mandate good parent-child relationships. I think there are things we can look to [industry] self-regulation and to legislation for, but we also need to make sure our kids are well-armed."

Deirdre's analysis of the FTC's latest policies on Web sites gathering children's personal data can be found at the CDT site .

Toby Milgrom Levin, Attorney, Division of Advertising Practices, Federal Trade Commission
Toby was directly involved in an FTC study of children's Web sites and their data-collecting practices. Here's what she told us about the agency's conclusions from the experience: "The Commission continues to support self-regulatory efforts to address online privacy for children," Toby said, "but as our June report to Congress showed, there are many children's sites that collect personal identifying from children without parental involvement. We found that 89% of children's sites sampled collect such information from children; only 54% provide any type of disclosure about their practices; only 7% say they notify parents of their information practices; less than 10% provide for parental control; and only 1% provide for parental consent before the collection of information. The Commission has recommended that Congress enact legislation to protect children's online privacy. In the meantime, we are continuing to monitor sites for their privacy practices and recently settled our first privacy case with a leading Web site, GeoCities [of Santa Monica, CA, host to more than 2 million personal home pages], addressing their deceptive information practices, including deceptively collecting information from children. We think that this issue is a very important one for the new online marketplace and hope that Web sites will adopt strong privacy protections for children as well as consumers generally."

Ginny Wydler, director of Kids Advocacy and Community at America Online
We asked Ginny why safety has become such a hot topic - not only for parents and policymakers, but for Web publishers and online services as well. First she pointed out how significant the online kids market is becoming, then she helped us understand what the industry stands to lose if it doesn't figure out the right business practices. "As the online medium is becoming part of everybody's everyday life, particularly for kids, and as more and more people realize it's here to stay,... the industry is recognizing that, to ensure that consumers have good experiences with their products in this medium, it needs to focus on establishing basic ground rules and putting appropriate safeguards in place. The industry is aware the government is watching over its shoulder, and it's been working on it for quite a while."

Ginny told us how the Internet is bringing kids to categories of marketers that have never specifically targeted kids before – for example, the sports and music categories. All of a sudden, they're having to figure out how to address children. "The medium creates an opportunity to talk to multiple audiences. There are a lot of sites now popular with kids that weren't initially targeting kids. Just because these [sites' publishers] weren't entrenched in kids' programming before they went on the Web, they have become more aware of the issues. They have the challenge of making sure kids are appropriately addressed and have an enriching experience. Everyone is focused on providing consumers with material that's not only engaging but also age-appropriate."

* * * *

What we've learned
In addition to all the other measures - industry self-regulation, law enforcement, safety tips, etc. - education, of parents and all adult mentors of online kids, is essential to making the Internet a safer place for children. It will help us to help them stay alert and establish online habits and behaviors that keep them safe. As Larry Magid, editor-in-chief of SafeKids.Com, points out: Online safety rules are like the safety regs that flight attendants spell out at the beginning of airline flights. They're necessary, and after a while you don't even hear them, but that's because they're engraved on your brain!

A lot of Internet education opportunities are happening - from nationwide programs developing at the urging of America Links Up to PTA talks to the major-market seminars being conducted by AOL and MCI. CyberAngels, in conjunction with the Baltimore County public library system has even developed a basic-Internet-training curriculum free for the downloading. Baltimore County's system, which has the largest parents 'Net ed program in the country (says CyberAngels' Parry Aftab), will also soon be offering a CD-ROM called "PIE to Go" (PIE for "Parent Internet Education"). Keep an eye on the BCPLonline site if you're interested.

What we found most encouraging is the concrete step that builds on Web-wide safety tips and the National Center for Missing and Exploited Children's CyberTipline: an on-the-spot e-mail hotline for kids and adults - help when we need it. During this time of flux and change, we feel a lot of bases can now be covered: parents' and grandparents' own good parenting, knowledgeable teachers, consumer awareness, tip-offs for law enforcement, good policy development, and on-demand help for kids.

An odd mix of both patience and urgency are needed – patience in that if we legislate or regulate too quickly we'll be doing so before we understand the opportunities for children that might be crushed; and urgency in that children need to be protected. That said, all the activity and verbiage over the summer were good. Our children's online safety is a work very much in progress. Tell us if you agree. We always love to hear from you.

* * * *

Meaty Links

Safety/privacy resources
Children's Advertising Review Unit - part of the Better Business Bureau. In its "Reasonable Efforts Standards," CARU moves beyond television advertising to include Internet marketing to kids in its industry self-regulation position. And the organization supports the FTC's requirements of Web sites gathering personal information from children under 12.

CyberAngels - part of the famous Guardian Angels' grassroots approach to public safety. CyberAngels takes the same approach online, with lots of volunteers (many of them part of CyberMoms, a division of CyberAngels) monitoring discussion boards, chat groups, Web sites, newsgroups, etc.

For privacy junkies: Electronic Privacy Information Center, a useful service that puts the latest privacy news, a policy archive, and privacy-related resources and information in one place. EPIC - a project of the Fund for Constitutional Government and a partner of Privacy International, a human rights group in London - is a public interest research center in Washington, DC. Its Internet-related partners are the Global Internet Liberty Campaign, the Internet Free Expression Alliance, and the Internet Privacy Coalition.

FamilyPC's annual survey of us online families. This year's study, released this past July, includes interesting data on kids' online safety and privacy. At this URL you'll also find links to Parts 2-4 of their survey summaries. Here's a good place to find out what our peers are thinking and doing about privacy and safety. We especially noted: "The big news is that nearly half of the 1,300 testers who responded to the survey said they feel safer on the Internet then they did a year ago. Interestingly, two-thirds of them attributed this feeling to their increased knowledge about the Internet, not their use of blocking software, or to government or industry policies." Does that surprise you? We found it confirming of a long-held intuition.

FamilyPC editor-in-chief Robin Raskin's take on the FTC's study about privacy practices in children's Web sites. She had her 12-year-old son Reed conduct his own informal study. Her bottom line: "In my view, there's no better impetus for change than public shame, humiliation, and boycott." In other words, the FTC should actually name the sites that don't measure up - create a blacklist. Not a bad idea, but we think the industry needs a little more time to step up to the plate.

The FTC's June report to Congress on consumers' online safety - The report gives statistics it gathered from a study of Web sites for children, statistics like: "89% of the 212 children's sites surveyed collect personally identifiable information directly from children; only 54% of the children's sites disclose their information collection practices. Even more troubling is that fewer than 10% of the sites directed to children provide for some form of parental control over the collection of information from their kids."

National Center for Missing and Exploited Children - We've mentioned these guys before (in Sage Extra!, for Sage subscribers). They are working hard to support law enforcement agencies like the FBI, the US Customs Service, and the US Postal Inspection Service in their efforts to protect children online (not to mention offline!). We can all contribute by using the NCMEC's CyberTipline (via the Web or 1-800-THE-LOST) to report any instances of child exploitation on the 'Net that we become aware of. The Tipline page offers useful definitions of the various forms of exploitation and predation online.

Online Privacy Alliance - This is the online industry's effort to preempt government regulation, and it offers useful balance to this discourse. The OPA describes itself as "a diverse group of corporations and associations that have come together to introduce and promote business-wide actions that create an environment of trust and foster the protection of individuals' privacy online." What's interesting here, is that the alliance's spokesperson is former FTC commissioner Christine Varney, who chaired the Families Online Summit in Washington last December and who later came down hard on the industry, saying self-regulation wasn't working. Maybe that's the best kind of adviser the industry could have. Please see our interview with Christine last December for her own family's well-thought-through online safety rules. For perspective, here's a PC World story on the alliance.

SafeKids.Com and SafeTeens.Com - Self-explanatory sites on our topic of choice operated by Larry Magid, a syndicated columnist for the Los Angeles Times, who writes and speaks often about the issue - including on a panel MCI sent to half a dozen cities this year as part of an Internet seminar for parents.

ZDNet's Shareware Library - a nice service that pulls together filtering tools, parental controls, spam stoppers, homework helpers, family e-mail, and a browser designed for kids.

Site Seeing on the Internet" - a primer by the FTC to help consumers enjoy their Web travels, while avoiding "fraud and deception," as the FTC puts it, along the way. Very elementary, thus useful to many of us!

In the news
"Online Kiddie Porn Ring Smashed" - a piece in yesterday's (9/3) Wired News about police raids in 14 countries aimed at shutting down a US-based online child pornography club of some 200 members. Wired says the investigation began five months ago, when more than 100,000 pornographic images were discovered in a database.

"Internet Site Agrees to Settle FTC Charges of Deceptively Collecting Personal Information in Agency's First Internet Privacy Case" - an FTC press release about its case against Santa Monica, CA-based GeoCities (hosting service to 2 million free personal Web pages). The FTC said GeoCities "misled its customers, both children and adults, by not telling the truth about how it was using their personal information." Under the settlement, reached just last month, GeoCities has to "post on its site a clear and prominent privacy notice, telling consumers what information is being collected and for what purpose, to whom it will be disclosed, and how consumers can access and remove the information." GeoCities also has to get parental consent before collecting information from children 12 and under.

The FTC's July 21 press release about its report to the US Congress on online privacy. In it, Commission Chairman Robert Pitofsky basically said that online industry self-regulation is the preferred method of protecting consumers' online privacy - but not where children are concerned. On kids' behalf, the FTC is calling for Congress to enact some protective legislation. Here's what it wants: "The Commission's legislative recommendation on children would empower parents to make choices about when and how their children's information is collected and used on the Web." The legislation, Pitofsky said, should require Web sites that collect information from kids under 13 to provide actual notice to the parents and to obtain prior parental consent before collecting information."
The Center for Democracy and Technology's take on the Clinton administration's "Electronic Privacy Bill of Rights," announced by Vice President Gore this past July 31 (analysis by Deirdre Mulligan - see our interview above). CDT pronounced it a "rough draft of the first 3 or 4 articles of a Bill of Rights that needs to be considerably bolder and more comprehensive." As for government regulation, we were interested to see CDT making this statement: "CDT welcomes the move to protect children, but we believe that the FTC should be given the authority to establish and enforce baseline privacy standards for all Americans." We thought they'd side more with industry self-regulation.

"Sites Aimed at Children Collect More Than Just Hits" - a context-setting New York Times piece by Pamela Mendels on what sites do with information gathered from children - and pundits' views on the subject.

* * * *

Who do you feel determines our children's online safety? Do you feel Congress should legislate, the online industry should self-regulate, or that the power really lies in consumers' hands? We'd love to hear your comments. Please e-mail us at feedback@sageway.com.

Next month: Family connections – how extended families are using the Internet to search their roots, stay in touch, and keep up on all those important dates. We'd love to hear your stories Please e-mail us. And if there's a topic you'd like to see us cover, e-mail us about that too!