COPPA has likely increased minors’ risk: Study

If there were no Children’s Online Privacy Protection Act, teens would be safer in social media, a new study from researchers at New York University indicates (pdf). Without COPPA, children under 13 would have little to no reason to lie about their age to set up a Facebook account, for example (this would be true of any COPPA-compliant site U13s want to join). We all know that, right? We also know, thanks to Consumer Reports, that “at least 5.6 million children using Facebook were younger than age 13.”

So with COPPA in place, kids who lie about their age “not only increase the exposure for themselves but also for their non-lying friends,” the researchers write. “Our analysis strongly suggests there would be significantly less privacy leakage in a world without the COPPA law.”

In their report, the authors “show how an attacker, with modest [tech know-how] … can circumvent [social network sites’ safety] precautions [for minors] and create extensive profiles of tens of thousands of minors in a targeted geographical area.” They created an “attack” using Facebook and three actual high schools that found “most of the students in the school and, for each discovered student, inferred a profile that included significantly more information than is available in a registered minor’s public profile.”

How does all that data get exposed, specifically? Fast-forward five years from someone who’s 11 signing up as a 13-year-old. Now, assuming her profile doesn’t get reported and deleted, five years later she’s 16, but Facebook’s algorithms “believe” she’s 18. So she’s now an “adult” and FB’s special protections (or restrictions) for minors get lifted. So, for example, a stranger with bad intentions could see a list of her peers, including those who didn’t lie about their age when 11 and joined Facebook later. That’s a really basic version of what the researchers found.

“The researchers identified neither the schools [used in the study] nor any of the students,” the New York Times reports. “Their paper is awaiting publication.”

What COPPA didn’t – couldn’t – factor in at the time of its writing (because there was no research on this back then) – was teens’ own intelligence about privacy and safety. A study just released by the Family Online Safety Institute found that 80% of teens have “adjusted privacy settings on their social networking accounts, including Facebook, while two-thirds had placed restrictions on who could see which of their posts,” according to the New York Times. And a study released in 2008 by Dr. Larry Rosen at California State University found that 92% of teens surveyed responded appropriately to sexual solicitation and 90% to harassment, where “responded appropriately” was defined as “telling the person to stop, blocking the person from commenting on their profile, removing themselves from the situation by logging off, or reporting the incident to an adult or to the site.”

The timing of this study’s release is interesting in light of the Federal Trade Commission’s revisions to the COPPA rule which the Commission is expected to announce very soon.

Related links

• “Kids lying to Facebook, not their parents: Study”
• The Consumer Reports figure from last spring was down from 7.5 million the previous year (see this).
• “Today’s Net, kids & COPPA: Our comment to the FTC”
• “The ‘minimum age’ & other unintended consequences of COPPA”