Children's Privacy and Apps

As a follow-up to my last post:

The Federal Trade Commission has changed how it will implement the Children's Online Privacy Protection Act of 1998 (COPPA) to address children's increased use of apps on smart phones and other handheld devices. (COPPA is the legislation that sets the minimum age of 13 for participation in social networking sites like Facebook.) Kids' apps and websites will have to obtain parental permission before gathering information from children. This information includes photos, videos, geographic location, and online behavior. Many apps makers and websites sell this data to advertisers and marketers. The new rules will go into effect July 1, 2013.

There are a few caveats to the new rules:

• App stores like Apple and Google will not be held responsible for privacy violations by the makers of games and software sold in their stores.
• Software will have to meet child privacy rules only if the makers know that they are collecting information through apps or websites that specifically target children.

Aside from these enforcement issues, the rules do not make clear how apps makers will ascertain that they actually have parental consent. Kids, with and without their parents' support, often find ways around age limits and consent requirements. My soon-to-be 13 year old son, for instance, has obtained several online accounts with our consent and help by lying about his age. Although COPPA is intended to protect children and to empower parents, the law unintentionally limits legitimate access to online services. Determining when  a child is mature enough to use social networks and apps should be a parental, not a governmental, decision. Many online services, Web 2.0 tools, and apps have educational value and should be available to children. The problem is not the child's age or parental consent; the problem is the data being collected. Should software companies and apps makers even be allowed to collect information about our children? Should children be off limits to them? Why is 13 the magical age when it is suddenly okay for information to be collected without parental consent? After all, brain research has shown that teens are not very good at assessing risk.

Ultimately, parents are responsible for their children. It is our job to teach them about the nature of the Internet, online privacy, and the use of social networks and apps. Just as we teach them how to behave in public (don't point, don't talk to strangers, use your manners), we must teach them how to behave in a virtual world that is a very public place (don't chat with unknown persons, be respectful of others, don't share information you don't want everyone to know about). We must also teach them to think critically about issues like privacy and data collection, making it clear that we pay for free online services with our personal information. As our children enter adulthood, more and more of their lives will be conducted online and through digital media. Our goal should be to prepare them, not to set limits based on their age.

Nothing is Free on the Web

We just gave our 12 year old son an iPod for Hanukkah, along with a speech about how he is (and is not) to use his new mobile device to access the Internet, play games, keep in touch with friends, and download music, video, and games. Yesterday, he was proudly telling me about  free apps he had downloaded when I realized I had neglected to tell him that nothing is free on the Web. He is paying for those "free" apps with his personal information. We were driving in the car at the time, and coincidentally, a few moments later, NPR ran a story about the Federal Trade Commission's (FTC) newly released report that mobile apps makers are collecting large amounts of data about child users and sharing this information with advertisers without proper disclosure. Collected information can include device identifiers, telephone numbers, and location data. One game app which encourages children to conduct a scavenger hunt in their neighborhood using their hand-held devices even collects the child's home address! (Today's Wall Street Journal ran an article on this as well: "Firms Faulted on Kids' Apps", Tuesday, December 11, page B3).

My son and I listened closely to the story and then talked about what that meant for him.He didn't think the problem applied to him because none of the apps had asked him for personal information and none had anything to do with his location. I explained to him that the apps did not have to ask for the information, they just collected it whenever he used his iPod, and that if GPS is enabled, the app can collect information about his location without him even knowing it. He didn't think that was possible. So I explained how these functions can be written into the computer code for the app and into pages he views on the Internet. I pointed out that Facebook users don't even have to click on the "like" button on websites they visit. Facebook has code embedded in those pages that allows Facebook to collect information about them regardless of whether they click the "like" button.

According to a Wall Street Journal article published over the weekend, "one Web page can contain computer code from dozens of companies and tracking firms" (p. C2). Pages with "Like" or "Tweet" buttons can match individual's browsing behavior with their identities even if the buttons are not used. Furthermore, websites that request a login often share the user's real name, username, and email address with third parties. This information is used by advertisers to target specific people with ads and special offers. While some may appreciate this "service", there are few safeguards on how our personal information is used and/or distributed

What can be done about this? Well, honestly, not too much. We can disable GPS on our devices. We can set our browser settings for private browsing, and clear cookies after every Web search. But if we want to use particular apps or Web services like Pandora, Facebook, or YouTube, giving up our personal information is something we accept in exchange for the "free" service. We have to decide how comfortable we are with this. If we are not comfortable, we need to contact the FTC and write our representatives in Congress. But mostly, we need to be aware that nothing is free on the Web.

References:

• Kaste, Martin. (December 11, 2012). FTC: Apps For Children Raise Privacy Concerns. National Public Radio (NPR). Web. http://www.npr.org/2012/12/11/166935136/ftc-apps-for-children-raise-privacy-concerns
• Troianovski, Anton. (December 11, 2012). Firms Faulted On Kids' Apps. The Wall Street Journal. Print.
• Valention-DeVries, Jennifer, and Jeremy Singer-Vine. (December 8-9, 2012). They Know What You're Shopping For. The Wall Street Journal. Print and Web. http://online.wsj.com/article/SB10001424127887324784404578143144132736214.html

Geotagging in Photo Apps

This week, John McAfee, founder of McAfee Security, made headlines when he was arrested in Guatemala where he was hiding from authorities. Ironically, the computer security specialist was located when a photo with his image was posted to the Internet. How did authorities find him? The photo was tagged with the GPS location for where it was taken.

Yet another reminder that we need to be careful about what we publish or post online. When you use your phone to take a picture and then post your photo online, the photo may be tagged with GPS information (longitude and latitude)for where the photo was taken. Geotagging can be useful. For instance, it enables online searches for images or media based on their location, and it can be used by law enforcement to locate missing persons. As with almost everything on the Internet, however, it does have a down side. Many people are unaware that pictures taken with their smart phones or other mobile devices (iPads, tablets) are automatically tagged, revealing the location where the picture was taken. This information is encoded in the photo's metadata, and anyone cannot pinpoint the location by simply downloading a program like Exif Viewer for Firefox, Exif Viewer for Google Chrome, or Opanda IExif for Internet Explorer.

 To protect your privacy, just change the settings on your phone. On my Android phone, I simply pull-up the settings for the camera. One of the headings in the scroll down menu is geo-tag photos. I just turn it off. Alternatively, I could turn the GPS off by going to settings, tapping location, and turning off Use GPS Satellites, but then I would not be able to use Maps or Navigation. On the iPhone or iPad, go to Location Services in Settings. You will see a list of apps that use GPS, including photos,compass, foursquare, and maps. You can choose which ones to leave on and which to turn off.