So, the latest thing is age-verification for minors, where sites like MySpace and Facebook confirm the identities of members under 18 and restrict access only to other children or parent-approved adults. Sounds good and solves a basic online security problem, and a big one at that, right?
Well, yes and no. As the New York Times reported last week, “Online Age Verification for Children Brings Privacy Worries” since the cost of doing this kind of business can be kind of steep – at least under current proposals. The Times discussed one company in particular, eGuardian of Ontario, CA, which “asks a parent to submit the birth date, address, school and gender of a child, then it asks schools to confirm the information.”
All very well intentioned and quite realistically achieving the basic purpose of confirming identities among a user group that doesn’t necessarily have – or is restricted from disclosing – social security and credit card numbers.
The security of data repositories is no doubt improving by leaps and bounds (I really have no idea, but I would certainly hope so), and the idea that the collected profiles on 750,000 eGuardian members are vulnerable to hacking or, worse, the vicissitudes of rogue employees is presumably a diminishing concern. Nonetheless, part 1 of the privacy problem always seems to come down to the control of information, much more so than its ultimate use or misuse. Privacy is a burgeoning area of the law – and for that matter, of life in the social media universe – precisely because of this problem of having to give up in order to get.
Except that vulnerability in a public space has never been something that’s REALLY new. I don’t really like the “quiet car” in the Amtrak train or the “family section” at Yankee Stadium, mostly because I sort of miss the point of going to the game in the first place if you can’t always be at risk of getting beer thrown on you. But that’s me.
But it’s also true that the offline marketplace has adapted in those and other ways to stated and unstated consumer concerns about safety and security, and privacy. The Washington, DC Metro in has been mildly – but only mildly – pilloried for its newly announced policy of random bag-checking on metro cars and buses. (“If James Madison was waiting for an Orange Line train from Vienna, he might boil [the 4th Amendment] down to: The government better have a pretty good reason for wanting to know what’s in my knapsack, because otherwise, it’s none of their business. (Maybe first he’d ask why the escalator didn’t work.)”) Why so mild a public outcry? I’m not sure it’s apathy, more than adaptation, but also the sense that PUBLIC travel in transportation can and should be better secured.
Online social media – a non-governmental organization, of course – seems a medium uniquely market-driven to make these things work. Based on anecdotal experience of breaches of public and private databases, I’d honestly be concerned about giving some random startup access to my child’s most important information. But I’d also be hopeful that the solid experience of secure transactional services like PayPal would bode well for the development of an effective and safe online privacy mechanism for social media age-verification.
Actually, the immediate hackles with companies like eGuardian apparently came from their unabashed intent to sell their collected user data to marketing firms for use in targeted online advertising. The usual qualifiers are rolled out about providing “no specific information about users” and opt-outs, and other arguments are touted like this one from Ron Zayas of eGuardian, quoted in the NY Times story: “When children go to Web sites today, they are already exposed to ads. We make sure the ads are appropriate for children. We do not increase the volume of ads shown, nor do we ‘sell them out’ in any way to advertisers.”
Not ridiculous points, true, and one might have sympathy for a company trying to build a technology with an actually viable business model. So who can say whether the “Good Housekeeping” or “etrust” seals of approval approach – the (theoretically) independent credentialing authority approach – are necessarily better ways to go, but they do seem to better stave off the expected privacy attacks like those discussed by the Times.
Andrew Mirsky is principal of Mirsky and Company, a new media and technology law firm based in Washington, DC with an office in New York City. Andrew advises media and technology clients on all legal aspects of business operations, including corporate and finance, intellectual property, contracts, and human resources. Andrew is also founder of Media Future Now, a (roughly) monthly gathering of DC professionals, focused on finding ways to keep media-centric businesses agile, innovative and future-focused.