In a big post two months ago entitled "Age Verification Debate Continues; Schools Now at Center of Discussion," I noted that there has been an important shift in the age verification debate: Schools and school records are increasingly being viewed as the primary mechanism to facilitate online identity authentication transactions. I pointed out that this raises two very serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
Brad Stone of the New York Times has just posted an important article with relevance to this debate. In it, he points out that:
performing so-called age verification for children is fraught with challenges. The kinds of publicly available data that Web companies use to confirm the identities of adults, like their credit card or Social Security numbers, are either not available for minors or are restricted by federal privacy laws. Nevertheless, over the last year, at least two dozen companies have sprung up with systems they claim will solve the problem. Surprisingly, their work is proving controversial and even downright unpopular among the very people who spend their days worrying about the well-being of children on the Web.
Child-safety activists charge that some of the age-verification firms want to help Internet companies tailor ads for children. They say these firms are substituting one exaggerated threat -- the menace of online sex predators -- with a far more pervasive danger from online marketers like junk food and toy companies that will rush to advertise to children if they are told revealing details about the users.
Stone highlights the efforts of eGuardian, a California company that, "asks a parent to submit the birth date, address, school and gender of a child, then it asks schools to confirm the information."
Over the last year, eGuardian has been approaching schools, primarily in California, and offering them the entire $29 sign-up fee when they persuade parents to sign up their children. EGuardian's real money-making hope -- and this is what makes [Nancy] Willard nervous -- is to have Web sites pay a commission for each eGuardian member. The Web site can then use the data on each child to tailor its advertising.
, one of America's leading online child safety experts, is the executive director of the Center for Safe and Responsible Internet Use
, and the author of the outstanding book, Cyber-Safe Kids, Cyber-Savvy Teens
. The concern she raised with Brad Stone is that "Age verification companies are selling parents on the premise that they can protect the safety of children online, and then they are using this information for market profiling and targeted advertising." Basically, companies like eGuardian give the software to schools or parents and then hope to make it back through targeted advertising. According to Stone's article, "EGuardian's real money-making hope -- and this is what makes Ms. Willard nervous -- is to have Web sites pay a commission for each eGuardian member. The Web site can then use the data on each child to tailor its advertising."
I'm not quite as concerned about the advertising / marketing issue as Nancy Willard, but I am equally disturbed about the prospect of using schools as online age verification agents-- or partnering with others to make that happen. I apologize for quoting myself at length on this point, but here's how I stated my concerns before:
[I]nvolving schools in any age verification scheme would raise serious privacy concerns and administrative problems. Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school's administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated?
Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously.
Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn't like the sound of additional mandates of this variety. But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That's probably where we are heading. Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here. Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents.
But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS? Perhaps at the beginning of each school year when a minor is registering they could be given a "secure" digital token or ID number that only associated a grade year (i.e., "sophomore") with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations. Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves).
Regardless, whether we like it or not -- and I do not like it one bit -- schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward. [...] Something tells me that school administrators and educational officials aren't going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.
Interestingly, Richard Blumenthal, the attorney general of Connecticut, who has been one of the leading proponents of age verification, told Brad Stone that the privacy issues raised by Willard and others are now on his radar screen:
"The attorneys general would be very concerned about using age verification to promote marketing or any other kinds of promotional pitches or gimmicks aimed at specific age groups," he said. "Targeted marketing may have its place, but it should not be coupled with the issue of childhood safety."
That's good to hear. But I hope Mr. Blumenthal and the other AGs realize that that is just one of many reasons to be concerned about mandatory online age verification
, especially if it involved schools as age verification agents. It has troubling implications for schools, kids, parents, free speech, online anonymity, privacy rights, and much more. Most importantly, as I made clear here
, it remains highly unlikely that online age verification would actually do anything to really keep kids safer online. In sum, the costs far
outweight the benefits when it comes to mandatory age verification.