When Congress passed the Children's Online Privacy Protection Act (COPPA) in 1998, their goal was to empower parents and keep kids safe in the growing network of mysterious cybertubes known as the Internet. Instead, it's encouraged kids to lie, often with the help of parents, and made it more difficult for parents to help guide their children through web, according to a new study by researchers at Harvard, U.C. Berkely, New York University, and Northwestern.
The law, which instituted a complex age-verification regulatory regime for online activity, required website operators to get parental consent if their website collected personal information from children under 13 or if they had "actual knowledge" of children under age 13. The stated reason for the requirement? Drawing on reports from the time of the bill's passage, the authors says that legislators "intended that, by requiring companies to inform parents of their data–collection practices and obtain permission for uses of their children's data, COPPA would provide parents with better tools to protect their children in an online era."
How would online age verification be accomplished for kids who don't even have drivers licenses? Members of Congress didn't know, but didn't worry too much about the niggling technical details either. That would be left up to the website operators.
But online administrators didn't have any idea how to do it easily an reliably either. This is not terribly surprising; as the authors note, accurate and reliable age verification is "not technically easy nor is it without serious legal, economic, and social concerns." So what most affected website operators, including popular social networking sites like Facebook, ended up doing was prohibiting membership or use by children under age 13 entirely through their Terms of Service agreements.
This keeps the folks in charge of websites in technical compliance with COPPA's rules. But it hasn't kept younger children from joining Facebook or similar social networking sites in what appear to be large numbers. The report cites a 2011 Pew study noting that 45 percent of 12–year–olds who have online access say they've used social networking sites. Overall, they write, survey data indicates that "violating age restrictions is common" and that while precise measurements are difficult, "youth under 13 appear to be on Facebook in large numbers."
How are these kids able to create accounts if the site prohibits users under 13? It's simple enough: They lie about their ages. Facebook asks users how old they are, and blocks them if they report an age younger than 13. But younger children often just say they're older.
Indeed, according to the study, they often do it with the knowledge and even the help of their parents.
Although many sites restrict access to children, our data show that many parents knowingly allow their children to lie about their age — in fact, often help them to do so — in order to gain access to age–restricted sites in violation of those sites' ToS.
The result? These companies continue to collect potentially sensitive data about children under 13, but now do so under the mistaken impression that the kids are older than they are. Parents aren't getting more data and choices about their kids' online experiences as promised; instead, they're faced with the awkward choice to either allow their kid to lie or accept that much website access is off limits until age 13, whether or not the parent thinks his or her child is ready. As the report's authors write, "by creating a context in which companies choose to restrict access to children, COPPA inadvertently undermines parents' ability to make choices and protect their children's data." What about children? Well, I guess it teaches them an early lesson in exploiting loopholes both technical and regulatory.