1444 EYE STREET, NW
SUITE 500
WASHINGTON, D.C. 20005202-289-8928
mail@pff.org
@ProgressFreedom
www.pff.org
Response to Questions from Sen. Mark Pryorby Berin SzokaSenior Fellow, The Progress & Freedom Foundation& Director of PFF
’s
Center for Internet Freedom
June 1, 2010Regarding Hearing on
“
An Examination of Children
’s
Privacy: New Technologies& the Children
’s
Online Privacy Protection Act
”
Before theSubcommittee on Consumer ProtectionCommittee on Commerce, Science & TransportationU.S. Senate, Held April 29, 2010 ______________________
Thank you, Chairman Pryor, for the opportunity to supplement my written testimony from thishearing by responding to your questions.
1
In my responses, I have incorporated some of thematerial found in the comprehensive survey of the perils of expanding COPPA
’s scope beyond
its original, limited purposes
(what we have called “COPPA 2.0”) that
my colleague AdamThierer and I published in May 2009:
COPPA 2.0: The New Battle over Privacy, Age Verification,Online Safety & Free Speech
.
2
Further detail on many of the points below can be found in thatpaper.
I.
A Reexamination of COPPA
It bears repeating at the outset that the
Federal Trade Commission’s (
FTC) current proceeding isnot examining the Children
’s
Online Privacy Protection Act (
“
COPPA
”) i
tself (the statute),
3
butrather the
“
COPPA Rule
”
(the regulations mandated by the agency pursuant to COPPA).
4
Theagency is well aware of this distinction
—
and, indeed, far more precise about it than probablyany interested party. For example, the agency
’s
recent inquiry is titled
“
Request for Public
1
Written Testimony of Berin Szoka, Hearing on “An Examination of Children’s Privacy: New Technologies & theChildren’s Online Privacy Protection Act” before the Subcommittee on Consumer Protection, Committee on
Commerce, Science & Transportation, U.S. Senate, April 29, 2010, www.pff.org/issues-pubs/testimony/2010/2010-04-29-Szoka_Written_COPPA_Testimony.pdf .
2
Berin Szoka & Adam Thierer,
COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & FreeSpeech
, Progress on Point 16.11, May 2009, http://pff.org/issues-pubs/pops/2009/pop16.11-COPPA-and-age-verification.pdf
(“
COPPA 2.0
”).
3
15 U.S.C. §§ 6501-6506.
4
16 C.F.R. Part 312.
Page 2 Szoka Responses to Questions for the Record
Comment on the Federal Trade Commission
’s
Implementation of the Children
’s
Online Privacy Protection Rule
.
”
5
But it is a distinction that is far too often lost on many advocates who arelobbying for change.Congress, of course, retains the authority to change the COPPA statue at any time, and it is wellwithin the jurisdiction of this committee to consider doing so. But in re-examining COPPA,lawmakers should tread carefully.
Any attempts to reopen COPPA to expand the statute beyond its original, limited purposes could raise serious constitutional questions about the First Amendment rights of adults as well as older teens and site and service operators, and also haveunintended consequences for the health of online content and services without necessarily significantly increasing the online privacy and safety of children.
A.
Do you think the age limit in COPPA is appropriate? And if so, why?
Yes, and understanding why is the key to understanding the delicate balance of COPPA ingeneral. The COPPA Rule
’
s requirements are
relatively
easy for site and service operators toimplement, and for the government to enforce, because they apply only to the collection of information about children under 13 by commercial operators (or the public sharing of information by children themselves) only when (i) the operator
’s
site or service is
“
directed tochildren
”
or (ii) the operator has actual knowledge that they are collecting personal informationfrom a child. But the key practical difficulty in implementing a COPPA 2.0 system foradolescents 13 and above is in the anonymity inherent in the technical architecture of theInternet. To quote a memorable cartoon from
The
New Yorker
:
“
On the Internet, nobody
knows you’re a dog.”
6
Because website operators generally do not know who is accessing theirsite, requiring any special treatment of minors is tantamount to requiring age-verification of
all
users.
7
Again, COPPA
’s
ingenious solution to this problem is that the law applies only to thelimited
“
Internet Jr.
”
of sites
“
directed at children,
” or in cases where an operator
has
“
actualknowledge
”
that it is dealing with a child.Because
“
child-oriented
”
websites are generally easy to define and are very rarely used byadults, COPPA
’s
age verification mandate has not significantly impacted the free speech rightsof adults because few adults other than parents ever want to use these sites, and parentsessentially are already age verifying themselves in the process of providing
“
verifiable trialconsent
”
for their children (those under 13). But it is
far
more difficult to define a class of
“
adolescent-oriented
”
websites (i.e.,
“directed at” kids age 13
-17, as proposed in New Jersey in2008
8
) that are not also used by significant numbers of adults. The practical result of suchCOPPA expansion efforts would be the same as simply specifying that a certain category of
5
Federal Trade Commission,
Children
’s
Online Privacy Protection Rule: Request For Public Comment on theFederal Trade Commission
’s
Implementation of the Rule
COPPA Implementation Review
).
6
Peter Steiner,
On the Internet, Nobody Knows You’re a Dog
, T
HE
N
EW
Y
ORKER
, July 5, 1993, at 61,
available at
www.unc.edu/depts/jomc/academics/dri/idog.html (cartoon of a dog, sitting at a computer terminal, talkingto another dog).
7
Of course, the COPPA’s second prong
of age-verification requirement applies only when the website operator
has “actual knowledge” that the user is a minor. 16 C.F.R. § 312.3.
8
A.B. 108, Gen. Assem., 213th Leg. Sess. (N.J. 2008), www.njleg.state.nj.us/2008/Bills/A0500/108_I1.HTM.
Page 3 Szoka Responses to Questions for the Record
websites (such as those with a public
“
wall,
”
as proposed in Illinois in 2008
9
) must age-verify of a large number of adults to distinguish adults (who do not require verifiable parental consent)from children (who do require verifiable parental consent). This raises profound FirstAmendment concerns
—
particularly about the right of Americans to speak and receiveinformation anonymously online.
10
It was at least in part in recognition of the difficult First Amendment questions discussed belowthat Congress removed the requirement in the initial legislative draft of COPPA that would have
required operators to “use reasonable efforts to provide the parents with notice a
nd anopportunity to prevent or curtail the collection or use of personal information collected from
children over the age of 12 and under the age of 17.”
11
These First Amendment concerns are not conjectural: The courts have already struck downprecisely this kind of broad age verification mandates
—
specifically, as found in the Children
’s
Online Protection Act (COPA),
12
another 1998 law sometimes confused with COPPA. Inessence, COPPA is focused on certain kinds of potentially harmful
contacts
while COPA isfocused on potentially harmful
content
.
13
COPA attempted to prevent children from accessing
material deemed “harmful to minors” by requiring all users attempting to access such content
to provide a credit card, on the theory that only adults have credit cards. But the courtsconcluded that,
“
payment cards cannot be used to verify age because minors under 17 haveaccess to credit cards, debit cards, and reloadable prepaid cards
”
and, although
“
payment cardissuers usually will not issue credit and debit cards directly to minors without their parent
’s
9
H.B. 1312, 96th Gen. Assem., Synopsis as Introduced (Il. 2007) [hereinafter
SNWARA
],
available at
www.ilga.gov/legislation/billstatus.asp?DocNum=1312&GAID=10&GA=96&DocTypeID=HB&LegID=43038&SessionID=76.
10
See infra
see
generally,
COPPA 2.0
,
supra
USA Today, Age Verification, and the Death of Online Anonymity
11
This requirement was contained in the original bill,
Children’s Online Privacy Protection Act,
S. 2326, 105
th
Cong. § 3(a)(2)(A)(iii), (1998), but was removed when that bill was reintroduced in its final form. In theinterim, Congress held a hearing at which testimony was offered by, among others, Deirdre Mulligan, onbehalf of the Center for Democracy and Technology, which generally supported COPPA but argued for the veryrevisions that were ultimately made. In particular, Mulligan argued that:under the bill each time a 15 year old signs-up to receive information through email his or herparent would be notified. For example if a 15 year old visits a site, whether a bookstore or a
women’s health clini
c where material is made available for sale and requests information aboutpurchasing a particular book or merely inquires about books on a particular subject (abuse,
religion) using their email address the teenager’s parent would be notified. This may chi
ll olderminors in pursuit of information.Testimony of Deirdre Mulligan, Staff Counsel, Center for Democracy and Technology, before the SenateCommittee on Commerce, Science and Transportation Subcommittee on Communications, Sept. 23, 1998,http://web.archive.org/web/20080327000913/http://www.cdt.org/testimony/980923mulligan.shtml.
12
47 U.S.C. § 231.
13
COPA makes it illegal to “knowingly … make*+
any communication for commercial purposes that is available to
any minor and that includes any material that is harmful to minors.” 47 U.S.C. 231.
Search History:
Result 00 of 00
00 results for result for
p.
Szoka Responses to COPPA Hearing Questions
Today, The Progress & Freedom Foundation's Berin Szoka added a series of responses to the Congressional Record to supplement his oral and written testimony before the Senate on the Children's Online Privacy Protection Act (COPPA) at…
(More)
518
Reads
1
Readcasts
47
Embed Views
More From This User
Notes
Load more
