Poly study shows Children’s Online Privacy Protection Act puts minors in more danger
December 11, 2012
Online social networking has become somewhat of a norm among teenagers. Instead of preaching stranger danger on the streets, parents worry about cyber bullies and online predators. Congress passed the Children’s Online Privacy Protection Act in 1998 to protect minors. The act requires commercial websites to obtain parental consent before children under 13 can create an account.
Online social networks take their own precautions to protect minors. Facebook, for example, does not allow children under 13 to create an account, does not list minors when searching for users by high school or city, and only displays minimal information on minors’ public profiles regardless of their privacy settings.
A recent study by Polytechnic Institute of NYU professor Keith Ross along with doctoral degree students Ratan Dey and Yuan Ding, however, demonstrated that COPPA and individual networks’ precautions may actually increase minors’ risk. According to the study, the law and minimum age requirements create an incentive for kids to lie about their age and therefore puts them in danger.
The study showed that with modest crawling and computational resources and employing simple data mining heuristics, a third party can easily obtain extensive profiles of minors.
To prove their point, Ross used Facebook to target three high schools. He was able to find most of the students in each school as well as their current high school, graduation year, inferred birth year and list of school friends. All of this information, not usually accessible on the profiles of minors, was collected passively. In other words, the experimenters did not need to establish any friend links with students.
CAS senior, Lindsay Parker agreed that it is too easy to access the profiles of minors.
“I doubt [minors] even think about protecting themselves, they just want a lot of friends,” Parker said.
According to the study, an attacker can use this information to harm minors virtually without them knowing or even sometimes physically.
“[Attackers can use the information] for many nefarious purposes, including selling the profiles to data brokers, large-scale automated spear-phishing attacks on minors, as well as physical safety attacks such as prospecting candidate children for stalking, kidnapping and arranging meetings for sexual abuse,” Ross said.
Ross would like to see the COPPA law repealed.
“It does more harm than good,” he said. “But we should also consider means that allow Facebook to authenticate users during registration.”
Caroline Kaplan, a sophomore in Tisch School of the Arts, agreed.
“I think that if there wasn’t a minimum age requirement, there would be no reason to lie about your age on Facebook,” Kaplan said. “Then Facebook would accurately identify who minors are and protect their information.”
A version of this article appeared in the Tuesday, Dec. 11 print edition. Lesley Greenberg is a staff writer. Email her at [email protected]