TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

BUSINESS
Playing for Iraq's jackpot

Coke & smoke bite Dow

Sun Microsystems posts tiny profit

(MORE)

MARKETS	4:30pm ET, 4/16
DJIA	144.70	8257.60
NAS	3.71	1394.72
S&P	10.90	879.91

SPORTS
Jordan says farewell for the third time

Shaq could miss playoff game for child's birth

Ex-USOC official says athletes bent drug rules

(MORE)

All Scoreboards

WORLD

Quake help not fast enough, says Indian PM

U.S.

Bush: No help from Washington for California power crunch

POLITICS

Bush signs order opening 'faith-based' charity office for business

LAW

Prosecutor says witnesses saw rap star shoot gun in club

ENTERTAINMENT

Can the second 'Survivor' live up to the first?

HEALTH

Heart doctors debate ethics of testing super-aspirin

TRAVEL

Nurses to aid ailing airline passengers

FOOD

Texas cattle quarantined after violation of mad-cow feed ban

ARTS & STYLE

Ceramist Adler adds furniture to his creations

(MORE HEADLINES)

MAINPAGE WORLD U.S. WEATHER BUSINESS SPORTS

TECHNOLOGY

computing personal technology

SPACE HEALTH ENTERTAINMENT POLITICS LAW CAREER TRAVEL FOOD ARTS & STYLE BOOKS NATURE IN-DEPTH ANALYSIS LOCAL
EDITIONS:
CNN.com Europe change default edition
MULTIMEDIA:
video video archive audio multimedia showcase more services

E-MAIL:

Subscribe to one of our news e-mail lists.
Enter your address:

DISCUSSION:

chat
feedback

CNN WEB SITES:

CNNfyi.com
CNN.com Europe
AsiaNow
Spanish
Portuguese
German
Italian
Danish
Japanese
Chinese Headlines
Korean Headlines

TIME INC. SITES:

CNN NETWORKS:

CNN anchors
transcripts
Turner distribution

SITE INFO:

help
contents
search
ad info
jobs

WEB SERVICES:

Online child privacy act proves problematic for sites

From...

April 25, 2000
Web posted at: 10:32 a.m. EDT (1432 GMT)

by James Niccolai

(IDG) -- New legislation that went into effect in the U.S. on Friday to protect children's privacy on the Web is already running into difficulties.

A plan by The Walt Disney Co. to use parents' credit card numbers to verify that their children can use services on Disney's network of Web sites was criticized by one major credit card company. Meanwhile, an online advocacy group said the scheme is too costly for Web sites and only encourages children to lie about their ages.

Called the Children's Online Privacy Protection Act (COPPA), the new legislation aims to prevent personal information from being collected online from children younger than 13 years old without their parents' consent. COPPA requires Web sites aimed at child visitors to post a privacy policy spelling out what information they will collect from children. The act also requires the sites to get "verifiable parental consent" before children can use online chat rooms or submit other information about themselves on Web sites.

MESSAGE BOARD

Managing the net

Go.com, Disney's Internet unit, said it will require parents to submit their credit card numbers as a way of authorizing their children to use services on the entertainment giant's Web sites. The company has used an e-mail verification system since early last year, but credit card numbers provide the most certain means of identification, said Michelle Bergman, a spokeswoman for Go.Com, in a phone interview Friday.

The credit card system will be used on all Disney's online sites, including Go.com, Disney.com, ESPN.com, ABCNEWS.com and ABC.com. Disney said it won't put a charge on credit cards, only validate them to ensure that the card number is genuine.

But therein lies a problem. When COPPA was being drawn up, credit card companies made it clear that they don't want their cards used for identification purposes unless a monetary transaction is made, said Loren Thompson, an attorney with the U.S. Federal Trade Commission (FTC), which is overseeing COPPA's implementation.

"They thought it could compromise their security and lead to more credit card fraud," Thompson said.

MORE COMPUTING INTELLIGENCE

IDG.net home page

Make your PC work harder with these tips

Download free PC software fast

TechInformer: The Thinking Internaut's Guide to the Tech Industry

IDG.net's products pages

Reviews & in-depth info at IDG.net

E-BusinessWorld

IDG.net's Windows software page

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletters

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

William Binzel, a spokesman for credit card company MasterCard International, declined to comment on how such fraud could be carried out, but he insisted that credit cards can't be "validated" as Disney suggested in cases of tiny or nonexistent sums.

"Credit cards were never intended to be used as an age verification mechanism and are ill-suited for that purpose," Binzel said in a phone interview Friday. "You can't process a transaction at a zero-dollar value, the transaction will be rejected."

Disney is "aware of the credit card companies' concerns" but maintains that its system will work, Bergman said. She declined to comment further.

The FTC suggested using credit cards as one way to obtain parental permission for a child to use services on a Web site -- but only in cases where a transaction is being made, Thompson said. The FTC also suggested setting up toll-free numbers that parents can call, and conducting a fairly lengthy e-mail exchange in which a Web site operator can establish if they are communicating with an adult.

Neither of those mechanisms are perfect, Thompson admitted, and the U.S. government is exploring other technologies including digital signatures in search of a more reliable system.

Meanwhile, one advocacy group was highly critical of COPPA.

"This legislation is a logistical nightmare," Jennifer Widstrom, director of EmailAbuse.org, a nonprofit group that fights spam, said in a statement issued Friday. "Companies will have to devote excessive, costly resources to comply with this legislation, while indirectly encouraging children to lie about their age. Many children are going to magically have their thirteenth birthdays today."

Conforming with COPPA will cost Web site operators between $60,000 and $100,000 per year, primarily in paying additional staff to handle registration systems, estimated Parry Aftab, a children's Internet lawyer and author of "The Parents Guide to Protecting Your Children in Cyberspace."

Aftab described COPPA as "great legislation" and said it will go a long way towards protecting the privacy rights of children online. Many sites are going above and beyond the requirements in COPPA because it makes their sites more attractive to parents, and therefore to advertisers, she said.

"The real (advantage) is having sites inform parents what they're doing with information they're collecting, and getting parents involved whenever children are doing high-risk activities on the Internet," Aftab said.

However, the legislation also highlights the difficulties of building any system that requires people to be positively identified over the Internet. Like the FTC, Aftab said the system will work more effectively when digital signature usage becomes widespread.

She also believes that parts of the COPPA legislation are highly ambiguous, and said some Web sites have found it very confusing.

"A lot of people think the law applies to children's sites only, but it doesn't," she said.

COPPA applies to all commercial Web sites and online services directed at children under 13, as well as general audience sites which know they are collecting personal information from a child.