|
| |
From
the Mouths of Babes,
By Parry Aftab, Esq.
More than 70 million
Internet users in the United States are under the age of 18. They each spend
more time online than most adults do (aside from work). They shop, make buying
decisions, communicate, play games and search. They do their homework,
collaborations and hold meetings online. They participate in surveys, fill out
forms and register for online sites and services. They are the future of the
Internet and e-communities and e-commerce. And, for smart e-businesses, the
future is now!
In preparation for the
IAPP and TRUSTe West Coast conference on privacy where we were running a plenary
panel on kids, teens and privacy, I polled thirty preteens and teens who work
with TeenAngels.org (our WiredKids.org’s preteen and teen online safety program)
about privacy. Their sophistication surprised me and I expect will surprise
others too.
The kids identified five
areas of privacy that concerned them:
- The collection and
use of personally identifiable information;
- Surveillance;
- Intrusion on
Seclusion;
- Private facts made
public; and
- False light
These are very
sophisticated concepts of privacy. The kids used different descriptions than
these. But I have used the privacy law terms usually used to identify these
issues. (Most are codified under state common law in the United States and may
give rise to a legal right of action.) The kids defined the terms themselves,
based on how they saw them.
According to the kids:
- “Personally
identifiable information” means any information that can be used to find you
in real life. It includes full names, snail mail addresses, telephone
numbers, schools they attend, the names of their sport teams, etc.
- “Surveillance”
included public surveillance, nanny cams, GPS tracking, monitoring software
and spyware. They were particularly concerned about adware and whether the
marketers knew who they were and could target them for pop-ups and SPAM.
- “Intrusion on
Seclusion” or as they called it “personal space” began as a concern over
their room, their diaries and their phone calls. It then expanded to include
intrusion by SPAMmers, pop-ups and anything else that gathers information
about them and what they do online.
- “Private facts made
public” includes personal facts about their family, themselves or their
close friends that are shared with the public (in newspapers of some kind)
or with others through rumors or unauthorized disclosures. (Some of the
children came from high profile families and knew the pain of this first
hand and another one of the children had experienced cyber-bullying where
personal and very private information about her was shared with kids at
another school and quickly spread online.)
- “False light” is
when the facts disclosed are false or intended to create a false impression.
It may not rise to the level of defamation, but can be as devastating.
“Notify wars” and “warning wars” are when some children target another by
provoking them into doing something or saying something online that violates
their ISPs terms of service. The provoking child them reports them, often
using AOL’s online abuse “notify” feature. (In cyber-bullying situations the
rumors and lies that used to appear on the bathroom wall in the boys’ room
now populate a wall 700 million people wide.)
When I asked them if
they would be willing to have others track what they did online, they qualified
their answers. “Would they be able to find us offline?” Would they SPAM us, send
us pop-ups or otherwise bother us?” “Would they know who we were in real life?”
“Would they try and contact us?” When I explained that in this magical world,
the tracking would never be used to find them online or offline and would not be
tied to any personally identifiable information. No one would try and sell them
anything or try and contact them in any way. No one could SPAM them, send them
pop-ups or otherwise bother them. Their next question was key, “How do we know
we can trust them not to do what they promised they wouldn’t do?” I told them in
my magical scenario that those tracking them were trustworthy and the
information they gathered could not be compromised.
Roughly half of the
preteens and young teens told me that they didn’t see any problem with this
totally trustworthy entity collecting information about what they did and how
they did it. They had no problem with their collecting information about how
many people they had on they buddy list, where they surfed, how long they spent
at any page online and what they did online (subject to all the qualifications
discussed above). They felt that if some benefit resulted from this information,
such as learning how to create better interfaces or about how children use the
Internet, it is worth their participation.
The rest of the kids
broke into two groups. One felt that they should be informed and asked for their
approval before any information, even totally anonymous information, is gathered
about them online. And this is where is gets complicated. They also stated that
if anyone asked for their approval to collect this information, they wouldn’t
give it. When I asked if it would then be better to have an “opt-out” mechanism,
rather than an opt-in mechanism, they said that this wouldn’t be fair since no
one would remember or take the time to opt-out.
Rather than try and
resolve these inherently inconsistent positions, I asked them if it made a
difference if the party collecting this information was the government or a big
company or any other company. They felt that it did make a difference.
The kids seemed to trust
the government collection, except they asked many questions about wiretaps and
police investigations and what could be used and what couldn’t. They wanted to
know whether evidence of a crime other than the ones being investigated could be
used if discovered during an authorized wiretap. I told them that, generally, it
could. (Interestingly, they were particularly interested in learning about
whether personal conversations could be intercepted of anyone being
investigated. I explained the rule about the investigators having to stop
interceptions after a certain period of time if it appeared to be a personal
communication and not related to the investigation. Then they asked about how
the investigators could tell the difference between innocent communication and
ones conducted in code, masquerading as a personal communication.)
At this age most
preteens and young teens trust law enforcement and view them as protecting them,
rather than being concerned about police misconduct and surveillance techniques.
The responses we received from older teens were slightly different.
When asked about
corporations collecting the information, they responded that it depended on how
familiar they were with the company (and mentioned not knowing who Double-Click
was and whether they were or weren’t to be trusted). They said that certain
corporations could be trusted and were seen as being trustworthy. Others were
not.
When I brought up
automatic updating of software, and used Microsoft as an example, the kids all
became animated. “Microsoft,” they all shouted, “could be trusted.” (Peter
Cullen, Microsoft’s Chief Privacy Strategist should appreciate that.) One young
girl cautioned that even if the company thought they were doing something to
help you, they may end up “screwing up your computer.” (This opinion was derived
from a bad experience she ascribed to an iTunes update.) The others nodded
compassionately. But all defended Microsoft.
Besides, “if the company
is doing something that helps you, or is good for you, it should be allowed to
gather information and install updates.” They had no problem with companies
knowing your equipment, software applications installed or how you used your
computer or interactive technologies. If you benefited from whatever was being
collected and the company didn’t intrude on your space, or bother you, or
collect or share personally identifiable information, it was okay. All kids
agreed. But most still wanted to be informed and asked if that was okay before
the company gathered any information or did anything affecting their computer.
“Even if they are doing
something good for you, don’t they have to ask you first?” they wanted to know.
I explained that most of
the time you were asked first, at least sort of asked first. “You know
those long legal pages that you have to click “I accept” on before you can
install software or download anything from a site?” I asked. They all nodded.
“Ho many of you have ever actually read them before accepting them?” Their heads
moved as one. None had ever read them. “That’s where they hide this
information.” There and in the settings where you tell them it’s okay to update
software without letting you know, or if you want to pre-approve it each time.
“How many of you click “never remind me again” when the computer tries to tell
you that software is being updated, or something is being installed, or that a
site violates your security or privacy settings?” Again, all sheepishly nodded.
Okay, I thought I was
actually getting somewhere. “So, if there is something you get out of it, it’s
okay to share the information, right? (Those of you with preteens and teens know
what happened next…) “No,” they shouted in unison. “It depends. If you get a
reward or something of value back then it is fair to give this information
away.”
“So,” I responded, “you
will give away this information if you are rewarded for giving it away?”
The kids again disagreed
with each other. “If the Gap wants to know what I like and don’t like, to be
able to sell to me or other kids better, they should give me something for it,”
said one cherubic 13 year old girl.
“But, if they offered me
some kind of reward, I wouldn’t trust them. I would be suspicious of their
motives,” shared another preteen.
Great, back to the
drawing board…
What have we learned
about kids and teens and privacy online? The first thing is that they understand
privacy. They also understand trust. If you violate that trust, you will not be
given a second chance. Big names, with lots of brand recognition are seen as
more trustworthy. Companies that have not had the best history of privacy
compliance may find comfort in the fact that they are not household names to the
teens. So their credibility among the newest Internet generation may not have
been damaged.
They also want to be
kept informed, but not bothered. And want the ability to control their personal
information and prevent intrusions. They recognize that the right method of
getting their buy-in isn’t there yet. They are demanding your respect and
acknowledging that they will work with you, if you are really adding value.
Value to the Internet, to all kids’ surfing experience, to your website and
business if you are truly trying to serve your young customers more effectively
is “value.” You can also be focused on making more money because of this
information, but the value component to the young Internet users has to be the
primary impetus.
It’s not often that
marketers, respected brands and up-and-coming companies can address their future
customers this early. And there is much to be learned. It’s all about sharing
and not always taking. It’s about balance and not being greedy. It’s about
earning their trust and not abusing it. Bottomline, with kids, preteens and
teens (perhaps even more so than with their parents), it’s all about respect.
*********************
WiredKids.org will be conducting a survey of preteens and young teens on privacy
and trusted computing. If you are interested in helping sponsor this survey and
related research, contact
Parry
Aftab directly at
parry@aftab.com. WiredKids is a 501©(3) corporation and the child, preteen
and teen division of WiredSafety.org, the world’s largest online safety and help
group. WiredKids was formed in 1999, following Dr. Aftab’s appointment by UNESCO
to head up their online child protection initiative in the
United States.
|
Parry
Aftab, Esq., 
Marvel and
all character names and the distinctive likenesses thereof are trademarks of
Marvel Characters, Inc., and are used with permission. TM & © 2004 Marvel
Characters, Inc. All rights reserved. “Super Heroes” is a Co-owned registered
Trademark.