

Path reaches settlement with FTC, agrees to pay $800K fine for COPPA violations - devinfoley
http://gigaom.com/2013/02/01/path-reaches-settlement-with-ftc-agrees-to-pay-800000-fine-for-coppa-violations/

======
guard-of-terra
What "Children protection" means really is "we want to shelve children in a
dark dry place until they reach age".

The problem with that kind of thinking is that it will yield toddlers of age.
Able-bodied but socially infantile.

The solution to that problem is that those rules are largely ignored by
everyone. But this creates the dangerous law relativity where you have these
laws but know they're never applied to you. And when they suddently are
applied you are in a deep trouble.

Stupid people -> Stupid laws -> Stupid society.

~~~
jonknee
Yikes. Making it legal to prey on children online is not a great solution.

~~~
stickfigure
_Think of the children!_

This is old and tired, especially when you throw in emotionally charged
phrases like "prey on". Does Facebook prey on its users? Around a billion
people don't think so.

~~~
jonknee
Facebook does not allow pre-teens on their site precisely because of this law.
I do not think that's a bad thing. The law is not perfect, but it is intended
to be a tool to stop people from exploiting kids 12 and under. The
exploitation isn't necessarily from the site operator, but other users. If
Facebook had a bunch of 11 year olds (and now with Graph Search it would be
easy to find 11 year olds near you) the main concern would not be that
Facebook would somehow take advantage, but that other people on Facebook
would.

These same kids cannot go to a PG-13 rated movie without an adult either, I
don't find this especially onerous.

<http://www.facebook.com/help/441374602560317/>

~~~
stickfigure
With all due respect, that's between a parent and their child. At the very
least, the name COPPA is disingenuous and misleading - I'm pretty sure if it
was called the Ban Kids From Facebook law, it would not have the same level of
public support.

Also, the MPAA rating system is not a legal requirement. AFAIK, there is no
law which prevents 13 year olds from watching PG-13 movies, either in theaters
or at home: <http://www.theclyde.net/TheClyde_Ratings.htm>

------
peterhajas
COPPA doesn't seem that unreasonable. Protecting children from information
disclosure while they're under the age of 13 seems very appropriate to me.
Once kids are 13, they can begin to disclose at their own discretion, but
before that, I can see the case for protecting them.

~~~
stickfigure
Of course COPPA doesn't _seem_ unreasonable, and that's why it continues to
exist. However, it is a lesson in unintended consequences: Rather than
protecting children, COPPA has the effect of banning them from the internet.
The subsequent effect of teaching children to lie and exploit the system is
just icing on the proverbial cake.

Laws must not be judged on their intentions, but on their practical
consequences. The only difference between the current world and a world
without COPPA is that in this world, honest kids are prevented from having the
same fun that their lying friends are having.

~~~
jonknee
They aren't banned from the internet. They're banned from disclosing personal
information (e.g. social networking) without parental consent, which at their
age is probably not a bad thing. Wikipedia, Google and the rest of the
internet are all fair game. So is any site that goes through with the parental
consent part. Sites that do not tailor to kids typically do not go through the
hassle because under-13 also means they aren't going to spend any money.

~~~
stickfigure
The _practical_ result is that kids are banned from nearly any site that could
conceivably discover their age - presumably even by commenting in a forum or
on a blog entry.

Actually, nix that. The _practical_ result is that kids are taught to lie
about their age. Fortunately this skill will come in handy when it's time to
get a fake ID and buy booze.

~~~
deleted_account
No, that's not the practical result. You don't run afoul of COPPA by just
_knowing_ someone's age; you get into trouble when you knowingly collect the
personal information of children under 13 without their parent's permission.

Honestly, I would think this crowd would be more disappointed that "banned
from nearly any site" has become synonymous with "unwilling to submit all your
personally identifiable information."

~~~
guard-of-terra
That's a nice distinction but how does it proctect children?

You being unwilling to submit personal information also makes you banned from
almost all the web, including e-mail services.

~~~
deleted_account
You seriously misunderstand COPPA; it is not designed to protect _children_.
It's designed to protect children's _privacy_.

~~~
guard-of-terra
Is protecting children's privacy orthogonal or even conflicting with
protecting children?

Because you make it sound like that.

UPD: Let me show you an example: Pretend we're talking about some law and
you're arguing it's not designed to protect me, but to protect my body. My
first thought: the hell are you going to do with my body? Because, my body is
what makes me me. If you protect it but not me perhaps you're going to sell my
organs away.

~~~
deleted_account
Great example, let's run with it...

By your analogy, COPPA would be the law that prevents people from collecting
and selling children's organs. Because kids are gullible and and it's easy to
convince them out of a kidney or two.

Except replace "organs" with "personally identifiable information companies
want in order to market shit to you."

~~~
guard-of-terra
The problem with this sort of forced "protection" is that it ruins my social
life. That's what happens to children actually. Or I am forced to shrug off
your "protection" (entering into the legal grey zone), that's what happens
too.

~~~
deleted_account
Really? That's ultimately your beef? "It ruins my social life."

~~~
guard-of-terra
Yeah, that's it. I don't need your protection if it ruins my freedom. Children
neither.

~~~
deleted_account
"First they came for Facebook's right to collect all of my personal
information, and I didn't speak out..."

Tragic.

You managed to think yourself into a corner where a law protecting _personal
privacy_ from _corporate misuse_ is an attack against your freedom.

I'm leaving now; don't follow me.

------
mvkel
Does this mean if you don't ask for a birthdate on your service, you're safe,
or are you required to ask for birthdate and reject anything that comes in
under 13?

An easy fix for this: dynamically populate the date drop-downs so you can only
select (today - 13 years)

~~~
lm741
You don't have to ask for a user's age if your site is intended for a "general
audience". You'll still need to purge information from users who are
discovered to be under 13.

See questions 40/41 <http://www.ftc.gov/privacy/coppafaqs.shtm#teen>

""" 40\. I operate a general audience site and do not ask visitors to reveal
their ages. I do have a button that users can click to send feedback,
comments, or questions by email. What are my responsibilities if I get an
email that says, “Hi, I am Steve, age 10, and I really like your site. When do
you think you will add some more games?”

Under the Rule’s one-time contact exception, 16 C.F.R. § 312.5(c)(2), you may
reply to the child once without sending notice to the parent or obtaining
parental consent, if you do not re-contact the child, and you delete the
child’s personal information, including email address, from your records after
responding to the email.

"""

Legal Corollary of 40: If you send spoofed email to a site operator claiming
to be under 13, you could legally force them to delete another user's account.

------
Friedduck
The sad thing is I think Path responded far better than most others, and
they've received a heavy-handed response relative to the abuses of so many
others.

They were transparent, admitted their mistake, and corrected it. What's the
lesson here? Bury your mistakes and avoid the PR headache and financial
penalties?

~~~
deleted_account
The investigation was launched due to Path uploading people's entire address
book to their servers with out the user's permission.

I have little sympathy that such a casual disregard to customer's privacy
would come to bite them in the ass multiple times.

------
rikacomet
I know this might have a obvious answer, but I need to be clear: Which of the
following is the case here?

1\. Minors below 13 were able to sign-up under the guidance of adults but the
system was not having enough checks in place?

2\. Minors could register as minors without any system at all?

~~~
devinfoley
Apparently #2:

"As you may know, we ask users’ their birthdays during the process of creating
an account. However, there was a period of time where our system was not
automatically rejecting people who indicated that they were under 13."

~~~
dusing
So there is a law against allowing 13yr olds on a social network?

~~~
Timothee
Pretty much: it's COPPA.

The gist of COPPA is that you can't collect information about people under 13,
without the express consent from a parent. So it's not completely against the
law to have 13yo on a social network, it's just common for sites to just
refuse kids altogether, mostly out of convenience.

See
[http://en.wikipedia.org/wiki/Childrens_Online_Privacy_Protec...](http://en.wikipedia.org/wiki/Childrens_Online_Privacy_Protection_Act)
and <http://www.coppa.org/>.

~~~
guard-of-terra
And therefore every kid out there learns that 1) adults are stupid and coward
and, 2) you should lie to them all the time, before reaching the age of 13.

We are all miserable idiots for allowing this.

~~~
stickfigure
This is _exactly_ what happens. I know several 10- and 11- year olds (my gf's
sister is 23 years younger) and they all lie about their age to use Facebook
and Google - with the knowledge and consent of their parents/guardians.

This is incredibly stupid.

~~~
jonknee
> with the knowledge and consent of their parents/guardians.

Not coincidently that's all COPPA requires. You can run web services tailored
to the under-13 set, you just need to collect parental approval for your young
users. Facebook and Google don't bother with it because it's a hassle.

~~~
stickfigure
This is not quite correct. It requires _provable_ consent from parents, such
as a written letter. It's not surprising that online services do not go
through this process.

Again, the _actual_ effect of the law is not what's written in it. The
_actual_ effect is that internet companies (like my startup) simply ban the
under-13 set. And we just register people for bicycle races!

