Saturday, January 19, 2008

Social networking sites, law enforcement probe for reliable age-ID technology; how would this affect COPA-like laws?


Chris Emery has an important story today (Saturday Jan. 19) in the Baltimore Sun, p A1, “Steps to protect teens online: Attorneys general, Myspace work on ID technology,” link here.

All social networking sites state minimum ages requirements for profiles, and sometimes additional ages before profiles can become globally public. These sites have some practical difficult in having any completely reliable way of knowing that a particular subscriber is not lying about his or her age. That is, an underage person might want an account, or an adult might lie to get to see minors’ profiles, which most sites will not let adults see, for well known reasons.

There are many technologies that can be imagined. The trial over the Child Online Protection Act of 1998 (COPA), in which the legislation was found unconstitutional in 2007, rehearsed the inadequacies of credit cards and adult-id cards are reliable identification. Fingerprint or other biometric identification has been proposed (as it has been in conjunction with airport security) but that would limit both adults and minors to computers that have the appropriate biological scanners, which have not yet been developed for mass market use. Environmental factors, such as altitude or even extreme swings in barometric pressure, can physiological changes that could affect these devices furthers. Face metrics could be affected by growth or age. Other suggestions include mailing random tokens from which supplementary, unchangeable passwords could be generated. But so far no really reliable proposal seems to be on the table.

Once some mechanism is available, then all kinds of other issues surface. One is whether adults (particularly amateur or novice speakers) should incur inconvenience or expense to protect minors when they personally pose no risk. Another major question would concern anonymous speech.

All of these concerns would seem to exist with the proposed The Cyber Safety for Kids Act of 2007, S. 1086. See my COPA blog here.



Update: Jan. 23, 2008

Anita Kumar has a story in the Metro Section, p B01 of The Washington Post today about an additional appropriation by the Virginia General Assembly to fund two task forces to conduct more online stings similar to those on NBC Dateline, as well as detailed forensic investigations, link here.
The bill is called "Alicia's Law." (Delegate Brian Moran 's link.) There have been multiple news stories about police stings in Arlington VA (catching one off duty police officer) and in Washington DC (catching a field grade Army officer who, after plane travel, was arrested by Metro transit and DC Metropolitan police when trying to meet his "mark" after a chat room exchange.) As on the NBC Dateline show, the overwhelming majority of these cases are "heterosexual."

Monday, January 14, 2008

Arlington VA schools have plans for "Parent Academy" on Internet safety


The former (Virginia) Arlington County School Board chairman David M. Foster has a short op-ed in the Outlook Section of The Washington Post, Sunday, Jan. 13, 2008, p. B08, about County efforts to educate both public school students (middle and high schools) and parents about the bizarre risks to kids on the Internet. The story is called “On the Prowl for Online Predators” and the link is here. The title of the story certain invokes images of Chris Hansen’s recent controversial series “TCAP” on NBC Dateline (and the “Peej” vigilantism now seems to have undercut the undercover police efforts).

Arlington plans to conduct Internet safety training for all public school employees. Obviously, some of this refers to the rules, mostly common sense, for proper use of computers at work and school -- for school system business and legitimate classroom purposes only. With schools, there can be a problem about what is “legitimate.” “Approved curricula” has become a highly politicized topic because of cultural and religious variations among parents, and the pressures these put on school boards. Some material that most adults think is acceptable might not be acceptable in a school environment.

The article also mentions a “Parent Academy,” which apparently will be a series of sessions (probably evening) to help parents monitor their kids’ Internet use at home. Many experts suggest placing the “family computer” in a “public area” of the home, but as students become more advanced, many of them will need more privacy for legitimate computer use for homework assignments. Course material at schools is often reproduced in handouts that are limited in scope. Experts also suggest that kids ordinarily not be allowed to own webcams at home, as they have few legitimate uses. Proper use of software filters is essential, and when there are children of different ages, they need to be set separately for each child’s account in an age appropriate manner. AOL has recently made major upgrades to its own filters. The other major controversy is, of course, the “private” information that kids share on social networking sites in order to make “friends” and increase social popularity in what they perceive (correctly) as a competitive world. Some information (such as home street address or landline phone number) could jeopardize the security of the home and other family members, as could postings of plans for whereabouts. The recent tragic case in Missouri also highlights that kids and parents need to be skeptical about transmissions they receive; middle and high school students do not always have the judgment to know what is credible. The Internet has offered wonderful opportunities to increase the scope of information published, but some of it is unedited and amateurish.

Thursday, January 10, 2008

Post has many more details on Missouri cyber-hoax tragedy today


The case of Internet cyber bullying, resulting in the suicide of Missouri 13-year-old Megan Meier in October 2006 after a neighbor had set up a hoax impersonating a boy friend who would then "reject" her online, has stirred up renewed debate this week on Internet freedom, anonymity and privacy. I had written in detail about this incident on this blog Dec. 2 and provided many links. Dr. Phil had a show about it this week. And there are new, however unconvincing, developments on the legal front about possible prosecution.

Today, Thursday Jan. 10, The Washington Post has a long story by Tamara Jones on p. c1, "A Deadly Web of Deceit: A Teen's Online 'Friend' Proved False, And Cyber-Vigilantes Are Avenging Her," link here. The story has a slide show.

One important aspect of the story is that the details of what actually happened in the Drew family and who actually perpetrated the hoax seem obscure. There are now several accounts in print and on the Internet, and this Post story provides the most detailed account I've seen yet.

Today, Jan. 10, at 11 AM EST, law professor Daniel J. Solove will discuss this case online on the Washington Post. The discussion will be called "Privacy, Free Speech and Anonymity on the Internet." The link is here. Solove is an associate law professor at George Washington University and author of "The Future of Reputation: Gossip, Rumor and Privacy on the Internet." The book is published by Yale University Press and available for immediate order on Amazon. I just ordered it now, and will cover it soon on my books blog.

The Los Angeles Times has a story about a new effort at federal prosecution (with a grand jury convening in LA) "L.A. grand jury issues subpoenas in Web suicide case," story by Scott Glover and P. J. Huffstutter, January 9, 2007, link here. The story contains an Associated Press video of the story (1:50 in length).

It's interesting; I met a GWU law student randomly on the Metro in Washington yesterday and we had a discussion about this matter on COPA. How the chance coincidences pile up. I graduated from GW myself (BS Math) in 1966.

This case is not so much about "reputation" as other stories have presented it (social networking profiles, blogs, videos, and material submitted by others) as it is about deliberate manipulation of another minor's need for social validation.

Teenagers become attached to the mechanisms that the civilization around them provides in order to have a source of identity. Today, many teenagers presume that one must meet people through social networking sites. When I was a boy, somewhat introverted, I got a lot of identity from collecting classical phonograph records, an activity that represented the technology of the 1950s and 1960s. The principles remain the same, but the details change and become more dangerous.

Picture (at top): old movie projector (in back corner) at Woodrow Wilson House in Washington DC. Below: GWU Hospital, Washington DC (unrelated).



Update: Jan 18, 2008

The New Yorker, Jan. 21 2008, has an article by Lauren Collins, "Annals of Crime: Friend Game: Behind the online hoax that led to a girl's suicide," p. 34, link here.



Update: Feb. 8, 2008

USA Today has a list of state laws on cyber-bullying, here.

A related story there by Albert Koloff is here.

Monday, January 07, 2008

"Adult" site has major security breach, leaking customer email addresses


The Washington Post, in a story by Keith Richburg, reported Jan. 4 (on p A09) that an “adult” web site experienced a major compromise of its security, with a list of customers and email addresses, but not credit card information, lost to hackers, who in this case appear to have been looking for email addresses for spam. The link for the Post story is here.

There could be concerns that the information could be posted somewhere and identify the people as visitors to adult websites, an issue that could disturb certain kinds of employers and become a “reputation defender” kind of issue.

Of course, it should come as no surprise that such websites are not particularly safe places to surf, although companies like McAfee still try to evaluate them with Site Advisor or similar products. Police departments have sometimes also used them for sting operations, and this has gone on for several years. Wired News had a major story about this in early 2002.

Tuesday, January 01, 2008

Computer safety has always been a concern; it had increased rapidly in the 80s


A lot has been written recently about home computer safety, with tips like (1) keeping the family computer in a non-private location if there are kids in the house (even though more advanced high school students need the “privacy” for legitimate homework assignments) (2) strong passwords (3) bewaring of phishing (4) anti-virus software and firewall maintenance.

Actually, some of these worries long existed in the mainframe world. We’ve heard a lot about physical security of disks and lists of personal information from corporate databases, government agencies, and credit bureaus. True, it used to be that there was little security of these lists, and when employees started telecommuting (a good thing) they often took home laptops that could hold data (before that they had taken home dumb CRT terminals, which may have been “safer” in retrospect, for nightcall).

Also, mainframe computer security has been an evolving capability, which grew rapidly in the middle and late 1980s, especially with topics like Top Secret and RACF. It wasn’t until well into the 80s that most shops could keep programmers from having routine update access to production files. In the 90s, much more attention was paid to source-load module integrity with a variety of products like CA-Librarian or Endeavor, and Changeman. There have always been “holes” where employees could, inadvertently or deliberately, do a lot of damage to a financial institution’s database and customers, but by around 1990 or so companies had gotten very serious about closing these holes. One other risk was the rapidity with which corporate data center conversions were done after corporate mergers, as well as Y2K. Still, statistically, these efforts cause few problems,

Nevertheless, the problems we see today with home computer safety are a reflection that problems that have always existed ever since computers, even for companies and governments, became part of modern life.

Picture: Coal-fired Pepco/Dominion power plant at Mt. Storm, W Va., in stripmine country.