Three Provocations about Parental Controls, Online Safety & Kids’ Privacy

by on September 22, 2011 · 3 comments

On Wednesday afternoon, it was my great pleasure to make some introductory remarks at a Family Online Safety Institute (FOSI) event that was held at the Yahoo! campus in Sunnyvale, CA. FOSI CEO Stephen Balkam asked me to offer some thoughts on a topic I’ve spent a great deal of time thinking about in recent years: Who needs parental controls? More specifically, what role do parental control tools and methods play in the upbringing of our children? How should we define or classify parental control tools and methods? Which are most important / effective? Finally, what should the role of public policy be toward parental control technologies on both the online safety and privacy fronts?

In past years, I spent much time writing and updating a booklet on these issues called Parental Controls & Online Child Protection: A Survey of Tools & Methods. It was an enormous undertaking, however, and I have abandoned updating it after I hit version 4.0. But that doesn’t mean I’m not still putting a lot of thought into these issues. My focus has shifted over the past year more toward the privacy-related concerns and away from the online safety issues. Of course, all these issues intersect and many people now (rightly) considered them to largely be the same debate.

Anyway, to kick off the FOSI event, I offered three provocations about parental control technologies and the state of the current debate over them. I buttressed some of my assertions with findings from a recent FOSI survey of parental attitudes about parental controls and online safety.

Provocation #1: While parental controls will continue to play an important role, it may be the case that many parents will not need parental controls technologies quite to the extent we once thought they did.

In one sense, usage of parental control tools is actually surprisingly high. The FOSI survey reported that 53% of parents say they have used parental control tools to assist them in monitoring their child’s Internet usage. That’s much higher than I would have expected.

Of course, that means that the other half of parents aren’t using parental controls. Why aren’t they? It can’t be because parents aren’t aware of the tools. Awareness of parental control tools is growing. According to the FOSI survey, 87% of parents report knowledge of at least one parental control technology.

Some critics claim it’s because the tools are too complicated, but that’s also hard to believe. The tools keep getting easier to use and cheaper—often being completely free of charge.

The better explanation lies in the fact that, first, talking to our kids continues to be the most important approach to mentoring youth and protecting them, just as it was for previous generations of parents. Almost all of the parents surveyed by FOSI (96%) said they have had a conversation with their child about what to do and not to do online.

Second, “household media rules” are the other unforgotten element here. These rules can be quite formal in the sense that parents make clear rules and enforce them routinely in the home over an extended period of time. Other media consumption rules can be fairly informal, however, and are enforced on a more selective basis. In my book on parental controls, I devised a taxonomy of household media rules and outlined four general categories: (1) “where” rules; (2) “when and how much” rules; (3) “under what conditions” rules; and, (4) “what” rules.

The FOSI survey reveals that such household media rules are widely utilized. Nearly all parents (93%) said they have set rules or limits to monitor their children’s online usage. In particular:

  • 79% of parents surveyed require their children to only use the computer in a certain area of the house. (This is an example of a “where” rule.)
  • 75% of parents limit the amount of time a child can spend online. (This is a “how much” rule.)
  • 74% set rules for the times of day a child can be online. (This is a “when” rule.)
  • 59% established time limits for use of a child’s cell phone. (This is another “how much” rule.)

Again, many pundits and policymakers routinely ignore the importance of such household media rules when talking about online child safety. They incorrectly assume that lower than expected usage of various parental control technologies means that those tools have failed or that kids are in great danger online. The reality is that most parents usually think of parental control technologies as a backup plan or complement to traditional parental mentoring and rule-setting responsibilities.

In fact, the FOSI survey revealed that, of those parents who have not used parental controls, 60% of them said it was because they already have rules and limits in place. Of course, none of this should be surprising. Most of us over 40 grew up without any parental control tools in our homes. Just like our parents before us, we devise strategies to mentor our youth and guide their development. Simple lessons and smart rules will, therefore, always be the first order of business. Technological controls will often only be used to supplement and better enforce those lessons and rules, if they are used at all.

In sum: parents are parenting!

Provocation #2: Kids are more resilient than we think.

Despite the panic we sometimes hear surrounding online safety and privacy, kids seem to be adapting to online environments and challenges quicker than parents (and policymakers) give them credit for. Without minimizing the seriousness of any particular concern, I think we need to step back and appreciate just how good of a job most kids have done adjusting to the modern Information Revolution.

There’s a great deal of literature in the field of psychology and sociology dealing with resiliency theory. When we think about risk in this world, there exists a range of responses. Prohibition and anticipatory regulation are on one end of the spectrum. Resiliency and adaptation are on the other.

When highly disruptive information technologies come on the scene, the first reaction is often prohibition or anticipatory regulation. That’s driven by fear of the new and unknown. Oftentimes, however, patience is the better disposition. Building resiliency and crafting adaptation strategies often makes more sense. Instilling principles and lessons to last a lifetime will ultimately do more to make our kids smart, savvy cyber-citizens and prepare them for the worst of what the world might throw their way.  It’s like the old “teach a man to fish” approach, except in this case it’s “teach a child to think.”

In many ways, this is precisely what has been happening for the past decade. Both parents and kids have been “learning on the job” so to speak. They’ve been adapting to new online worlds and gradually assimilating them into their lives. In the process, they have learned important lessons and become more resilient.

Of course, some risks are serious enough that they demand a more anticipatory solution, perhaps even prohibition. Child porn and online child abuse of any sort are the primary examples. But for most other things, social adaptation and resiliency responses generally trump prohibition or anticipatory regulation as the smart solution.

Provocation #3: The most interesting and important public policy debate going forward—both for child safety and kids’ privacy concerns—continues to be the vexing question of where to set to defaults and who sets them.

This isn’t the provocative part of this particular provocation. After all, we’ve always know that defaults matter. Psychologists speak of “status quo bias,” or the general inclination for humans to often stick with the choice they’ve initially been offered. Thus, default parental control and privacy-related settings are often quite “sticky.” Where safety and privacy defaults are set out of the gates is usually where they stay for many people.

A lot of people would like to find a way to change that—potentially through regulation—because they do not approve of the initial defaults offered by various online sites, service, or devices.

Generally speaking, there are two sets of hard questions here. First should we default to the most restrictive setting, the least restrictive, or should we force the consumer to make the choice before using the site, service, or device? Second, who makes that call? Private or public actors?

So, here’s my real provocation: We are better served as a society when these defaults evolve organically and are not imposed from above. Trial and error experimentation with varying defaults help us better understand the relative value of online safety and privacy to various users. That experimentation also sends important signals to other players in the marketplace and encourages them to offer innovative alternative or approaches to these issues. [Here’s a longer paper I penned on this issue explain why mandatory and highly restrictive defaults usually aren’t a good idea.]

The obvious objection to my position is that, if companies are the ones setting the defaults, then only their values get heard and their preferred defaults will always prevail. In reality, however, defaults often do evolve from where they are initially set. (Think of how browsers and social networking sites have added and changed privacy and security controls over just the past few years.) Press exposure and social pressure—especially from average parents and advocacy groups—typically help make sure service providers are responsive to needs of their communities.

Importantly, just because some the preferred defaults of some child safety or privacy advocates do not prevail, that doesn’t constitute “market failure.” There are many competing values at work here. First off, we must never forget that only 32% of all U.S. households have children present in them at any given time. And of that 32%, a small subset might need parental controls or enhanced privacy settings. Many others won’t need any. We live in a diverse nation with a wide spectrum of values and approaches when it comes to rearing our children and protection their safety and privacy. Some parents will never use any parental control or privacy tools. Others will layer them on. Others will use a mix of tools and strategies as outlined above.

In the end, we should expect that experimentation with varying defaults will continue and that there will always be some who are cranky about their preferred defaults not prevailing. But I think we are better off if we allow experiments to continue.


After I offered these initial provocations at the FOSI event, we had a terrific conversation among a diverse group of attendees. I took notes and tried to distill the key takeaways from the conversation, which was off the record. Here are 5 themes that I kept hearing coming up again and again from participants:

  1. There is no single tool or silver-bullet solution that can solve all these problems; many tools and solutions are needed for the various concerns that are out there today
  2. The term “parental controls” is too narrow since it just implies tools. We need a broader term or paradigm that incorporates education, awareness, empowerment, household media rules, etc.
  3. Whether we are talking about tools or awareness efforts, there is remains a trade-off between sophistication and usability.  Many people and policymakers say they want more sophisticated tools but then turn around and complain about complexity of those solutions later. Stated differently, there will never be a “Goldilocks formula” that gets it just right precisely because needs and values evolve.
  4. There are shifting concerns among parents from old days. In the early days of the Net, the concern tended to be focused more on content consumption (mostly adult material). Today, the concern seems to have shifted strongly toward content creation (ex: user-generated content on social networking sites, Twitter, SMS, etc.)
  5. Kids are getting online at a younger age despite regulatory prohibitions such as COPPA and we’re going to have to grapple with that reality and whether we’ll allow it.

Previous post:

Next post: