When it comes to theories about how to best raise kids, I’m a big believer in what might be referred to “a resiliency approach” to child-rearing.  That is, instead of endlessly coddling our children and hovering over them like “helicopter parents,” as so many parents do today, I believe it makes more sense to instill some core values and common sense principles and then give them some breathing room to live life and learn lessons from it.  Yes, that includes making mistakes.  And, oh yes, your little darlings might actually gets some bump and bruises along the way — or at least have their egos bruised in the process.  But this is how kids learn lessons and become responsible adults and citizens.  Wrapping them in bubble wrap and filling their heads without nothing but fear about the outside would will ultimately lead to the opposite: sheltered, immature, irresponsible, and unprepared young adults — many of whom expect someone else (the government, their college, their employer, or still their parents!) to be there to take care of them well into their 20’s or even 30’s.  Again, you gotta let kids live a little and learn from their experiences.

This explains why I find Lenore Skenazy’s new book, Free-Range Kids: Giving Our Children the Freedom We Had Without Going Nuts with Worry , to be such a breath of fresh air.  [Here’s her blog of the same name.] She argues that “if we try to prevent every possible danger of difficult in our child’s everyday life, that child never gets a chance to grow up.” (p. 5) As she told Salon recently:

You want kids to feel like the world isn’t so dangerous. You want to teach them how to cross the street safely. You want to teach them that you never go off with a stranger. You teach them what to do in an emergency, and then you assume that generally emergencies don’t happen, but they’re prepared if they do. Then, you let them go out. The fun of childhood is not holding your mom’s hand. The fun of childhood is when you don’t have to hold your mom’s hand, when you’ve done something that you can feel proud of. To take all those possibilities away from our kids seems like saying: “I’m giving you the greatest gift of all, I’m giving you safety. Oh, and by the way I’m taking away your childhood and any sense of self-confidence or pride. I hope you don’t mind.”

Exactly right, in my opinion. Again, let kids live and learn from it.  Teach lessons but then encourage ‘learning by doing’ and let them understand these things for themselves.  That is resiliency theory in a nutshell.

When writing about Gever Tulley’s brilliant “Tinkering School” in this post last year, I noted how I have already started teaching my kids how to use various tools even though they are both under the age of 8.  One of my safety-obsessed yuppie friends stopped by one day to get something and saw my kids playing with hammers, nails, and saws and he thought I was nuts.  But it is he who is nuts for shielding his kids to the joys of learning to build something with their own hands (and for denying them the skills to actually do some honest-to-God manual labor when they get older)!  Have my kids hammered their thumbs on occasion? Yep.  Have they cut or poked their fingers? Check.  But you know what? They bounced back and learned how to be more careful. It’s not like I put a nail gun or power saw in their hands and let them go at it!  But there will be a day that they will be competent enough to know how to use such tools properly, especially because I drill some basic lessons into them each time we pull out those tools. Without me even saying so anymore, they already put on their safety goggles and take other common sense precautions before they use such tools.

Why is it that things have gotten so out of whack, with parents instilling so much fear in their kids about the world?  Skenazy rightly notes that the fundamental problem is that “a lot of parents today are really bad at assessing risk.” (p. 5)  Parents today suffer from “extravagant worry,” she notes. “Extravagant in that it inflates remote possibilities into looming threats that we think we have to watch out for.” (p. 93) “Worrying,” she argues, “has become our national pastime.” (p. 94) “What has changed over the past generation or so is than now people worry… about every activity, even ones that used to be considered simple and pleasant,” she says. (p. 42). Camping, ball games, bike rides, walking to school, etc., are increasingly going out of style. “Millions of moms and almost (but not quite as many) dads now see the world as so fraught with danger that they can’t possibly let their children explore it.” (p. 5)  “And the result is a lot of people so busy preparing for the hideous and unpredictable future that they think nothing of trampling the safe and happy present.” (p. 44)

This has spawned the rise of what Skenazy refers to as the “Just In Case” and “Total Control” mentalities that exist among many parents throughout society today. Many modern parents seem to believe that with just enough safety locks, knee pads, toilet locks, stair gates, and so on, they can keep their kids perfectly safe from all the harms of the world —  both real or (more likely) imagined. Alas, Skenazy argues, “Control is a figment of our imagination. Seeking it only make us more anxious.” (p. 92)  Worse yet, after wrapping those kids in all that bubble wrap, a lot of these same parents force nonsense on them like Baby Einstein videos and Mozart tapes at very young ages hoping that will make those kids geniuses in later life.  It’s more likely they’ll grow up to be Ted Kaczynski.

But if Skenazy is right in arguing that most parents now behave as if “normal childhood has just become too risky to permit,” think of the long-term consequences that has on kids.  Such a relentlessly fear-based mentality breeds distrust, even loathing, of the outside world and all others in it.  Moreover, as I mentioned at the outset, excessive coddling makes it impossible to learn life lessons and build resiliency and responsibility into youngster such that they can go on to become productive citizens.

Skenazy also has some common sense thoughts on the over-hyped issue of Internet sexual predation. As she told Salon:

The world online turns out to be not very different from the world offline. There are some really seedy neighborhoods where you wouldn’t want your kids hanging out, especially if they were wearing high-heeled shoes and fishnets stockings at night. If your kids don’t go there, then your kids are not going to be stalked by predators just looking up prom pictures on Facebook.

Again, exactly right.  And yet, as I have pointed out here before, an irrational “techno-panic” has taken place in recent years over this issue even though the research just doesn’t back up the claim that predators are lurking on every cyber-corner.  Moreover, there’s not a stalker or a child abductor hanging out on every real world corner either. As she notes in the book, “the number of children abducted and killed by strangers [has held] pretty steady over the years — about 1 in 1.5 million. Put another way, the chances of any one American child being kidnapped and killed by a stranger are almost infinitesimally small: .00007 percent.” (p. 16)  And yet, parents today are practically paralyzed by the fear that if they let their kids out of their sight for even a millisecond, they will be snatched.

Skenazy blames sensationalized news coverage for much of this, and I tend to agree.  Even though there are many other tragic ways young kids die each year — and do so in far greater numbers — the media tends to focus on the freakishly rare missing child or abduction scenario until they have whipped up a full-blown public panic.  Incidentally, when those exceedingly rare abductions do take place, it is almost never at the hands of a complete stranger. Generally speaking, abductions by strangers “represent an extremely small portion of all missing children [cases].”  That conclusion was a central finding of the 2002 National Incidence Studies of Missing, Abducted, Runaway, and Thrownaway Children (NISMART), a study conducted by the Department of Justice’s Office of Juvenile Justice and Delinquency Prevention.  Instead, it’s known acquaintances and family members that represent the overwhelming portion of offenders. As psychologist Anna C. Salter, author of Predators: Pedophiles, Rapists, and Other Sex Offenders, points out, “[Sex offenders] are part of our communities, part of our network of friends, worse yet, sometimes part of our families.” Same goes for the abductions. In the vast majority of cases, it is relatives or parties close to the family (say, a disgruntled nanny) who snatches the child.  In other words, instead of being obsessed about letting your kids ride their bike around the neighborhood or play in the center of the mall, parents should be far more concerned with those they marry, date, or employ!!

In any event, read Lenore Skenazy’s Free-Range Kids.  It is beautifully written and immensely enjoyable. She is an insanely gifted writer that will keep you thinking and laughing at the same time.  That’s a rare gift, and her book is a much-needed gift to over-worried parents everywhere.  Read this book, stop worrying, and then tell you kid to go outside and play!

P.S. Quick closing rant… Can I just tell you how much I hate the scumbag trial lawyers who have made it impossible for my kids to experience the joys of diving boards at the local pool.  Steve Moore of The Wall Street Journal, who takes his kids to the same McLean pool my kids go to, explains how some greedy leeches lawyers have made it impossible for pools like ours to keep high-dive board around like we had growing up.  Maybe we should just ban pools altogether while we’re at it.  Fence-off all the lakes and streams, too.  After all, kids could drown!!

Incidentally, this reminds me of the most sensible thing every written about online child safety. In 2002, a blue-ribbon panel of experts was convened by the National Research Council of the National Academy of Sciences to study how best to protect children in our new, interactive, “always-on” multimedia world.  Under the leadership of former U.S. Attorney General Richard Thornburgh, the group produced a massive report that outlined a sweeping array of methods and technological controls for dealing with potentially objectionable media content or online dangers. Ultimately, however, the experts used a compelling metaphor to explain why education and sensible mentoring was the most important tool on which parents and policymakers should rely:

Technology-in the form of fences around pools, pool alarms, and locks-can help protect children from drowning in swimming pools. However, teaching a child to swim-and when to avoid pools-is a far safer approach than relying on locks, fences, and alarms to prevent him or her from drowning. Does this mean that parents should not buy fences, alarms, or locks? Of course not-because they do provide some benefit. But parents cannot rely exclusively on those devices to keep their children safe from drowning, and most parents recognize that a child who knows how to swim is less likely to be harmed than one who does not. Furthermore, teaching a child to swim and to exercise good judgment about bodies of water to avoid has applicability and relevance far beyond swimming pools-as any parent who takes a child to the beach can testify. (p. 187)

“A child who knows how to swim is less likely to be harmed than one who does not.”  We could apply that lesson to just about everything in this world.  Teach your children well, and then let them live and learn.  And swim!

This week, I have been up at Harvard University participating in another meeting of the Internet Safety Technical Task Force (ISTTF), of which I am a member. The ISTTF was organized earlier this year pursuant to an agreement between 49 state attorneys general (AGs) and social networking giant MySpace.com. A group of experts from academia, non-profit organizations, and industry were appointed to the Task Force, which is charged with evaluating the market for online child safety tools and methods and issuing a report on the matter to the AGs at the end of this year.  ISTTF members have been meeting privately and publicly in both Cambridge, MA and Washington, D.C. The Task Force has been very ably chaired by John Palfrey, co-director of Harvard’s Berkman Center for Internet & Society.

Although the ISTTF is looking at a wide variety of tools and methods associated with online child protection (ex: filters, monitoring tools, educational campaigns, etc.), many of the AGs who crafted the agreement with MySpace that led to the Task Force’s formation have made it clear that they are most interested in having the ISTTF evaluate age verification / online verification technologies.  In fact, at the start of this week’s session at Harvard Law School, AGs Martha Coakely of Massachusetts and Richard Blumenthal of Connecticut both spoke and made it abundantly clear they expect the Task Force to develop age and identify-verification tools for social networking sites (SNS). AG Blumenthal said we need to deal with “the dangers of anonymity” and repeated his standard line about online age verification: “If we can put a man on the moon, we can make the Internet safe.”  [Of course, putting a man on the moon took hundreds of billions of dollars and a decade to accomplish, but never mind that fact! Moreover, one could also argue that if we can put a man on the moon we can cure hunger, AIDS, and the common cold, but some things are obviously easier said than done. Finally, putting a man on the moon didn’t require all Americans or their kids to give up their anonymity or privacy rights in order to accomplish the feat!]

On many occasions here before, I have outlined various questions and reservations about proposals to mandate online age verification.  Last year, I also published a lengthy white paper on the issue and hosted a lively debate on Capitol Hill [transcript here] about this.  I also have discussed age verification in my book on parental controls and online child safety. [Braden Cox also talked about his experiences up at Harvard this week here, and CNet’s Chris Soghoian had a brutal assessment of this week’s proposals on his “Surveillance State” blog.]

In this essay, I will discuss the new fault lines in the debate over online age verification and outline where I think we are heading next on this front.  I will argue:

• There is now widespread understanding that it is extraordinarily difficult to verify the ages and identities of minors online using the methods we typically use to verify adults. Because of this, age verification proponents are increasingly proposing two alternative models of verifying kids before they go online or visit SNS…
• First, for those who continue to believe that we must do whatever we can to verify kids themselves, schools and school records are increasingly being viewed as the primary mechanism to facilitate that. This raises two serious questions: Do we want schools to serve as DMVs for our children? And, do we want more school records or information about our kids being accessed or put online?
• Second, for those who are uncomfortable with the idea of verifying kids or using schools, or school records, to accomplish that task, parental permission-based forms of authentication are becoming the preferred regulatory approach. Under this scheme, which might build upon the regulatory model found in the Children’s Online Privacy Protection Act of 1998 (COPPA), parents or guardians would be verified somehow and then would vouch for their children before they were allowed on a SNS, however defined.  But how do we establish a clear link between parents and kids?  And will parents be willing to surrender a great deal more information (about themselves and their kids) before their kids can go online? And, is it sensible to use a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents?
• It remains very unclear how either of those two verification methods would make children safer online. Indeed, that could actually make kids less safe by compromising their personal information and creating a false sense of security online for them and their parents.
• It is highly unlikely the Internet Safety Technical Task Force will be able to reach consensus on this complicated, controversial issue. A small camp will likely flock to the sort of proposals mentioned above. Another, larger camp (including me) will flock to education-based approaches to child safety as well increased reliance on other parental empowerment tools and strategies, industry self-regulatory efforts, social norms, and better intervention strategies for troubled youth. But the age verification debate will go on and, as was the case over the past two years, the legal battleground will be state capitals across America, with AGs likely pushing for age verification mandates regardless of what the Task Force concludes.

Continue reading if you are interested in the details.

How We Could Verify Kids, and Why We Should Not Do It

Let’s assume that we want to achieve AG Blumenthal’s “man-on-the-moon” dream of verifying all kids before they go online. How would we do it?  There are really only two solutions: (1) full-blown national ID cards for kids, or (2) tapping school records about kids to somehow age-verify kids (sort of a “National ID card-Lite” scheme).

National ID Cards for Kids

The first scheme is fairly straightforward, but incredibly frightening to those of us who care about civil liberties. Basically, government could demand that all minors be issued the equivalent of a domestic passport or a national ID card. After all, minors aged 14 to 17 are already required to obtain a passport before they travel overseas. Minors under 14 must have both parents or legal guardians appear together to vouch for the child when applying for a passport. Conceivably, government could simply extend this model to incorporate a domestic identification requirement. Once the youngster had been issued such a domestic passport, it could be requested by others — including social networking sites — as proof of age. Sites could cross-reference a government national ID database to verify identity.

Clearly, however, imposing such a solution domestically would raise serious privacy concerns because it would require the collection, retention and processing of sensitive information about children.  Adults are not required to carry such a domestic passport or national ID card, so why should children? Indeed, all the same privacy concerns related to national ID cards for adults would be amplified with children because, as a society, we generally take extra precautions to protect the privacy of minors and their personal information. And a national ID card for kids would need to include a great deal of information about themselves to allow the card to be used by third parties online as an age-verifying tool. Government would need to issue an age-verified identity, user name, and password to every child.

Particularly concerning is the fact that a national ID card for children would require the creation of more government databases and bureaucracy. The potential for “mission creep” then enters the picture in that more tracking of children by government (and others) becomes possible. What other uses might there be for such information? We don’t know, and we probably don’t want to find out.

The costs of setting up and enforcing such a system would be substantial and must also be considered. Although the cost of digital storage continues to fall, we’re talking about potentially massive digital databases here. But the more important cost factor is the human time and effort that would go into  collecting, processing, and organizing such records and databases.

For those reasons, a government-issued ID card or age verification scheme for kids is a nonstarter. It would raise grave privacy concerns, induce public paranoia, probably encourage a great deal of evasion, and require significant government expenditure to enforce. Moreover, a national ID card would do little to prevent youngsters from visiting offshore sites.

Using the Schools to Help Verify Kids

So, let’s work from the assumption that National ID cards for kids is not going to fly as an online identity authentication solution.  The only other realistic scheme would involve getting the schools involved in the process.  Why?  Because to paraphrase Willy Sutton: “That’s where the data is.”  Schools have more information about our children than probably every other institution or organization combined.  They have very detailed records about kids, their ages and much more, which makes schools a logical candidate for participation in a possible age verification system for minors.  But involving schools in any age verification scheme would raise serious privacy concerns and administrative problems.

Depending on how the scheme worked, the administrative burdens imposed on schools could be significant. Someone at each school would have to be in charge of answering phones calls and e-mails from potentially hundreds of website operators looking to age-verify minors. Who will be liable if things go wrong? The school? The school district? An employee in the school’s administrative department who accidentally releases thousands of digital records? And will schools receive the additional funding needed to administer whatever scheme is mandated?

Moreover, if schools are required to create more accessible databases containing personal information about minors, who else besides social networking websites would be given access? Data breaches would become a real concern for both students and schools alike. Such a scheme could run up against federal or state laws. For example, the Family Education Rights and Privacy Act of 1974 makes it illegal to release school records without written permission from parents. Both parents and government officials have long demanded that access to school records be tightly guarded because, as a society, we take the privacy of our children very seriously.

Thus, serious questions remain about the wisdom and practicality of roping the schools into the age verification process. Most schools and school districts are already over-burdened with federal and state mandates and probably wouldn’t like the sound of additional mandates of this variety.  But what if a technology vendor could serve as the middleman and facilitate the easy transfer of some basic data about kids from the school system in an effort to provide digital credentials? That’s probably where we are heading.  Even the most vociferous advocates of age verification for minors must realize how absolutely radioactive this issue could become since school records about our kids are in play here.  Identity theft concerns are already running at an all-time high in our country and the thought of being required to surrender more info about our kids in this environment is not going to go over well with many parents.

But, again, what if we could keep to a minimum the amount of data being transferred about the child to the vendor or the SNS?  Perhaps at the beginning of each school year when a minor is registering they could be given a “secure” digital token or ID number that only associated a grade year (i.e., “sophomore”) with their name, and little or no additional info was included in that token in order to minimize the threat of identity theft or privacy violations.  Of course, the fewer pieces of information contained in that token or credential, the less likely it will be a credible verification tool, or the more likely it is it will be easy to forge or defeat (especially by kids themselves).

Regardless, whether we like it or not — and I do not like it one bit — schools are now at the center of the online age verification debate. It will be very interesting to hear what the educational community itself has to say about this development going forward.  Incidentally, no one from the educational community was present at Harvard this week as these proposals were flying.  Something tells me that school administrators and educational officials aren’t going to look too kindly on proposals that would turn them into the equivalent of a DMV for kids.

How about Parental Permission Slips for Online Verification?

Another potential way to go about online verification is to avoid verifying the kids directly and instead just verify parents (or guardians) and then get them to vouch for their children.  Some age verification advocates are now calling for such parental consent-based forms of child verification.  Specifically, they are now attempting to drive regulation through the prism of the Children’s Online Privacy Protection Act (COPPA) of 1998.

By way of background, COPPA required websites that marketed to children under the age of 13 to get “verifiable parental consent” before allowing children access to their sites. Generally speaking, the goal was to make sure that such websites were not collecting personal information about children without getting parental permission. The Federal Trade Commission (FTC), which is responsible for enforcing COPPA, adopted a sliding scale approach to obtaining parental consent. The sliding scale approach allows website operators to use a mix of the methods to comply with the law, including print-and-fax forms, follow-up phone calls and e-mails, and credit card authorizations. The FTC also authorized four “safe harbor” programs operated by private companies that help website operators comply with COPPA.

In a February 2007 report to Congress about the status of the COPPA and its enforcement, the FTC said that no changes to COPPA were necessary at this time because it had “been effective in helping to protect the privacy and safety of young children online.” In discussing the effectiveness of the parental consent methods, however, the agency also said that “none of these mechanisms is foolproof” and that “age verification technologies have not kept pace with other developments, and are not currently available as a substitute for other screening mechanisms.” This seems to imply that the FTC does not regard COPPA’s parental consent methods as the equivalent of perfect age verification.

Nonetheless, what should be evident here is that COPPA’s parental consent framework could serve as a vehicle for pushing through greater regulation of all social networking sites, not just those sites geared toward kids under 13.   Indeed, we have already seen that proposed at the state level.  For example, in the debate that took place over age verification in the North Carolina statehouse last summer, a parental permission-based verification proposal supported by North Carolina Attorney General Roy Cooper was billed as a way to strengthen and expand the COPPA framework.  (Never mind the fact that COPPA is a federal statute, or that the state of North Carolina is likely barred from regulating Internet speech and commerce thanks to the First Amendment and the Commerce Clause of the Constitution!)

In other words, future age verification mandates could arrive in the form of COPPA amendments, or at least cite COPPA’s regulatory framework as precedent.  Specifically, the proposal would be to: (a) extend COPPA’s coverage to kids up to the age of 18 and then (b) broaden the range of SNS sites that are covered by its parental consent requirements.

There are many problems associated with such a proposal, and I will get to some of them in a moment. But here’s the more interesting question that few have asked: Is COPPA really working?  It is very much unclear to me that COPPA actually works as billed, but to the extent it does, it is likely because of the very limited scale and nature of the operations it covers.  As I have said in my past writing on the issue, there is a direct relationship between the size of a site and the likelihood of success in attempting to verify its users / members. Of course, that is hardly surprising.  But let’s get a little more concrete about why that is important.  Here are the two reasons that I believe the COPPA / parental consent regime has generally worked so far, or at least hasn’t failed miserably:

(1) Many smaller sites charge a fee for admission; and

(2) The functionality of those sites is usually tightly limited. They are closed, walled gardens.

Regarding the first point: Obviously, the more a site charges for access, the more likely it is that the parent / guardian pays attention to what their kid is doing.  Of course, that doesn’t mean a bad guy couldn’t still get into those “verified” environments under false pretenses.  And there’s the problem of minors with access to credit cards.  Moreover, even assuming credit cards worked as an age verification method, there is the more practical question of whether lawmakers have the guts to mandate that every social networking site in the land start charging admission for access.  Since almost all SNSs are free-of-charge today, that is not going to be a very popular mandate!

Nonetheless, for very small, niche-oriented social networking sites geared toward younger kids, credit cards and fees are part of the reason people think COPPA has “worked.”  In essence, it acts as a bit of a roadblock or hassle thrown in the way of access, and that gets parents thinking and talking to the kids about those sites. That is the argument put forward by Denise Tayloe of Privo, one of the four FTC-approved COPPA safe harbor providers.   Ironically, Tayloe has noted that one of the problems associated with the current COPPA regime is that “Children quickly learned to lie about their age in order to gain access to the interactive features on their favorite sites. As a result,” she notes, “databases have become tainted with inaccurate information and chaos seems to be king where COPPA is concerned,” she says.

Despite these problems, Tayloe argues that COPPA serves an important role.  Even though “there is no perfect solution” and it is not possible to completely “stop a child from lying and putting themselves at risk,” Tayloe believes that COPPA “provides a platform to educate parents and kids about privacy.”  Of course, providing a platform to educate parents and kids about online privacy or safety is very important, but it is not necessarily synonymous with strict age verification.  And we don’t really have any idea what level of parent-child interaction COPPA incentivizes.  More importantly, we don’t really have any good data regarding the accuracy of claims made pursuant to COPPA’s requirements regarding the relationship between parents and the kids seeking access to the site.  How many people (kids or adults) were able to gain access under false pretenses? We don’t know.

Nonetheless, the operating assumption here is that by creating an added economic hurdle or barrier to entry (in the form of the hassle of filling out paperwork or forms), COPPA gets some parents (perhaps most?) to put more thought into what their kids are doing online, and that somehow improves online safety in larger scheme of things.  The problem is that that does not necessarily mean that their kids are operating in perfectly “secure” or “verified” environments.  The danger is that – to the extent some “bad guys” are getting on those sites under false pretenses – kids and parents may fall prey to a false sense of security after they are told the site is COPPA-verified.  Of course, COPPA wasn’t put on the books to keep “bad guys” away from kids online; it was about keeping site operators from collecting personal information about kids.

The second reason COPPA has “worked” to a limited degree is that SNS sites geared toward younger kids tightly limit functionality.  In essence, the site administrators “cripple” the sort of functionality we find in SNS sites geared toward older kids.  That fact alone makes these sites far less likely to be subject to fraudulent entry or dangerous interactions.   If I am an older teen or a pervert, why would I ever want to gain access to a site that has nothing more than drop-down menus and a few buttons to click on when interacting with others?  Thus, the primary reason that kids are likely safer in those environments has almost nothing to do with COPPA’s parental consent mechanisms and almost everything to do with the fact that most of the sites it covers are tightly controlled walled gardens with very limited functionality.

With these facts in mind, let’s gets back to the ultimate question: What would happen if we tried to apply COPPA to all social networking sites for kids of all ages? The threshold question that would need to be answered remains the same as it does today: How do we verify the parent-child relationship when someone asserts they are the parent or guardian?  That’s a very thorny question.  But let me just list out the many other questions that everyone is overlooking here:

(1) What sort of mechanisms will need to be put in place to guarantee that the parent or guardian is who they claim to be (for both initial enrollment and subsequent visit authentication)?  Sign-and-fax forms can be easily forged, so credit cards (and perhaps mandatory user fees) will likely become the default solution. A third method, follow-up phone calls, just doesn’t seem practical.  But might lawmakers demand a mix of all of the above?

(2) Regardless, how burdensome will those mandates be for parents / guardians?

(3) And how burdensome will those mandates be for SNS site operators? What kind of compliance costs / legal penalties are we talking about?

(4) Will the barriers to site enrollment become economic in character such that it requires previously free social networking sites to charge admission?

(5) If so, could that be a disadvantage to low-income families / youth?

(6) If compliance costs go through the roof for SNS sites, will this be a recipe for massive industry consolidation in order to comply with the mandates?

(7) Who is collecting the massive databases of information created by such a mandate for all SNS? Who has access to that data? What might government use it for?

(8) Will this new regime be applicable to offshore sites? And will kids flock to offshore sites as a result of such mandates on domestic sites? If some do, how will we stop them?

And so on.  Bottom line: The future of age verification battles will likely be increasingly tied up with COPPA and the question of how well parental permission-based forms of authentication might work. It is unlikely, however, that such a framework could be easily applied on “Internet scale.”  There is a world of difference between something like Disney’s “Club Penguin” and MySpace, Xanga or Bebo.  And with social networking capabilities being integrated into every site and service these days — from CNN.com to Microsoft’s Xbox Live service — one wonders how that will magnify the compliance costs and hassles for all involved.  Are parents really going to be expected to verify themselves and then their kids for every “social networking site” their kids want to visit?  That seems unnecessary, unworkable, and potentially counter-productive.

Finally, the irony of a proposal to expand COPPA in this fashion is that lawmakers would be using a law that was meant to protect the privacy and personal information of children to potentially gather a great deal more information about them, and their parents!  It’s important we not overlook the privacy implications of any effort to expand COPPA to do something it was not originally intended to cover.

Conclusion

It will likely be very difficult for the Technical Task Force to reach consensus on these controversial and complicated issues.  There are many challenging technical, legal, and even philosophical issue in play here.  The problem is that this Task Force is charged with looking at technical solutions and yet most child safety advocates and academics on the Task Force are of the mind that technical solutions are only one part — and probably the smallest part — of the sort of “layered solution” to online child safety that I describe in my book on “Parental Controls and Online Child Protection.” As I argue in that book:

“the best answer to the problem of unwanted media exposure or contact with others is for parents to rely on a mix of technological controls, informal household media rules, and, most importantly, education and media literacy efforts.”

In sum, we need to get serious about talking to our kids about online safety and proper online behavior. Education is the key, and government has a major role to play in that regard in the classroom and through awareness-building efforts. And technical tools that empower parents to better monitor and guide their child’s online experiences can help too. Social networking sites and other online service providers can offer more of those tools and also take additional steps to improve the safety of their sites and encourage a dialog about appropriate and inappropriate online behavior. Again, it’s a multi-layered effort with education and communication at the core of the plan.

It’s not like I am saying anything new here. Indeed, that layered approach was the recommended approach of two previous online safety blue ribbon task force efforts: The 2000 COPA Commission and the 2002 National Academy of Sciences “Thornburgh Commission.” And every major book about online child safety published over the last 5 years has come to the same conclusion.

But that is not likely going to be enough for state attorneys general. There is no other way for me to state this than to just come right out and say it: The AGs are looking for a silver-bullet technical solution to a complex problem they do not fully understand.  And age verification schemes are the technical bullet du jour.

Alas, for all the reasons I have stated here and elsewhere, age verification schemes are likely to fail miserably.  Even if age verification systems worked as billed, it is unlikely that kids would really be any better off.  All the academic research in this field points to a single, inescapable conclusion: The primary danger to kids online is not adult predators, it is other kids.  In particular, it is peer-on-peer harassment and cyber-bullying.   As parents and a society, we have to do more — a lot more — to address that problem.

Age verification schemes, however, aren’t going to help us solve that problem.  Worse yet, by creating the illusion of safety, it could compromise our children’s privacy in the process and create a false sense of security when kids or their parents come to believe they are operating in “trusted” online environments.  For the sake of our children, it is essential we not fall prey to such a fatal conceit.