Although any user can fall victim to any network threat, regardless of their age, children and teenagers are especially susceptible to dangers that threaten to take advantage of their innocence. Needless to say, the protection of youngsters on the internet is a real challenge.
At WeLiveSecurity, we have dealt with some of the main threats affecting chidlren and young people who use new technologies – mainly around the internet – such as grooming and cyberbullying. Despite a number of initiatives aimed at counteracting these type of threats/risks, we still have a long way to go before we will get to a safe digital environment.
The minimum age necessary to use internet services
One of the most important aspects we have to consider when it comes to safety is determining the right age (and the required age) for children to be able to start using all the various online services – such as social networks – especially seeing as some of the most popular tools were not developed with child users in mind (many require children to be at least 13 before they can sign up).
Other services, such as email, also prohibit children under the age of 13 from creating an account. However, in both cases we see that no mechanisms have been put in place to enable the user’s age to be verified, given that any date of birth can be used to fulfill the requirements. Additionally, the checks used can be easily sidestepped.
The main reason why children under 13 are not allowed to have an email address or a social network profile is the law protecting child privacy, commonly known as COPPA (Children’s Online Privacy Protection Act), which companies have to comply with.
When we are talking about the collection of personal data from children under the age of 13, this law grants control to the parents, while defining what websites and online services operators must do to protect online child privacy and safety. For example, companies that comply with the COPPA law must include certain clauses in their privacy policies and obtain the consent of parents to collect information on minors.
Additional restriction mechanisms for minors
Although this initial restriction can be dismissed as an effective measure to limit children from creating an email or social networking account, there are additional mechanisms which can prevent the minor from continuing to use any service. For example, Facebook has a form to report that a minor under the age of 13 is using the website.
In an exercise undertaken by the ESET Investigation Laboratory, we reported a minor’s profile to check whether this process actually works and to find out how effective it is. Despite sending off the information correctly, at the time of writing we have received no response to our report.
On top of this, the methods and criteria used to determine whether a profile actually is that of a minor are not specified, as it states that “If the reported child’s age is not reasonably verifiable as under 13, then we may not be able to take action on the account”.
This method may ultimately be somewhat ineffective, as the profile has to be checked, and the criteria used for this may be subjective in order to determine whether or not the profile should be blocked.
So what is the right age to use online services?
Although there is no conclusive response to this question, and it is ultimately difficult to answer, the reality is that minors cannot be denied access to technology. Children live and breathe this environment as “digital natives”. Excluding them from the digital world could prove to be a disadvantage for their development.
We are becoming increasingly dependent on technology and the trend is for us to be online more often than not, as well as interacting with new technological developments. So depriving children and young people from the benefits that technology has to offer would seem to be a backward step. We therefore need to ensure that minors are able to use online services under adequate supervision from their parents and teachers, further protected with the use of suitable safety tools, such as parental controls, as well as adherence to good practices.
There is a sizable set of efforts and initiatives that should be taken into consideration over the coming years if we want our children to be able to enjoy a safe digital environment. Why? Because although dangers do exist and will always be there, it is clear that protection is in the hands ofresponsible adults. It is their job to understand the threats that are there, and above all how to protect and care for children, while using technology responsibly and safely and with full awareness.
by Miguel Ángel Mendoza, ESET We Live Security