Global digital privacy
Online communication can connect and enrich people’s lives, but it is also being leveraged for malicious purposes. Bad actors can now reach a broader audience of potential victims, coordinate with others, share the most effective practices, and expand their illegal activities while being protected by a shield of online anonymity. The ability to scale harmful activities is as efficient as scaling community-building practices. The Internet has provided an environment for predators to thrive.
The challenge is to respect the rights of individuals while still allowing systematic controls to protect, dissuade and, when necessary, investigate for prosecution those who are purposefully undermining the safety of global citizens. Just as in the physical world, law enforcement is tasked with protecting people from criminals.
They require the ability to investigate crimes in a timely manner and identify suspects for prosecution. The right to privacy and the risk of being victimized are in conflict. Users, companies, and governments are intertwined and struggling to effectively understand and deal with legacy and evolving threats.
As this landscape is evolving, we wanted to start the conversation on what is the right balance of privacy and safety online.
A zero-sum game of privacy and safety
Currently, there is a perception of a zero-sum game for privacy and safety in the digital world. Expectations, regulations, and enforcement are fragmented, confusing, and inadequate. In 2009, the Child Online Protection Act (COPA) was overturned by the Supreme Court, finding that it violated first amendment rights.
The practical implications of this legislative change, coupled with Section 230 of the Communications Decency Act (CDA) of 1996, which holds that platforms are not responsible for what third-party publishers post on them, is that children are no longer protected from adult content by websites – the responsibility was transferred to their parents.
The Children’s Online Privacy Protection Act of 1998 (COPPA) is the current law that protects child data privacy online. It mandates that any company that has users under that age of 13 on their platforms must prove that the parents gave their permission (often accomplished by entering credit card information to prove identity) and can’t retain data from children under 13.
Many platforms avoid addressing these restrictions by stating no one under the age of 13 is allowed on their platforms, but they do not have practices in place for proof of identity to enforce them in a meaningful way. They usually use a “check the box if you are over 13“ honor system, so many children online end up lacking the privacy or safety protections that COPPA was meant to provide them.
Parents who are raising this generation of digital natives are digital immigrants themselves. They were young enough to adjust to the trends of social, mobile, and cloud; but they were mostly in their 20s when they gained access to it. This has left a significant knowledge gap in what cyberbullying, grooming, and sextortion tweens and teens experience.
This generation of teens is exhibiting the highest rates of mental health issues and suicides we have seen to date. This teen suicide trend is even more alarming when you factor in that, according to the Center for Disease Control, deaths from youth suicide are only part of the problem, because more young people survive suicide attempts than actually die.
Contributing author: Matthew Rosenquist, CISO, Eclipz.io.