November 30, 2001
Re: Children's Online Privacy Protection Rule -- Comment, P994504
To the Secretary:
Pursuant to the Notice of Proposed Rulemaking ("NPRM") published in the Federal Register on October 31, 2001 (66 Fed. Reg. 54963) (to be codified at 16 CFR Part 312), I submit these comments on behalf of Aristotle International, Inc., ("Aristotle") regarding the Federal Trade Commission's proposal to amend its Children's Online Privacy Protection Rule ("the Rule") to extend the time period during which website operators may use an e-mail message from the parent, coupled with additional steps, to obtain "verifiable parental consent" for the collection of personal information from children for internal use by the website operator.
Aristotle provides online authentication services based on government-issued identification checks. The system developed by Aristotle is the type approved by the District Court for the Southern District of New York earlier this year in a case involving age authentication for online tobacco sales. That New York federal court identified an acceptable, readily available, bona fide age verification system for online tobacco sales as follows:
Aristotle is particularly concerned over the use of COPPA's "verifiable parental consent" terminology in connection with the credit card safe harbor. We believe that the term is unintentionally perverting and diluting genuine standards of online verification by suggesting that credit cards prove "verifiable" adult consent.
It is well known that credit card companies have, in the last several years, begun spending untold amounts of advertising dollars marketing credit and debit cards specifically to minors. For just one example, major branding campaigns are currently underway nationwide for the VISA BUXX card, the very purpose of which is to introduce minors to the use of credit cards.
The major card companies already expressly acknowledge that access to a credit card is not proof of majority. For example, the promotion for VISA BUXX states:
MasterCard also has acknowledged this same truism in Congressional testimony,(3) and American Express' Cobaltcard is expressly marketed to allow "young adults age 13 and over to build financial responsibility when they shop online and in stores".(4) Obviously, using a credit card cannot be an adequate age-verification standard for any purpose.
There is simply no longer anything presumptively "verifiable" or "parental" in the credit card safe harbor approved by COPPA. If the rule is to be extended, we urge that the Commission make clear that, due to the proliferation of youth-oriented credit cards in the last several years, the use of a credit card is no longer acceptable to the government as proof of adult status.
Thus we urge that the use of credit cards be expressly eliminated as a method of proving "parental consent". Reliance on credit cards for proof of adult status is inconsistent with the realities of the marketplace, and the sworn testimony provided to Congress by VISA.
Finally, any system that may increase the risk of credit card fraud should be considered highly suspect. As VISA also stated in Congressional testimony:
In today's marketplace, placing a government imprimatur on the use of a credit card as proof of adult status is both unfounded and illogical. Claiming that use of such card shows "verifiable parental consent" as a matter of law also undermines legitimate efforts to establish higher standards for online verification, and may inadvertently encourage criminal activity.
For these reasons Aristotle urges that the use of credit cards to prove verifiable parental consent not be carried forward in any extension of the Rule that may be approved.
J. Blair Richardson
1. Santa Fe Natural Tobacco Co. and Brown & Williamson Tobacco Corp. v. Spitzer and Pataki, 00 Civ. 7274, slip op. at 59-60 (S.D. N.Y. June 8, 2001).
3. "Access to a credit card or a debit card is not a good proxy for age. The mere fact that a person uses a credit card or a debit card in connection with a transaction does not mean that this person is an adultů. Thus, although [the Child Online Protection Act} assumes that only adults have access to a credit card or a debit card, it is important for the Commission to understand that this assumption is simply not true. As a result, the Commission may want to focus its attention on more suitable methods of verifying age."
Mark McCarthy, Visa VP for Public Policy, Congressional Testimony, June 9, 2000. See full text of testimony at www.copacommission.org/meetings/hearing1/maccarthy.test.pdf.
5. See testimony of Mark McCarthy, www.copacommission.org/meetings/hearing1/maccarthy.test.pdf, at page 3.