To Whom It May Concern:
We are a group of five students currently attending Florida International University in Miami, Florida. We support the Children's Online Privacy Protection Act of 1998 and the sliding scale method that is used to obtain verifiable parental consent in order to collect personally identifiable information from children under 13. We feel that the current method of using an e-mail verification to obtain parental consent is more than adequate for the purpose of internal use by the website operator. However, we do believe the technology needed to increase the security of obtaining parental consent is already available for use.
We believe that the proposed rule to extend the time period in which website operators can use the sliding scale should be revised. Rather than extending the time period for two years, we believe the sliding scale mechanism should be kept in place. We believe that, for internal use, e-mail verification from the parent is adequate for obtaining parental consent. However, for third party use, digital signature technology should be implemented. Digital signature technology is available from at least one company, namely VeriSign, who claims that the "technology is mature and commercially available."
Michael S. Baum, Vice-President of VeriSign, Inc stated, "only digital signatures and supporting public key infrastructures can provide adequate and scalable security for information communicated over open systems such as the Internet, and in particular, are well-suited to support COPA age verification requirements. With few exceptions, only asymmetric cryptography (the technology upon which digital signatures are based) can provide strong support for non-repudiation.
Digital certificates are highly flexible cryptographic tools, uniquely suitable for satisfying COPA's requirements. For example, digital certificates can be issued to authenticate that an adult has attained the age of majority (or any other mandated age), to permit the adults access to designated web sites and information resources and to exclude children, or to permit a children's access to designated web sites and information resources, to maintain parental control over children's access, and to exclude adults or other designated classes of persons from specified websites and resources. "(1)
We believe that digital signature technology should be implemented on a voluntary basis simply for the purposes of speeding the verification process of parental consent for internal use. However for third party use, the use of such technology should be mandatory. We believe that VeriSign's digital signature technology will enable parents to give their consent much quicker and easier.
We contacted several major web sites that serve children as their target market. The operators of these web sites have a significant interest in the outcome of this proposed rule. We received the following reply from one web site operator, "The rules already cost many sites a good deal of money, [and] has caused sites to not offer email or chat anymore for children, etc. I think that level of info for a simple site mailing list really is sufficient, and that any additional impediments will just make it impossible for most children to do anything fun on the web."
Furthermore, parents are already inconvenienced by the measures that are currently in place to obtain their verifiable consent to collect their children's personally identifiable information. From a perspective of another stakeholder, "I believe sites should not misuse information from children, I also believe that giving parental permission should be as easy as possible….it took me a month and a half to get the permission slip mailed in to give them the ability to access some of the community features."
1. Quote taken from memo written by Michael S. Baum, Vice President of VeriSign Inc. to the Commision on Online Child Protection http://corporate.verisign.com/policy/resources/copa.html