In the Matter Jest8 Limited Trading as Riyo's Application for Parental Consent Method, Project No. P-155405 #00004

Submission Number:
Kris Alman MD
Initiative Name:
In the Matter Jest8 Limited Trading as Riyo's Application for Parental Consent Method, Project No. P-155405
I oppose Riyo's request for FTC approval of visual scanning to comply with COPPA requirements of parental consent for online activity for kids 12 and under. This is another example of the "sharing" economy gone amok: Silicon Valley stretching its fingers far too deeply into our identity. A video describes "Face Match to Verified Photo Identification" ("FMVPI") technology showing the individual uploading a copy of his driver's license and confirming his likeness with a "selfie". Riyo holds an exclusive license to the underlying Jumio technology confirming photo identification. Jumio is backed by top tier investors including Andreessen Horowitz, Citi Ventures and Facebook Co-Founder Eduardo Saverin. The Department of Homeland Security recommends stricter handling of sensitive personally identifiable information (PII). The driver's license and biometric identifiers are stand-alone sensitive PII. There's increased risk to an individual if sensitive PII data are compromised. FMVPI poses a significant risk to parents. Jumio's technology uploads sensitive PII-something I am loath to support regardless of this company's promise of security and privacy. This year my husband was a victim of Premera's data breach; and I was a victim of the OPM data breach. My husband and I are victims of tax-related identity theft. So are two of my nieces. One had to wait nearly 18 months to get ~$8000 owed to her. Having experienced identity theft, I refuse to give my sensitive PII over the Internet, regardless of the testimonials supportive of this technology. Federal employees who are also victims (or know victims) of the OPM data breach should be equally wary of this technology. There is nothing on a driver's license that confirms the individual is the parent. That person could be an irresponsible or predatory uncle or neighbor. Further the real parent would have no control over the child's access to online services since successful completion of the FMVPI process gives the child carte blanche to all internet services. For example, a child could become a super cyber-bully with the WUT app for "anonymish, ephemeral messages to your Facebook friends." Apple must refund millions of dollars to consumers for allowing kids to purchase apps without their consent. Could this approval extend to online purchases as well? My children are now adults, but I have a cautionary tale. In 2011 my then 19 year-old daughter merely clicked a button for a "Google Offers" coupon (a beta product to compete with Groupon) and "paid" for a product without entering credit card information on a website promoting it. She was shocked and asked me how that could have happened. It took sleuth work to figure out that Google had stored my credit card information for a tennis tournament she had participated in 2010 and had applied her new charge to my stored credit card without my consent. I complained to the FTC and never heard back. There is nothing to stop Riyo from re-purposing PII. Nor is there anything stopping Google Ventures (or any other huge, profitable investors of companies that use PII for direct marketing) from investing in this company. Indeed, Google Ventures has already partnered with Andreessen Horowitz, one of the biggest technology venture capital firms in the world, to Invest In Google Glass Ecosystem. With lawsuits and massive data breaches that prove sensitive PII is already far too accessible for commercial misuse and theft, the FTC should do all it can to mitigate the furtherance--especially by Silicon Valley billionaires who mine our identity, privatizing profits and socializing risks. Please do not approve this technology.