Mind Matters Natural and Artificial Intelligence News and Analysis
New Hacking Tactics
New Hacking Tactics . Pro Hacker In Front of His Computer.

Many Parents Ignore Risks of Posting Kids’ Data Online

The lifelong digital footprint, which starts before birth, makes identity theft much easier

If we live too long in a social media bubble, we may come to believe that we barely exist if we are not digitized and seen online. When we behave this way around children, the risks are real, whether we are aware of them or not. Take, for example, the recently discovered design flaw in Facebook’s Messenger app:

Facebook’s Messenger Kids app is built around a simple premise: children shouldn’t be able to talk to users who haven’t been approved by their parents. But a design flaw allowed users to sidestep that protection through the group chat system, allowing children to enter group chats with unapproved strangers. For the past week, Facebook has been quietly closing down those group chats and alerting users, but has not made any public statements disclosing the issue.

Russell Brandom, “Facebook design flaw let thousands of kids join chats with unauthorized users” at The Verge

The Verge got hold of the alert that Facebook sent to “thousands of users,” for whom it was doubtless a wakeup call. Brandom raises the question of whether the privacy glitch and the collection of data on children violated the Children’s Online Privacy Protection Act (COPPA). As it happens, some child privacy advocates are wondering about that very thing.

More people should be wondering about things like that. Last year, McAfee released the unsettling results of a survey commissioned from OnePoll of 1,000 parents of children ages 1 month to 16 years old in the U.S.:

As it turns out, most parents (58%) do not ask for permission from their children before posting images of them on social media. Of those parents who do not ask for permission, 22% think that their child is too young to provide permission, and another 19% claim that it’s their own choice, not their child’s choice.

However, almost three quarters (71%) of parents agree that the images they share online could end up in the wrong hands. According to these parents, the biggest concerns with sharing photos online include pedophilia (49%), stalking (48%), and kidnapping (45%). Other risks of sharing photos online may also be other children seeing the image and engaging in cyberbullying (31%), their child feeling embarrassed (30%), and their child feeling worried or anxious (23%).

Gary Davis, “Should You Post Pics of Your Kids? Insights From Our Age of Consent Survey” at McAfee Securing Tomorrow

Davis wonders why parents ignore risks that they acknowledge. One suggested answer is the “anxiety to be seen”:

It almost seems that the “temptation to share” drives away all fear. …

The world of online media has transformed each of us into a small broadcasting station. Every day we publish more and more content concerning our private life and those of our loved ones.

Cecilia Galatolo , “Children are not social media trophies” at MercatorNet

A technology commentator agrees that its time to stop kidding ourselves about all this “sharenting”:

A child or teenager’s digital footprint now starts before birth. From ultrasound photos and due date announcements posted to social media to the proliferation of smart toys, parents are revealing far more information than they realize about their children. Add in the increasing number of computers in the classroom and the amount of data collected by schools and there’s very little information about your child that’s truly private.

This technology coupled with parents’ behavior is increasingly putting children at risk for identity theft, humiliation, various privacy violations, future discrimination, and causing concern about developmental issues related to autonomy and consent.

Jessica Baron, “Posting About Your Kids Online Could Damage Their Futures” at Forbes

She cites a 2018 UK report, “Who Knows What About Me?”, which estimates that “by the age of 13, parents have posted roughly 1300 photos and videos of their children online.” And there they stay. Parents may assume that real harm is unlikely if they only share “within a group” but how many members of the group, present and future, do they know at all well?

Barclays Bank told the British Commissioner,

… there are three key pieces of information used in identity theft: a person’s name, date of birth and home address. These are often given directly by parents, or can be deduced from photos or updates on social media accounts – for example, a photograph of a child on their birthday with a location tagged might give all this personal information away.

With this information, criminals can make a start on accessing bank accounts or making credit applications. At our roundtable CCO heard reports of children’s data being stored until they turn 18, at which point fraudulent loans and credit card applications were made. Further information such as a mother’s maiden name, names of pets and names of schools might also be gathered through a parent’s social media account, making it even easier to commit fraud given that these details are often used as security questions. Barclays has forecast that by 2030 “sharenting” will account for two-thirds of identity fraud facing young people over 18 and will cost £667 million per year.

Anne Longfield, “Who knows what about me?” at Children’s Commissioner

These risks assumed by the parents are in addition to harder-to-avoid risks, such as the theft of data about a child from the education system, as the FBI warned last September:

The widespread collection of sensitive information by EdTech could present unique exploitation opportunities for criminals. For example, in late 2017, cyber actors exploited school information technology (IT) systems by hacking into multiple school district servers across the United States. They accessed student contact information, education plans, homework assignments, medical records, and counselor reports, and then used that information to contact, extort, and threaten students with physical violence and release of their personal information. The actors sent text messages to parents and local law enforcement, publicized students’ private information, posted student PII on social media, and stated how the release of such information could help child predators identify new targets. In response to the incidents, the Department of Education released a Cyber Advisory alert in October 2017 stating cyber criminals were targeting school districts with weak data security or well-known vulnerabilities to access sensitive data from student records to shame, bully, and threaten children.

Cybersecurity issues were discovered in 2017 for two large EdTech companies, resulting in public access to millions of students’ data. According to security researchers, one company exposed internal data by storing it on a public-facing server. The other company suffered a breach and student data was posted for sale on the Dark Web.

Public Service Announcement, “Education technologies: data collection and unsecured systems could pose risks to students” at Federal Bureau of Investigation

The FBI encourages parents to discuss the risks with local school districts and to insist on information about the school’s security programs.

People age but the past doesn’t change. So our data follow us through life. Keeping a child’s data out of the wrong hands is just part of good parenting today.

Here are several safety tips from various sources:

From McAfee: Think before you post. Before posting a picture on social media, ensure that there is nothing in the photo that could be used as an identifier like birthdates, visible home addresses, school uniforms, financial details or passwords in the photo. Parents should ask themselves if this is a photo that they would be ok with a stranger seeing.

Watch out for geotagging. Many social networks will tag a user’s location when a photo is uploaded. Parents should ensure this feature is turned off so as not to give away their current location. This is especially important when posting photos away from home.

From Jessica Baron at Forbes: Encourage schools to teach Internet safety and privacy. If educators and their administrators are going to utilize EdTech, they should also make time to teach students about the dangers of giving over private information. In the U.K., internet safety was made a mandatory part of the school curriculum in 2014, and it’s time for the U.S. to step up.

Demand that schools are transparent about the data collected by their technology and ask for parental approval before letting children sign in to machines and apps, as well as give guardians the opportunity to opt their children out of the use of this technology if they feel it’s not protecting their privacy.

From the FBI: Research school-related cyber breaches which can further inform families of student data vulnerabilities…

Conduct regular Internet searches of children’s information to help identify the exposure and spread of their information on the Internet.

Further reading on data privacy risks:

You Think You Have Nothing To Hide? Then why are Big Tech moguls making billions from what you and others tell them? (Russ White)

Is data privacy a luxury now? In an age of constant connectedness and digital monitoring, access to privacy is becoming the new digital divide. Can you afford it?

Why you can’t just ask social media to forget you While we now have a clear picture of the challenges current social media pose to peoples and cultures, what to do is unclear (Russ White)

Ad exec quit the industry over Big Tech’s relentless snooping He was shocked by the brazen attitude to the invasion of privacy

Mind Matters News

Breaking and noteworthy news from the exciting world of natural and artificial intelligence at MindMatters.ai.

Many Parents Ignore Risks of Posting Kids’ Data Online