The Children’s Online Privacy Protection Act became law in October 1998, and the Federal Trade Commission promulgated its rule concerning the law in the next couple of years. It has been 20 years of ups and downs for privacy protection for children’s data. There continue to be numerous privacy challenges for parents seeking to safeguard their children’s personal information.

As soon as they are born and are issued identification numbers, children face the risk of identity theft. Such thefts can be undetected for years, until a young adult has reason to use her Social Security Number for a loan or credit card. We have schools tracking children (and college students) with camera surveillance systems or RFID-enabled school uniforms or ID cards. Some schools started using biometric ID systems for students to pay for their lunches. There are concerns about tracking apps such as ClassDojo, which can be used by teachers and parents to monitor students’ progress.

The FTC marked the 20th anniversary by noting it has made changes to its Rule over the years: “by amending the Rule to address innovations that affect children’s privacy – social networking, online access via smartphone, and the availability of geolocation information, to name just a few. After hosting a national workshop and considering public comments, we announced changes to the Rule in 2013 that expanded the types of COPPA-covered information to include photos, video, or audio files that contain a child’s image or voice.” Read more »

Security in school has increasingly included surveillance of schools. Previously, we discussed some schools using RFID-enabled school uniforms or cards to track students. There’s also been discussion of the use of video surveillance systems, also called CCTV for closed-circuit television, in schools. As the installation of such surveillance systems in K-12 grades and colleges and universities became widespread, officials said the systems were for improved security and to be used by school security or police. But video surveillance has begun spreading beyond security in some schools.

Several years ago, ten schools in the United Kingdom began using facial-recognition camera surveillance systems to make sure students “have turned up, records whether they were on time or late and keeps an accurate roll call,” reported the Daily Mail. And earlier this year, India’s capital of Delhi announced that it “said CCTV will be installed in all government schools within three months” and “Parents in India’s capital will soon be able to watch their children in the classroom in real time, using a mobile phone app,” reported BBC News. (And several schools in India have used RFID technology to track students, including for attendance logs.)

But an even more intimate use of camera surveillance in classrooms is being used in China. People’s Daily Online reports:

The “intelligent classroom behavior management system” used at Hangzhou No. 11 High School incorporates a facial recognition camera that scans the classroom every 30 seconds. The camera is designed to log six types of behaviors by the students: reading, writing, hand raising, standing up, listening to the teacher, and leaning on the desk. It also records the facial expressions of the students and logs whether they look happy, upset, angry, fearful or disgusted.

Read more »

There has been an ongoing discussion about how privacy rights can be eroded because laws do not anticipate changing technology. The most prominent example is the Electronic Communications Privacy Act, which was passed in 1986 and remains mired in the technology of that time, which did not include cloud computing, location tracking via always-on mobile devices and other current technology that can reveal our most personal information. (The World Wide Web was invented three years later, in 1989.)

While ECPA includes protection for email and voicemail communications, the 180-day rule is archaic as applied to how the technology is used today. (The rule is: If the email or voicemail message is unopened and has been in storage for 180 days or less, the government must obtain a search warrant. If the message is opened or has been stored unopened for more than 180 days, the government can access your message via a special court order or subpoena.) Thirty-two years ago, people had to download their email to their computers; the download would trigger an automatic deletion of the content from the provider’s servers. The government could not subpoena an Internet Service Provider (ISP) for your email because it did not have them in 1986. Now, copies of your private email remain stored in the cloud for years by third-party service providers (Google, Facebook, Dropbox, etc.)

Privacy and civil liberty advocates have been trying for years to update ECPA. Last year, the U.S. House passed the Email Privacy Act, which would codify the rule set out in 2008’s Sixth Circuit case Warshak v. United States: The government must obtain a warrant before they could seek to compel an ISP or other service providers to hand over a person’s private messages. This year, the Email Privacy Act is part of the House version of the National Defense Authorization Act, a must-pass bill. But the Senate has its own version of the NDAA and it’s unknown whether the privacy legislation will be part of it. Read more »

Two Florida detectives tried to use a dead man’s fingerprints to unlock his phone, the Tampa Bay Times reported, and that act raised privacy questions.

Linus F. Phillip “was shot and killed [by a Largo, Fla., police officer] March 23 at a Wawa gas station after police said he tried to drive away when an officer was about to search him,” the Times reported. Later, two detectives came to the Sylvan Abbey Funeral Home in Clearwater with Phillip’s phone, according to Phillip’s fiancee, Victoria Armstrong. “They were taken to Phillip’s corpse. Then, they tried to unlock the phone by holding the body’s hands up to the phone’s fingerprint sensor,” the Times reported.

Phillip’s fiancee is upset. She was not notified that the detectives would be coming to the funeral home, and the police did not get a warrant for their actions.

Although the detectives’ actions have been criticized as unethical, they are legal because dead people have fewer rights than the living, especially concerning privacy and search and seizure. The courts have split on whether living defendants can be forced to use biometrics such as fingerprints or facial scans to unlock their mobile devices. (Another difference from the Phillips case is that these court cases involved warrants.) Read more »

International Data Privacy Day is Sunday. There are a variety of events occurring this week to celebrate. Visit the official site to find events near your area. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also donate to any number of organizations out there trying to protect your privacy rights.

Decades ago, China began a system of online surveillance and censorship that was nicknamed “the Great Firewall of China.” Now, that firewall is getting stronger, and there is also an increase in broader surveillance of the public, and the surveillance is becoming more focused, so a particular individual could be targeted.

China has long had a vast camera surveillance, or CCTV, system throughout the country and it includes face-recognition technology. In June, the Wall Street Journal reported that Industry researcher IHS Markit estimated “China has 176 million surveillance cameras in public and private hands, and it forecasts the nation will install about 450 million new ones by 2020. The U.S., by comparison, has about 50 million.” And the Chinese government is using pairing the CCTV surveillance systems with biometric technology “on streets, in subway stations, at airports and at border crossings in a vast experiment in social engineering. Their goal: to influence behavior and identify lawbreakers.”

The system is powerful. BBC News recently reported that, in a test, it took China’s surveillance system seven minutes to locate and apprehend one of its reporters. Notably, China’s CCTV system isn’t the only one to integrate face-recognition technology in order to better target individuals.  Read more »