December 2012

The Federal Trade Commission adopted final amendments to the Children’s Online Privacy Protection Rule that strengthen kids’ privacy protections and give parents greater control over the personal information that websites and online services may collect from children under 13.

The FTC initiated a review in 2010 to ensure that the COPPA Rule keeps up with evolving technology and changes in the way children use and access the Internet, including the increased use of mobile devices and social networking. The updates to the COPPA Rule reflect careful consideration of the entire record of the rulemaking, which included a public roundtable and several rounds of public comments sought by the agency.

The final amendments:

• modify the list of “personal information” that cannot be collected without parental notice and consent, clarifying that this category includes geolocation information, photographs, and videos;
• offer companies a streamlined, voluntary and transparent approval process for new ways of getting parental consent;
• close a loophole that allowed kid-directed apps and websites to permit third parties to collect personal information from children through plug-ins without parental notice and consent;
• extend coverage in some of those cases so that the third parties doing the additional collection also have to comply with COPPA;
• extend the COPPA Rule to cover persistent identifiers that can recognize users over time and across different websites or online services, such as IP addresses and mobile device IDs;
• strengthen data security protections by requiring that covered website operators and online service providers take reasonable steps to release children’s personal information only to companies that are capable of keeping it secure and confidential;
• require that covered website operators adopt reasonable procedures for data retention and deletion; and
• strengthen the FTC’s oversight of self-regulatory safe harbor programs.

Definitions

The Final Rule includes these modified definitions:

• The definition of an operator has been updated to make clear that the Rule covers a child-directed site or service that integrates outside services, such as plug-ins or advertising networks, that collect personal information from its visitors. This definition does not extend liability to platforms, such as Google Play or the App Store, when such platforms merely offer the public access to child-directed apps.
• The definition of a website or online service directed to children is expanded to include plug-ins or ad networks that have actual knowledge that they are collecting personal information through a child-directed website or online service. In addition, in contrast to sites and services whose primary target audience is children, and who must presume all users are children, sites and services that target children only as a secondary audience or to a lesser degree may differentiate among users, and will be required to provide notice and obtain parental consent only for those users who identify themselves as being younger than 13.
• The definition of personal information now also includes geolocation information, as well as photos, videos, and audio files that contain a child’s image or voice.
• The definition of personal information requiring parental notice and consent before collection now includes “persistent identifiers” that can be used to recognize users over time and across different websites or online services. However, no parental notice and consent is required when an operator collects a persistent identifier for the sole purpose of supporting the website or online service’s internal operations, such as contextual advertising, frequency capping, legal compliance, site analysis, and network communications. Without parental consent, such information may never be used or disclosed to contact a specific individual, including through behavioral advertising, to amass a profile on a specific individual, or for any other purpose. The final amended Rule also adds a process allowing industry to seek formal approval to add permitted activities to the definition of support for internal operations.
• The definition of collection of personal information has been changed so that operators may allow children to participate in interactive communities without parental consent, so long as the operators take reasonable measures to delete all or virtually all children’s personal information before it is made public.

Parental Notice
The amended Final Rule revises the parental notice provisions to help ensure that operators’ privacy policies, and the direct notices they must give parents before collecting children’s personal information, are concise and timely.

Parental Consent Mechanisms
The amendments add several new methods that operators can use to obtain verifiable parental consent: electronic scans of signed parental consent forms; video-conferencing; use of government-issued identification; and alternative payment systems, such as debit cards and electronic payment systems, provided they meet certain criteria.

The FTC considered numerous comments on the “sliding-scale mechanism of parental consent,” otherwise known as “email plus.” Under this method, operators that collect children’s personal information for internal use only may obtain verifiable parental consent with an e-mail from the parent, as long as the operator confirms consent by sending a delayed e-mail confirmation to the parent, or calling or sending a letter to the parent. After considering the comments on “email plus,” the FTC concluded that it remains a valued and cost-effective consent mechanism for certain operators. The Final Rule retains email plus as an acceptable consent method for operators that collect personal information only for internal use.

To encourage the development of new consent methods, the Commission establishes a voluntary 120-day notice and comment process so parties can seek approval of a particular consent method. Operators participating in a Commission-approved safe-harbor program may use any consent method approved by the program.

Confidentiality and Security Requirements
The amended Final Rule requires operators to take reasonable steps to make sure that children’s personal information is released only to service providers and third parties that are capable of maintaining the confidentiality, security, and integrity of such information, and who assure that they will do so. The Rule also requires operators to retain children’s personal information for only as long as is reasonably necessary, and to protect against unauthorized access or use while the information is being disposed of.

Safe Harbors
The FTC seeks to strengthen its oversight of the approved self-regulatory “safe harbor programs” by requiring them to audit their members and report annually to the Commission the aggregated results of those audits.

The Commission vote to issue the amended Final Rule was 3-1-1, with Commissioner J. Thomas Rosch abstaining. Commissioner Maureen Ohlhausen voted no and issued a dissenting statement on the ground that she believes a core provision of the amendments exceeds the scope of the authority granted by Congress in COPPA. She stated that, regardless of policy justifications, she cannot support extending COPPA’s statutory definition of “operator” to impose obligations on websites or online services that do not collect personal information from children or have access to or control of such information collected by a third-party.

The amendments to the Final Rule will go into effect on July 1, 2013.

U.S. Ambassador Terry Kramer said he was disappointed that a United Nations agency refused to sideline treaty proposals backed by Russia and China that threatened Internet freedom. "I can say, candidly, I was disappointed these issues weren't taken off the table," Ambassador Kramer said in his first public appearance since the U.N. telecommunications treaty conference ended.

The U.S. refused to sign the treaty, arguing that it included troublesome Internet-related provisions. Ambassador Kramer, who headed up the U.S. delegation during the conference, lamented the acrimonious outcome to the talks. "I very much believe that this kind of war-mongering conversation on the ITU is a very counterproductive exercise," Ambassador Kramer said at an Internet Society-hosted event at American University. "What should be the discussion is, how do you bolster multi-stakeholder governance? It is a positive message, but it's a pragmatic one." Ambassador Kramer said he hopes ITU Secretary-General Hamadoun Toure will resolve to keep the ITU's focus on telecommunications in the future, rather than expanding its attention to the Internet. "I think that if he's a forward-looking leader, he'll realize that the telecom charter is the right area and these other areas are going to get him nowhere in terms of broader support," he said. In the short-term, the U.S. needs to keep engaging other countries, particularly English-speaking African countries and nations in Latin America, in the discussion about Internet governance, he said. "They're listening, they want to have a dialogue," Ambassador Kramer said. "We need to be spending more time with those nations."

The Federal Communications Commission announced that savings from its comprehensive reform of its Lifeline program earlier this year reached nearly $214 million in 2012, surpassing the $200 million target the FCC set when it comprehensively reformed the program in January. The FCC also announced the selection of 14 pilot projects in 21 states and Puerto Rico that will field test approaches to using Lifeline to increase broadband adoption among low-income Americans.

Major savings are being realized by:

• Eliminating “Link Up” subsidies for new connections, which were acting as unnecessary “bounties” for new sign-ups. As a result, Link Up expenditures dropped from roughly $14 million in May – the final month Link Up payments were sent to providers -- to less than $200,000 in December. Link Up is still available in some Tribal areas.
• Requiring carriers to obtain proof of income eligibility from new subscribers. These changes took effect in June and were first reflected in August disbursements, which dropped by nearly $40 million in one month.

Clarifying that Lifeline subscriptions are limited to one per household, and scrubbing subscriber roles of duplicates. The FCC has reviewed over 12 million subscriber records and eliminated 1.1 million duplicate subscriptions, which will result in $128 million in annualized savings. The process of examining subscriber rolls state-by-state continues as the FCC develops a comprehensive database that will automatically check for duplicate subscriptions.
Requiring providers to verify the continued eligibility of their subscribers for Lifeline on annual basis.

Using $14 million in savings from reforms, the FCC’s Wireline Competition Bureau has chosen 14 high-quality pilot projects to advance broadband adoption through Lifeline. The projects will provide critical data and rigorous analysis regarding how Lifeline can efficiently and effectively increase broadband adoption and retention among low-income consumers. Located in 21 states and Puerto Rico, the pilots will also provide broadband for nearly 75,000 low-income consumers who now lack service. In order to rigorously test how best to use Lifeline to support broadband adoption, the pilots will gather
data and provide analysis on a wide a range of geographic, technological, and programmatic variables. Projects include five wireless broadband projects, seven wireline broadband projects, and two offering wireline or wireless technologies. Seven will test discounted service in rural areas, including two on Tribal lands, and seven will test discounted service in urban and suburban areas. Variables that will be experimentally tested include the use of digital literacy training, equipment types, subsidy levels, speed ranges, and usage limits. The Pilot Program will run for 18 months, beginning on Feb. 1, 2013. Winners have three months to set up the pilots, and must provide one year of subsidized service. The pilots must complete data collection and analysis in the final three months.

1. Frontier Communications Corporation (OH, WV)
2. Gila River Telecommunications, Inc. (AZ – Tribal)
3. Hopi Telecommunications, Inc. (AZ – Tribal)
4. National Telecommunications Cooperative Association (NTCA) Project (which includes the following carriers: Alpine Communications (IA); and Leaco Rural Telephone (NM))
5. Nexus Communications, Inc. (OH, MI, IA, NV, CA, LA, MS, NJ)
6. Partnership for a Connected Illinois Project (which includes the following carriers: Adams Telephone Cooperative; Cass Telephone Company; Harrisonville Telephone Company; Madison Telephone Company; Mid-Century Telephone Cooperative; Shawnee Telephone Company; and Wabash Telephone Cooperative (IL))
7. PR Wireless, Inc. (Puerto Rico)
8. Puerto Rico Telephone Company (Puerto Rico)
9. T-Mobile Puerto Rico LLC (Puerto Rico)
10. TracFone Wireless, Inc. project using smartphones (FL, MD, TX, WA, WI, MA)
11. Troy Cablevision, Inc. (AL)
12. Vermont Telephone Company, Inc. (VT)
13. Virgin Mobile USA, L.P. (MA, OH)
14. XChange Telecom Corp. (NY)

Federal Communications Commission Chairman Julius Genachowski celebrated the innovative achievements of technologists whose work in communication-related areas benefits people with disabilities, bestowing the second Awards for Advancement in Accessibility (Chairman's AAA).

The Chairman’s AAA, a project of the FCC’s Accessibility and Innovation Initiative (A&I Initiative), based on a recommendation of the FCC’s 2010 National Broadband Plan, recognizes outstanding private and public sector ventures in accessibility and innovation. The A&I Initiative seeks to facilitate dialogue among industry, assistive technology companies, app developers, government representatives, and consumers to allow stakeholders to share best practices and solutions for accessible communications technologies. Seven winners and two honorable mentions were recognized, chosen in six different categories: Consumer Empowerment Information; Mobile Applications; Civic Participation Solutions; Education: College or University; Video Programming; and Geo-Location Solutions.

• Consumer Empowerment Information -- Project StAR: Accessible Radio 2012/The Narrator: This AM/FM/HD radio follows the principle of universal design by providing simple, tactile controls that talk so that people who are blind or visually impaired can control the user interfaces on their radio. Neely Oplinger of Metropolitan Washington Ear, Mike Dahnert of Best Buy and Al Shuldiner of Ibiquity accepted the award.
• Mobile Applications -- WGBH National Center for Accessible Media: "Media Access Mobile": This mobile technology enhances the user experience for multimedia presentations at cultural institutions, museums, exhibits, or other venues by providing synchronized text for people who are deaf or hard of hearing and synchronized audio description for people who are blind or visually impaired. Larry Goldberg from the WGBH National Center for Accessible Media accepted the award.
• Civic Participation Solutions -- Prime III: A Universally Designed Voting Machine: This system allows people with visual, hearing, reading, or dexterity disabilities to privately and independently vote using the same voting machine as everyone else. Andrea Johnson from the Clemson University Human-Centered Computing Lab accepted the award.
• Education: College or University -- Project: Possibility SS12: Code for a Cause: This event educates computer science students about accessibility, making these students better equipped to develop accessible technology solutions for people with disabilities. Accepting the award: Sean Goggin from Project accepted the award.
• Video Programming -- Accessible Media Inc. (AMI), and Society of Motion Picture and Television Engineers (SMPTE): AMI’s Described Video Guide builds awareness about video description while providing an accessible, aggregate daily list of described video programming to enable individuals who are blind or visually impaired to plan their TV viewing. Robert Pearson and David Errington accepted the award for AMI. SMPTE’s 2052 suite of Standards and Recommended Practices for “SMPTE Timed Text” (SMPTE-TT) enable television content delivered over Internet protocol to retain closed captions for the deaf and hard of hearing communities. Robert Seidel accepted the award for SMPTE.
• Geo-Location Services -- Tiramisu Transit: This app, which intelligently crowd-sources information on bus schedules, timing, and space availability, was written to be compliant with accessibility guidelines of various platforms and is intended to benefit people with and without disabilities. Aaron Steinfeld of Tiramisu Transit accepted the award.

Honorable mentions went to: Google+ Hangouts and Virtual Braille Keyboard.