Go back to the top of this article and reread that transcript of Rep. Buddy Carter grilling TikTok CEO Shou Zi Chew. Now, Carter is a dunderhead, but he’s dunderheaded in a way that illuminates just how bad COPPA enforcement is, and has been, for 25 long years.
Carter thinks that TikTok is using biometric features to enforce COPPA. He imagines that TikTok is doing some kind of high-tech phrenology to make sure that every user is over 13 (“I find that [you aren’t capturing facial images] hard to believe. It is our understanding that they’re looking at the eyes. How do you determine what age they are then?”).
Chew corrects the Congressdunderhead from Georgia, explaining that TikTok uses “age-gating”: “when you ask the user what age they are.”
That is the industry-wide practice for enforcing COPPA: every user is presented with a tick-box that says “I am over 13.” If they tick that box, the company claims it has satisfied the requirement not to spy on kids.
But if COPPA were meaningfully enforced, companies would simply have to stop spying on everyone, because there are no efficient ways to verify the age of users at the scale needed for general operation of a website.
-How To Make a Child-Safe TikTok: Have you tried not spying on kids?
"Mr. Chew, if I plug my toaster into the wall, will it have access to my electricity?"
"Mr. Chew, what's your opinion on the laws of thermodynamics and do they prove God doesn't exist?"
"Mr. Chew, would it be a stretch for this congress to assume that you support eugenics?"
"Mr. Chew, if mankind develops the technology to travel to and colonize Mars by 2030, will you personally finance a twenty-team crew to fly to the planet and access the wifi there, and will you sell that data to China?"
"Mr. Chew, if I accidentally leave my phone at home while I'm at work, will your app sleep with my wife?"
Shou Chew, CEO of tiktok, getting “questioned” by congress is quite possibly the funniest thing I’ve seen in real time. It plays like a South Park episode.
In 1998, Congress passed the Children’s Online Privacy Protection Act (COPPA), which prohibits online service providers from collecting the data of children under the age of 13 without parental consent.
COPPA is remarkable, first because it is one of the very, very few federal privacy guarantees enacted by Congress, an exclusive club whose founding member is the Video Privacy Protection Act of 1988, passed by Members of Congress panicked at the thought of video-store clerks leaking their porn rental histories.
But the other remarkable thing about COPPA is how poorly it is enforced.
In this regard, COPPA is very similar to the General Data Protection Regulation (GDPR), the EU’s 2016 landmark privacy law. The GDPR has many more moving parts than COPPA, as befits a general data-protection regulation, but at core, the GDPR seeks to incinerate the absurd fiction at the root of commercial surveillance: namely, that we “consent” to commercial surveillance by clicking “I agree” on long, unreadable terms of service.
Under the GDPR, companies that want to collect, sell or process your data need to explain themselves, clearly: they have to tell you what they’re collecting and how they plan on using it.
-How To Make a Child-Safe TikTok: Have you tried not spying on kids?
Still tip-toeing in TikTok--and I may never get past that stage
Watching Thursday’s Congressional grilling of TikTok CEO Shou Chew left me convinced of two things: that I am glad not to work in comms for that social platform, and that I may never get the hang of that social platform.
My engagement so far with the ByteDance-owned app could make my apathetic Snapchat use look clingy. I put TikTok’s app on my iPad three and a half years ago, using Apple’s “Sign…
As Chew explained to Carter, the company can offer a broad range of services to its users “locally on your local device,” and the data needed to offer those services can be “deleted after the use.”
For example, TikTok could store the list of accounts you follow on your device (with an end-to-end encrypted backup on its servers so you can use multiple devices and recover your subscriptions when you lose or break your device). Your device could request those users’ latest posts from TikTok, without TikTok retaining a log of those requests after it fulfills them.
TikTok could suggest posts to you by having your device compile a list of keywords and other characteristics from the videos you interact with and then request more videos that match those criteria — again, without TikTok logging those requests on its central servers.
Doing so would limit TikTok’s profits —and that’s the point. COPPA weighs private profit against the public cost of data collection and processing and puts its thumb on the scale for the latter.
-How To Make a Child-Safe TikTok: Have you tried not spying on kids?