Podcasting "How To Make a Child-Safe TikTok"
This week on my podcast, I read my recent Medium column, “How To Make a Child-Safe TikTok: Have you tried not spying on kids?” The column was inspired by one of the most bizarre exchanges during the Congressional grilling of TokTok CEO Shou Chew:
https://doctorow.medium.com/how-to-make-a-child-safe-tiktok-be08fbf94b0d
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2023/04/17/have-you-tried-not-spying/#coppa
If you heard anything about that hearing, it was likely this. Rep Buddy Carter, Republican of Georgia, demanded to know whether Tiktok used “the phone’s camera to determine whether the content that elicits a pupil dilation should be amplified by the algorithm?”
https://www.c-span.org/video/?526609-1/tiktok-ceo-testifies-house-energy-commerce-committee-hearing
Chew replied, “We do not collect body, face or voice data to identify our users. We do not.” Carter pressed him, asking “How do you determine what age they are then?”
Chew said, “We rely on age-gating as our key age assurance.” Carter assumed tuckercarlsonian expression of perplexity and asked for more information. Chew explained: “It’s when you ask the user what age they are.” Carter was clearly baffled by this.
Chew added, “this is a real challenge for our industry because privacy versus age assurance is a really big problem.” Carter interrupted him: “you keep talking about the industry, we’re talking about TikTok here.”
This was a remarkable exchange, even by the standards of Congressional hearings on technology, a genre that includes “a series of tubes,” “Senator, we run ads,” and “Will you commit to ending finsta?”
Chew was completely and terribly correct, of course. The way that the entire industry complies with COPPA — the law that prohibits data-gathering on under-13s without parental consent — is by asking every used to tick a box that says “I am over 13.” This is such an inadequate and laughable figleaf that the Congressdunderhead from Georgia can (possibly) be forgiven for assuming that “age verification” involved some kind of digital phrenology by way of facial scanning.
But beyond being yet another entry in the annals Congressional Pig-Ignorance On Tech, the exchange reveals a massive blind-spot about the entire business of kids’ privacy, and the legislative intention of COPPA, a law passed in 1998, before the age of ubiquitous commercial internet surveillance — but not before people understood that this would be an important subject.
One thing to note here is how rare COPPA is. The US has very near to zero federal privacy laws. There’s the Electronic Communications Privacy Act of 1986, which is about as up-to-date as you might imagine given that it was passed in 1986. Then there’s the Video Privacy Protection Act of 1988, which bans video-store clerks from revealing which porn you (or more to the point, Members of Congress) have rented.
And then there’s COPPA, which requires parental consent for data-gathering on pre-teens. And that’s basically…it.
COPPA’s got a checkered legislative history; a lot of the “parental consent” language is about ensuring that kids can’t get access reproductive health information and services, but as with any contentious piece of lawmaking, COPPA passed due to a coalition with different priorities, and part of that coalition just wanted to make sure that companies weren’t spying on kids.
Because — as both Buddy Carter and Shou Chew — can attest, it’s really hard to get parental consent at scale. Like, how do you even know if you’re talking to a kid’s parent or guardian if you’re not allowed to gather information on that kid? And how do you know if you’re talking to a kid or an adult when you gather any information, on any user?
Even if facial recognition technology had been widespread in 1986, I think we can all agree that Congress’s intent wasn’t to “protect kids’ privacy” by subjecting every child who used a computer to an invasive biometric scan. How could you comply with COPPA, then?
Well, one possibility is to never spy on users.
OK, not never. But only in very special circumstances — situations in which users would be willing to go through a reasonably thorough identification procedure. There are some situations in which it would be relatively straightforward to do this for parental consent, too: schools, pediatricians and libraries typically encounter children at the same time as their parents or guardians.
And for the rest of it, companies could just not spy.
The truly bizarre thing is how bizarre this suggestion comes across. It is essentially beyond the imagination of both Buddy Carter and Shou Chew that Tiktok could comply with COPPA by not gathering any user-data. After all COPPA, doesn’t prohibit providing web access to under-13s without parental consent — it prohibits spying on under-13s.
It’s not just Congressdunderheads and Tiktok CEOs who treat “don’t spy on under-13s” as a synonym for “don’t let under-13s use this service.” Every tech product designer and every general counsel at every tech company treats these two propositions as equivalent, because they are literally incapable of imagining a surveillance-free online service.
Which is funny, given another part of the Congressional interview. Chew says, “The only face data that you’ll get, that we collect is when you use the filters that put, say, sunglasses on your face, we need to know where your eyes are.” Carter interrupts him to say, “Why do you need to know where the eyes are if you’re not seeing if they’re dilated?” (my god this guy is horny for pupils).
Chew finishes, “and the data is stored locally on your local device and deleted after the use, if you use it for facial” (emphasis mine).
The Tiktok app could store the list of accounts you follow on your device, and send requests to the Tiktok servers for their updates, and the servers could fulfill those requests without logging them. Your device could analyze the videos you interact with and ask the Tiktok servers for suggestions based on those criteria — again, without Tiktok logging your info.
There’s no millennial prophet who came down off a mountain with two stone tablets circa 2002 and intoned, “Nerds of the world, thou shalt stop rotating thine logfiles, and lo! Thou shalt mine them for actionable market intelligence.” There is nothing intrinsic to the idea of letting people talk to each other, or search the web, or look at videos, that requires surveillance. The surveillance is a choice, which necessitated hundreds of billions of dollars in capital expenditures, and which should have been understood as illegal under COPPA.
But COPPA hasn’t been meaningfully enforced for a quarter of a century. That’s because the ad-tech industry mobilizes some of the hundreds of billions of dollars it gains through spying to block privacy law enforcement and the passage of any new privacy laws. David Cohen, CEO of the surveillance lobby group IEA, told his members, “Extremists are winning the battle for hearts and minds in Washington, D.C., and beyond. We cannot let that happen.”
His co-conspirators at the anti-privacy lobbying group Privacy For America (yes, really) told Congress that commercial surveillance saves every American $30,000/year — in other words, they value the data they steal from you every year at $30,000:
https://www.privacyforamerica.com/wp-content/uploads/2023/02/Privacy-for-America-Letter-in-Support-of-Preemptive-Comprehensive-Privacy-Legislation.pdf
But as Julia Angwin points out, this figure is as absurd as the name “Privacy for America.” The number is pure fiction:
https://www.pnas.org/doi/10.1073/pnas.1815663116#abstract
It doesn’t matter how much the data caught in the ad-tech industry’s nonconsensual harvest is worth — all that matters is that it produces the surplus needed to keep privacy law enforcement and expansion at bay.
Tiktok shouldn’t spy on our kids. Neither should anyone else. America doesn’t need a law banning Tiktok, it’s needs a law banning Tiktok’s surveillance — as well as the surveillance of all its rivals:
https://pluralistic.net/2023/03/30/tik-tok-tow/#good-politics-for-electoral-victories
Because the Chinese state doesn’t need Tiktok to spy on Americans. In the freewheeling, unregulated privacy “marketplace,” all that data is for sale — Chinese spies can just plunk down their credit-cards next to everyone else who buys our data and mobilizes it to compromise us, market to us, and stalk us.
Here’s the podcast episode:
https://craphound.com/news/2023/04/17/how-to-make-a-child-safe-tiktok/
And here’s a direct link to the MP3 (hosting courtesy of the Internet Archive; they’ll host your stuff for free, forever):
https://archive.org/download/Cory_Doctorow_Podcast_443/Cory_Doctorow_Podcast_443_-_How_To_Make_a_Child-Safe_TikTok.mp3
And here’s the direct RSS link for my podcast:
https://feeds.feedburner.com/doctorow_podcast
THIS IS THE LAST DAY for the Kickstarter campaign for the audiobook of my next novel, a post-cyberpunk anti-finance finance thriller about Silicon Valley scams called Red Team Blues. Amazon’s Audible refuses to carry my audiobooks because they’re DRM free, but crowdfunding makes them possible.
[Image ID: The exterior of a corporate office building, with the TikTok logo and wordmark over its revolving doors. From behind the revolving doors glares the hostile red eye of HAL9000 from Kubrick's '2001: A Space Odyssey." In front of the doors is a 'you must be this tall to ride' amusement-park cutout of a boy with a bow-tie, holding out his arm to indicate the minimum required height.]
40 notes
·
View notes