[House Hearing, 112 Congress]
[From the U.S. Government Publishing Office]
PROTECTING CHILDREN'S PRIVACY IN AN ELECTRONIC WORLD
=======================================================================
HEARING
BEFORE THE
SUBCOMMITTEE ON COMMERCE, MANUFACTURING, AND TRADE
OF THE
COMMITTEE ON ENERGY AND COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
FIRST SESSION
__________
OCTOBER 5, 2011
__________
Serial No. 112-91
Printed for the use of the Committee on Energy and Commerce
energycommerce.house.gov
----------
U.S. GOVERNMENT PRINTING OFFICE
74-138 PDF WASHINGTON : 2012
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON ENERGY AND COMMERCE
FRED UPTON, Michigan
Chairman
JOE BARTON, Texas HENRY A. WAXMAN, California
Chairman Emeritus Ranking Member
CLIFF STEARNS, Florida JOHN D. DINGELL, Michigan
ED WHITFIELD, Kentucky Chairman Emeritus
JOHN SHIMKUS, Illinois EDWARD J. MARKEY, Massachusetts
JOSEPH R. PITTS, Pennsylvania EDOLPHUS TOWNS, New York
MARY BONO MACK, California FRANK PALLONE, Jr., New Jersey
GREG WALDEN, Oregon BOBBY L. RUSH, Illinois
LEE TERRY, Nebraska ANNA G. ESHOO, California
MIKE ROGERS, Michigan ELIOT L. ENGEL, New York
SUE WILKINS MYRICK, North Carolina GENE GREEN, Texas
Vice Chairman DIANA DeGETTE, Colorado
JOHN SULLIVAN, Oklahoma LOIS CAPPS, California
TIM MURPHY, Pennsylvania MICHAEL F. DOYLE, Pennsylvania
MICHAEL C. BURGESS, Texas JANICE D. SCHAKOWSKY, Illinois
MARSHA BLACKBURN, Tennessee CHARLES A. GONZALEZ, Texas
BRIAN P. BILBRAY, California JAY INSLEE, Washington
CHARLES F. BASS, New Hampshire TAMMY BALDWIN, Wisconsin
PHIL GINGREY, Georgia MIKE ROSS, Arkansas
STEVE SCALISE, Louisiana JIM MATHESON, Utah
ROBERT E. LATTA, Ohio G.K. BUTTERFIELD, North Carolina
CATHY McMORRIS RODGERS, Washington JOHN BARROW, Georgia
GREGG HARPER, Mississippi DORIS O. MATSUI, California
LEONARD LANCE, New Jersey DONNA M. CHRISTENSEN, Virgin
BILL CASSIDY, Louisiana Islands
BRETT GUTHRIE, Kentucky KATHY CASTOR, Florida
PETE OLSON, Texas
DAVID B. McKINLEY, West Virginia
CORY GARDNER, Colorado
MIKE POMPEO, Kansas
ADAM KINZINGER, Illinois
H. MORGAN GRIFFITH, Virginia
_____
Subcommittee on Commerce, Manufacturing, and Trade
MARY BONO MACK, California
Chairman
MARSHA BLACKBURN, Tennessee G.K. BUTTERFIELD, North Carolina
Vice Chairman Ranking Member
CLIFF STEARNS, Florida CHARLES A. GONZALEZ, Texas
CHARLES F. BASS, New Hampshire JIM MATHESON, Utah
GREGG HARPER, Mississippi JOHN D. DINGELL, Michigan
LEONARD LANCE, New Jersey EDOLPHUS TOWNS, New York
BILL CASSIDY, Louisiana BOBBY L. RUSH, Illinois
BRETT GUTHRIE, Kentucky JANICE D. SCHAKOWSKY, Illinois
PETE OLSON, Texas MIKE ROSS, Arkansas
DAVID B. McKINLEY, West Virginia HENRY A. WAXMAN, California (ex
MIKE POMPEO, Kansas officio)
ADAM KINZINGER, Illinois
JOE BARTON, Texas
FRED UPTON, Michigan (ex officio)
(ii)
C O N T E N T S
----------
Page
Hon. Mary Bono Mack, a Representative in Congress from the State
of California, opening statement............................... 1
Prepared statement........................................... 4
Hon. G.K. Butterfield, a Representative in Congress from the
State of North Carolina, opening statement..................... 6
Hon. Joe Barton, a Representative in Congress from the State of
Texas, opening statement....................................... 7
Prepared statement........................................... 8
Hon. Pete Olson, a Representative in Congress from the State of
Texas, opening statement....................................... 10
Hon. Henry A. Waxman, a Representative in Congress from the State
of California, opening statement............................... 10
Prepared statement........................................... 12
Witnesses
Mary Koelbel Engle, Associate Director, Division of Advertising
Practices, Federal Trade Commission............................ 14
Prepared statement........................................... 17
Answers to submitted questions............................... 140
Hemanshu Nigam, Founder and Chief Executive Officer, SSP Blue.... 37
Prepared statement........................................... 39
Morgan Reed, Executive Director, Association for Competitive
Technology..................................................... 44
Prepared statement........................................... 46
Stephen Balkam, Chief Executive Officer, Family Online Safety
Institute...................................................... 58
Prepared statement........................................... 60
Answers to submitted questions............................... 143
Kathryn C. Montgomery, Director, Ph.D. Program, School of
Communication, American University............................. 72
Prepared statement........................................... 74
Alan Simpson, Vice President of Policy, Common Sense Media....... 95
Prepared statement........................................... 97
PROTECTING CHILDREN'S PRIVACY IN AN ELECTRONIC WORLD
----------
WEDNESDAY, OCTOBER 5, 2011
House of Representatives,
Subcommittee on Commerce, Manufacturing, and Trade,
Committee on Energy and Commerce,
Washington, DC.
The subcommittee met, pursuant to call, at 9:07 a.m., in
room 2123 of the Rayburn House Office Building, Hon. Mary Bono
Mack (chairman of the subcommittee) presiding.
Members present: Representatives Bono Mack, Blackburn,
Harper, Lance, Cassidy, Guthrie, Olson, McKinley, Kinzinger,
Barton, Butterfield, Markey, Matheson, Towns, and Waxman (ex
officio).
Staff present: Andy Duberstein, Assistant Press Secretary;
Kirby Howard, Legislative Clerk; Brian McCullough, Senior
Professional Staff Member, CMT; Jeff Mortier, Professional
Staff Member; Gib Mullan, Chief Counsel, CMT; Shannon Weinberg,
Counsel, CMT; Michelle Ash, Democratic Chief Counsel, CMT;
Felipe Mendoza, Democratic Counsel; and Will Wallace,
Democratic Policy Analyst.
Mrs. Bono Mack. The subcommittee will now come to order.
Good morning. When it comes to online privacy protection,
we have no more important job than to get it right for our
kids. Today, there are an estimated 50 million children across
the United States who are 13 years of age and younger. Our goal
is to make sure their experiences on the Internet are as safe
as possible and their privacy rights are fully protected.
And the Chair now recognizes herself for an opening
statement.
OPENING STATEMENT OF HON. MARY BONO MACK, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF CALIFORNIA
Whether they are surfing, studying, chatting, or playing
video games, kids today are spending more and more time online
taking advantage of the vast, richly diverse resources found on
the Internet. But as we know very well and sometimes painfully,
there can be a dark side to the Internet, too. The Children's
Online Privacy Protection Act was adopted by Congress in 1998
to help protect the privacy of our children. COPPA requires Web
sites and other online services to obtain parental consent
before collecting and sharing information from kids who are
under the age of 13. As a mother and as chairman of the
subcommittee, this is an issue that remains one of my top
priorities, as well as one of my big areas of concern.
For the most part, the FTC has done a great job of making
sure COPPA has worked well for our kids and their families, but
it is time to begin asking some important questions. Should
Congress revisit COPPA in light of the rapid technological
advances which have been made since its enactment more than a
decade ago? Is the current age threshold sufficient to protect
our kids or should it be raised? If it is raised, what are the
constitutional and technological implications? Is the COPPA
safe harbor regime an effective self-regulatory model and could
it be successfully utilized in other privacy contexts? And
finally, is the expansion of the definition of personal
information in the COPPA appropriate for use as a precedent in
the broader online privacy context.
Today, we will begin debating these and other issues with a
respected panel of experts. And one thing is very clear to me--
kids today are becoming more tech savvy at a younger and
younger age, but that exposure to exciting new sophisticated
devices and countless Web sites located around the world
doesn't necessarily mean that they are going to be able to have
any better judgment or make them any more aware of what dangers
might lurk online. That is why the FTC and parents everywhere
must continue to play a critically important role in
safeguarding the privacy of our children.
The purpose of this hearing is to take a close look at the
adequacy of existing protections and whether the FTC's proposed
changes to COPPA go too far, not far enough, or manage to
strike the appropriate balance. Having reviewed these changes
carefully, I think the FTC has, and as I often say, they have
hit the sweet spot.
One of the most significant changes involves revising the
definition of PII to include geolocation data and persistent
identifiers such as IP addresses or device serial numbers. A
second change to the existing COPPA Rule includes a new
provision to govern data retention and deletion of children's
PII, and it requires operators to delete information when it is
no longer needed to fulfill its original purpose.
Another proposed improvement to the COPPA Rule addresses
the growing unreliability of so-called ``email-plus'' by
eliminating it as a method of parental consent. And when it
comes to safe harbors, the FTC is proposing a new self-audit
requirement calling for information practices to be reviewed
annually. Additionally, all safe harbor programs would be
required to regularly submit to the FTC the results of their
annual member audits and any disciplinary actions imposed by
their members.
Clearly, Chairman Leibowitz and the rest of the FTC deserve
our thanks and our appreciation for conducting a careful,
thorough, and thoughtful review of COPPA leading to these
important recommended changes. While some privacy advocates
would like to raise the COPPA age threshold because of an
increasing use of social networking sites by teenagers such as
Facebook, Twitter, and Google Plus, I believe the FTC showed
commonsense restraint in taking a go-slow approach. The last
thing we want to do is to inhibit technological advances and
stifle growth of the Internet by moving forward in a new policy
area without a good, smart game plan in place.
I look forward to having this particular debate in the
months ahead as we continue our broader hearings on privacy. In
closing, I also want to stress the importance of parental
involvement in this process. It is not enough to simply check
the box and provide consent. I urge all parents everywhere to
regularly check out the Web sites that your kids are visiting,
carefully review their privacy policies, and finally, ask
questions. Make sure you clearly understand a site's practices
as well as its policies and give your kids a primer on the
dangers of online predators. Talk to them often and make them
more self-aware. It is critically important that all of us
continue to work together to keep the Internet as safe as
possible for all of our children.
And now, the gentleman from North Carolina, Mr.
Butterfield, the ranking member of the Subcommittee on
Commerce, Manufacturing, and Trade is now recognized for his 5
minutes for his opening statement.
[The prepared statement of Mrs. Bono Mack follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
OPENING STATEMENT OF HON. G.K. BUTTERFIELD, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF NORTH CAROLINA
Mr. Butterfield. I thank the chairman of this subcommittee
and all of the others who have worked so hard to make today's
hearing possible. Thank you very much because this certainly an
important subject. I also want to thank the witnesses for
coming forward today, and I look forward to each of your
testimonies.
The privacy of our children is paramount and is an issue
where we can show strong bipartisan support. Over 10 million
children access the Internet on a regular basis and it is our
job as policymakers to ensure that they are protected and their
personal information is safe.
In 1998, consumer use of the Internet was still in its
infancy. It had evolved from making about 2 percent of two-way
telecommunication traffic in 1990 to over 50 percent in the
year 2000. Understanding the enormity of the Internet and the
pervasive effect that it would ultimately have on our daily
lives, Congress passed the Children's Online Privacy Protection
Act. We refer to it as COPPA. In the year 2000, the FTC COPPA
Rule went into effect.
These days, homework often includes an online component.
You would also find it difficult to find a child of a certain
age who doesn't communicate with his or her peers over the
Internet in a chat room or instant messaging program. But the
majority of those Web sites children have to visit to complete
schoolwork or talk to their friends require some sort of
registration to use the site and service. Parents deserve to
know what kind of personal information is being collected on
their child and how it will be used. COPPA prohibits operators
of Web sites and online services directed at children under the
age of 13 from collecting personal information from them
without first getting verified parental consent.
I was curious as to why a parent would give consent to have
their children's information collected by an operator, and it
became clear to me that even free content on Web sites has a
cost. Children are avid consumers and represent a large and
powerful segment of the marketplace. They spend billions of
dollars a year themselves and influence others to spend
billions more. Advertisers see it as an enormous opportunity to
promote products and services to an eager and impressionable
audience.
The FTC's proposed revised COPPA Rule addresses a number of
concerns that have resulted from the technological advancements
of the past 5 years. Until recently, the term geolocation
didn't mean so much to the average person. Now, anyone with a
GPS-enabled phone can use certain online services to broadcast
their exact location to a couple of feet and anyone can see
their location. Geolocation, persistent identifiers, as well as
photos, videos, and audio of a child have been added to the
definition of personal information. Giving Web site operators
maximum latitude, the COPPA Rule requires that reasonable
procedures are in place to protect the confidentiality,
security, and integrity of personal information collected from
children while not mandating any specific procedures or
technology.
And to maximize protections for children, the FTC's
proposed rule will require that Web site operators keep
children's data for only as long as absolutely necessary and
that they ensure that their third-party vendors also protect
children's personal data.
Now, Madam Chairman, I listened very carefully to your
opening statement a moment ago and I agree with all that you
said. The proposed revised COPPA Rule is stronger and it will
better protect American children from their data falling into
the wrong hands. It seems to me that a lot of the rules should
be incorporated into the baseline privacy legislation that
protects everyone, regardless of age. Someone who is 12 today
and 13 tomorrow has the same privacy concerns as someone who is
18 today and 19 tomorrow. I hope that moving forward with
privacy legislation we can look to COPPA's revised rule and
apply the strong commonsense privacy protection measures to all
Americans.
Thank you very much. I look forward to your testimony.
Mrs. Bono Mack. I thank the gentlemen.
And the Chair now recognizes the chairman emeritus of the
full committee, Mr. Barton, for 1 \1/2\ minutes.
OPENING STATEMENT OF HON. JOE BARTON, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF TEXAS
Mr. Barton. Thank you, Madam Chairwoman. I sincerely
appreciate you holding this hearing. This is a very personal
issue with me. I have been involved with privacy for a number
of years and have a very special interest in children's privacy
because of my 6-year-old son and my five grandchildren.
When I grew up, Madam Chairwoman, I didn't even know what a
computer was. My son, though, my youngest son, 6-year-old son
probably spends at least an hour a day right now playing on the
computer both at school and at home. He knows better how to
click on things than I do quite frankly.
As cochairman of the Privacy Caucus along with Congressman
Ed Markey of this committee, I have served as a leading
advocate for online consumer protection. He and I together have
introduced H.R. 1895, the Do Not Track Kids Act of 2011. This
legislation does five things. It updates the Children's Online
Privacy Protection Act of 1998. It adds protections that
children or young teenagers ages 13 to 17; it prohibits
Internet companies from sending targeted advertising to
children and minors; prohibits Internet companies from
collecting personal and location information from anyone less
than 13 years of age without parental consent and anyone less
than 18 without individual consent; it would require Web site
operators to develop an eraser button to give children and
minors the ability to request a deletion of their personal
information that they do not wish to be available on the
Internet.
The issue of online privacy has become a hot topic due to
the rapid growth of the Internet. I hope that this hearing,
Madam Chairwoman, spotlights some of the issues and builds a
bipartisan consensus to do something about it such as move the
Kids Protection Act that I just mentioned. Thank you for my
time and I yield back.
[The prepared statement of Mr. Barton follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mrs. Bono Mack. I thank the gentleman.
The Chair now recognizes Mr. Olson from Texas for 1 minute.
OPENING STATEMENT OF HON. PETE OLSON, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF TEXAS
Mr. Olson. I thank the Chair for holding this important
hearing as we continue our discussions about online privacy
issues.
As a father of a 14-year-old daughter and 11-year-old son,
nothing is more important to me than keeping my kids safe. Kids
today, like mine, have access to new technologies that enable
them to get online instantly from almost anywhere and access
and share information. Congress recognized there was a need to
protect children's Internet privacy and enacted the Children's
Online Privacy Protection Act, COPPA, in 1998. As we examine
the FTC's proposed changes to the COPPA Rule, we need a clear
understanding of all the tools currently available to parents
to protect their children's privacy on the Internet before we
determine what changes are needed to COPPA. We cannot legislate
in search of a problem.
I thank the witnesses for being here and look forward to
the hearing. I yield back.
Mrs. Bono Mack. I thank the gentleman and now will
recognize the ranking member of the full committee, Mr. Waxman,
for 5 minutes for his opening statement.
OPENING STATEMENT OF HON. HENRY A. WAXMAN, A REPRESENTATIVE IN
CONGRESS FROM THE STATE OF CALIFORNIA
Mr. Waxman. Thank you, Madam Chair.
In 1998, thanks to the leadership of Representative Ed
Markey and Dr. Kathryn Montgomery, Congress passed and
President Clinton signed the Children's Online Privacy
Protection Act, and today, we are fortunate to have Dr.
Montgomery back before the committee to talk about this
landmark law and her recommendations for the future.
I am pleased that 11 years after enactment, your overall
assessment is that COPPA is a ``clear legislative success.''
COPPA has withstood the test of time, which is remarkable
because innovation occurs at warp speed online. One reason for
its success is that it was written to be flexible. The law
gives the Federal Trade Commission the authority and the
discretion to carry out several broad mandates aimed at
protecting young children from the unfair collection and use of
their information.
The last several years in particular have been a period of
rapid change in the delivery of online services. Young children
now have access to social networks, interactive gaming, and
apps on mobile devices that they carry with them everywhere
they go. The FTC is responding to these developments by using
its authority to update the COPPA Rule so that the law remains
an effective tool for protecting children's privacy and safety.
The updates to the COPPA Rule proposed by the FTC are
appropriate, reasonable, well -hought-out, and true to the
intent of the law. These changes will ensure that parents of
young children will remain in control of their information,
whether it be their precise location at any given time, their
photographic images, or a record of their online habits and
activities. That is consistent with the goal of the law--that
parents, not businesses, get to decide what information about
their children can and should be revealed online.
While the focus of this hearing is children's privacy, we
must not forget that adults need privacy protections, too.
People of all ages need more control over their information and
better privacy protection. I have said this before and I will
say it again. We should enact comprehensive privacy
legislation. Next week's privacy hearing will be our fourth
this year. There were six privacy hearings in the last
Congress. Each hearing has made me more and more convinced that
current law does not ensure proper privacy protections for
consumer information.
As we consider comprehensive legislation, there are some
clear lessons to be drawn from the 11 years of privacy
protection for young children under COPPA. First, it is
possible to provide consumers with real, enforceable online
privacy protections without killing innovation on the Internet;
and second, it is possible to craft legislation in such a way
that the direction from Congress is precise and clear, but the
authority of the agency is flexible enough to adapt to changes
in technology and changes in social expectations and behavior.
Those are valuable lessons. I hope they will be remembered when
hopefully comprehensive privacy legislation is considered by
this committee.
Thank you, Madam Chair, and I am going to yield back the
balance of my time.
[The prepared statement of Mr. Waxman follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mrs. Bono Mack. I thank the gentleman and I look forward to
our continued work together on privacy.
And now I would like to turn our attention to the panel. We
have just one panel of witnesses today joining us. Each of our
witnesses has, as usual, prepared an opening statement that
will be placed into the record. Each of you will have 5 minutes
to summarize the statement in your remarks.
On our panel we have Mary Koelbel Engle, Associate
Director, Division of Advertising Practices at the Federal
Trade Commission. Also testifying is Hemanshu Nigam, Founder
and Chief Executive Officer of SSP Blue. Next is Morgan Reed,
Executive Director, Association for Competitive Technology. Our
fourth witness is Stephen Balkam, Chief Executive Officer of
the Family Online Safety Institute. Our fifth witness is Dr.
Kathryn Montgomery, Director of the Ph.D. Program at the School
of Communication at the American University. And our final
witness is Alan Simpson with Common Sense Media.
Good morning and thank you all very much for coming. You
will each be recognized for 5 minutes. To help you keep track
of time, there are the lights in front of you as is standard.
You know what yellow, green, and red each mean. As it turns
yellow either hit the gas or slam on the brakes. You get to
decide. And please just make sure you turn on your microphone
before you begin. And Ms. Engle, you may start for your 5
minutes.
STATEMENTS OF MARY KOELBEL ENGLE, ASSOCIATE DIRECTOR, DIVISION
OF ADVERTISING PRACTICES, FEDERAL TRADE COMMISSION; HEMANSHU
NIGAM, FOUNDER AND CHIEF EXECUTIVE OFFICER, SSP BLUE; MORGAN
REED, EXECUTIVE DIRECTOR, ASSOCIATION FOR COMPETITIVE
TECHNOLOGY; STEPHEN BALKAM, CHIEF EXECUTIVE OFFICER, FAMILY
ONLINE SAFETY INSTITUTE; KATHRYN C. MONTGOMERY, DIRECTOR, PH.D.
PROGRAM, SCHOOL OF COMMUNICATION, AMERICAN UNIVERSITY; AND ALAN
SIMPSON, VICE PRESIDENT OF POLICY, COMMON SENSE MEDIA
STATEMENT OF MARY KOELBEL ENGLE
Ms. Engle. Good morning, Chairman Bono Mack, Ranking Member
Butterfield, and members of the subcommittee. My name is Mary
Engle, and I am the associate director for advertising
practices in the Bureau of Consumer Protection at the Federal
Trade Commission. I appreciate the opportunity to appear before
you today to discuss the Commission's enforcement and
administration of the Children's Online Privacy Protection
Act--or COPPA--Rule.
Congress enacted COPPA in 1998 to address the unique
privacy and safety risks created when young children under the
age of 13 access the Internet. The goals of the act were to
limit the online collection of personal information from
children without their parents' permission to protect
children's safety when they view and post information online
and to maintain the confidentiality and security of personal
information that is collected from children.
The Commission believes that COPPA has largely worked well
to fulfill these purposes and that even as online practices
evolve, the law remains important today. The Commission has
brought 17 actions to enforce COPPA since the COPPA Rule went
into effect garnering more than $16.2 million in civil
penalties. Our cases, which have been against both large,
established operators, and smaller or newer companies often
illustrate different core provisions of COPPA.
For example, as social networking Web sites exploded onto
the youth scene about 5 years ago, the Commission sought to
ensure that these sites understood their COPPA obligations. In
2006, the Commission obtained a then-record civil penalty of $1
million against Xanga.com, a popular social networking site
that allegedly improperly registered 1.7 million child users
without first obtaining their parents' permission. Since then,
the Commission has brought a steady stream of cases against
operators such as Sony BMG Music Entertaining, Iconix Brand
Group, and Playdom Incorporated, each of whom sought to engage
child users in the Web 2.0 world. The Commission's $3 million
civil penalty against Playdom set a new record for COPPA cases.
More recently, in the first COPPA case involving mobile
applications, the Commission charged mobile app developer W3
Innovations with violating COPPA by collecting and maintaining
personal information from thousands of children and allowing
them to publicly post personal information on in-app message
boards for their Dress-Up and Girl World games. This case,
which included a $50,000 civil penalty made clear that COPPA
reaches mobile online services and not just traditional online
services and Web sites.
Although law enforcement is a critical part of the
Commission's COPPA program, enforcement alone cannot accomplish
all of the agency's goals. The Commission also works to educate
businesses and consumers about their rights and
responsibilities under the law. The agency devotes significant
resources to assisting Web site operators with rule compliance,
regularly updating business education materials, and responding
to inquiries from operators and their counsel. The Commission's
consumer education materials, including our online safety
portal OnGuardOnline.gov, inform parents and children about the
Rule's protections and also provide them with general online
privacy and safety information.
To help ensure that COPPA continues to work well,
especially in the face of an explosion of children's mobile
devices and interactive online services, the Commission
initiated a review of the COPPA Rule last year. Drawing from
the expertise the agency has gained in enforcing and
administering COPPA over the years and after extensive
consideration of public input, last month, the Commission
proposed modifications to certain areas of the COPPA Rule.
While the Commission's testimony goes into these changes in
greater detail, among the proposed changes are updating the
Rule's definition of personal information to include
geolocation information and the use of persistent identifiers
to direct online behavioral advertising to children,
improvements to the notices that operators must use to inform
parents of the operator's information collection practices, the
addition of a number of permissible methods operators may use
to obtain parental consent, strengthening the Rule's data
security protections, ensuring of agency oversight of the COPPA
Safe Harbor Programs. The proposed changes are consistent with
the original mandates in the COPPA statute. The Commission will
take public comments on these proposals until November 28.
The Commission takes seriously the challenge to ensure that
COPPA continues to meet its originally stated goals even as
children's interactive media use moves at warp speed. Thank you
for this opportunity to discuss the Commission's COPPA program,
and I look forward to your questions.
[The prepared statement of Ms. Engle follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mrs. Bono Mack. Thank you very much, Ms. Engle.
Mr. Nigam, you are recognized for 5 minutes.
STATEMENT OF HEMANSHU NIGAM
Mr. Nigam. Chairman Bono Mack, Ranking Member Butterfield,
and members of the subcommittee, thank you for giving me the
opportunity to provide insight on best ways to protect
children's privacy in an electronic world.
I have been at the forefront of nearly every major aspect
of online and offline child safety for the past 20 years.
Today, I am the founder and CEO of SSP Blue, a safety,
security, and privacy strategic business consulting firm. My
company provides strategic guidance that promotes the
protection of consumers, especially children, encourages
corporate social responsibility, and develops partnerships with
law enforcement, government, and NGOs. Past and current clients
have included News Corporation, Microsoft, AT&T, Tagged,
Formspring, and others. To be clear, I do not speak on behalf
of any of our existing clients today.
Prior to SSP Blue, I served in leadership roles at News
Corporation, MySpace, Microsoft, and MPA from the time the
Internet was just a baby to the time that social media was
barely a toddler, and in each endeavor, I provided strategic
direction that put children's safety, security, and privacy at
the forefront of the business. I have also served as a federal
prosecutor against Internet crimes against children and
computer crimes at the Justice Department, an advisor to the
COPPA Commission, and advisor to the White House Committee on
Cyberstalking, and as a prosecutor against child molestation
and sex crimes in the L.A. County District Attorney's Office.
And so I speak to you from various perspectives in
government, in law enforcement, in private industry, and as a
father of four children ranging in age from 6 to 16.
The FTC has engaged in a meticulous and thoughtful process
in the review of the Child Online Privacy Protection Act and
should be congratulated. I also want to stress a concept that
is easily forgotten. The industry has an incentive to do the
right thing when it comes to protecting children's privacy
rights. Businesses lose when they violate a child's privacy
rights. Their brand reputation suffers, their consumer loyalty
drops, their friends in child advocacy groups disappear, and
most important, they lose the trust of the parents and
guardians who care for the very children that they cater to. In
essence, without doing the right thing, an online business
cannot succeed.
Within this context, I would like to propose this
subcommittee a framework on how we should approach whether and
what changes are needed in COPPA. Whenever we think of
protecting children, whether it is for their safety, security,
or privacy, our first inclination is to protect them from
anything that sounds bad instead of what is bad. Solutions
based on things that sound bad eventually will fail. In the
past 10 years, I have had the honor of advising the COPPA
Commission, sitting on the Berkman Center Internet Safety
Technical Taskforce, and co-chairing the federal Online Safety
Working Group. In each of these endeavors, we could have
responded to problems that sounded bad, and instead, we spent
the time finding the actual problems and then proposing the
necessary solutions.
While technologies have evolved since the advent of COPPA,
I urge you to consider whether an actual problem has been
clearly articulated that needs to be solved when looking at
each individual change that is being proposed. Next, consider
whether existing regulations can be used to respond to an
identified problem. Looking back on the FTC's COPPA enforcement
actions, it is clear that current regulations and rules have
been quite useful and effective. In fact, a great majority of
the industry does a tremendous job in working within the rules,
whether their product is directed at children under 13 or 13
and over. Even new companies know what is expected of them
before they enter the marketplace. Interestingly, companies are
finding it easier to provide services for the 13-plus as a much
better business model.
And so we must ask whether today there are other bad actors
the FTC finds it cannot enforce against as an evolving
landscape created gaps. In areas where existing regulations are
needed, we should then determine the best solution. Several
factors should be considered. What we must ask: 1) Would the
proposed change actually close an identified gap? 2) Would it
create technical implementation challenges? 3) Would it lead to
conflicted with other agency and department demands or
expectations such as conflict that arises between data
retention, data minimization, and data preservation? And 4)
Would it lead to unintended consequences such as creating
disincentives to providing a rich online experience for the
under-13?
If we utilize this framework when considering the changes,
I think we will be able to protect children's online privacy by
implementing solutions that work while the technology evolves.
And in closing, I want to stress that if we were to accept
the proposed changes in whole, we can expect an immediate
impact on the marketplace. Larger companies will adjust where
they can and simply shut down areas where there is simply too
much uncertainty. And smaller and newer companies will find
investors spooked by uncertainties. Such a multi-year cycle can
be avoided if you spend the time now to examine the proposal
within the framework that we are outlining and identify actual
problems, create effective solutions that can be readily
implemented by those already incentivized to do the right
thing.
Thank you, Chairman Bono Mack, Ranking Member Butterfield,
and members of the subcommittee, for giving me this opportunity
to address you on this important topic.
[The prepared statement of Mr. Nigam follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mrs. Bono Mack. Thank you very much.
Mr. Reed, you are recognized for 5 minutes.
STATEMENT OF MORGAN REED
Mr. Reed. Chairman Bono Mack, Congressman Butterfield,
thank you for holding this important hearing on children's
privacy, FTC, and COPPA regulations. My name is Morgan Reed and
I am with the Association for Competitive Technology, and we
represent the mobile apps developers. With more than 3,000
members spread throughout the United States and the world, our
folks are focused on doing all those cool apps you see on
television.
So during the past year, ACT has had a chance to reach out
to our developers and other developer organizations throughout
America to discuss privacy and the importance of privacy by
design. At a recent conference, I was scheduled to present on
privacy, but before I spoke, developers were given an
opportunity to talk about their business. Everyone got up and
said this is what they were excited about, this is the
direction their business was going, and as I heard all these
folks talk, I noticed at the end of their conversation always
concluded with two words. And these two words are two words we
don't hear much in the United States right now and they are
words that I think are absolutely critical to all of our
discussions going forward. Those two words--``We're hiring.''
And the good news is this wasn't just some random event
that I was at where it was a special enclave of jobs that no
one knows about. A recent study out of the University of
Maryland shows that Facebook apps alone have created 200,000
jobs. Our own internal studies show that 600,000 jobs have been
created, saved, or supplemented from the mobile apps economy.
And the good other part of this news is is that with all
deference to Chairman Bono Mack's great State of California, 88
percent are small businesses and over 70 percent are not in the
great State of California. So it is widespread, it is small,
and it is growing.
Now, besides creating jobs, developers as a community are
passionate about one other thing and that is privacy. And
education apps are particularly focused on privacy because the
vast majority of mobile apps are built by parents. Now, these
aren't folks who started their company looking to get rich;
they were looking to provide an interactive family experience
for their kids on this device that they brought home from work.
So they want to do good and that is why we are working with
organizations like PrivacyChoice.org to build privacy policy
generators so that they can easily become aware of and comply
with privacy regulations. But before we all get into the
specifics about Section 312.4 of the NPRM or what the meaning
of ``collect'' is, I thought I would take some time to discuss
the kinds of apps these small developers are creating.
For example, from your district we have Animal Apps and
Animal Pronunciations from Palm Springs. For Congressman
Butterfield's district, we have got We Pray, Pray With Me,
which is a special app for the iPad that allows grandparents to
record a prayer for their child so that if they are aware, if
they are out of state, if they can't see them, the child can
hear their voice. It is also used by parents that are deployed
overseas and folks who are just on business trips. What a great
app.
We have got from Congressman Waxman's district, we have got
3 Trees, which helps educate kids about water, sun, and air,
and the three elements that power the world. From Congressman
Lance's district, we have got Random Acts of Kindness, which
helps kids know about 300 different random acts of kindness
they can do, charities they can donate to, and inspiration for
goodwill. From Utah, we have Tap Fuse. They have got two great
apps--one that helps kids with the alphabet; another that they
are doing right now that is about anti-bullying. Congressman
Harper, Mississippi State currently offers field studies in
iPhone entrepreneurship at Mississippi State and right now you
have got one guy out of there who is still a freshman, his app
has already sold 20,000 copies and it is an education app for
kids in school.
Congressman Guthrie, we have got Oink-a-Saurus, which is a
great app. It is a piggy bank that helps kids learn about the
stock market and how they can save money. Congressman Olson, we
have got Music Master, high tech flashcards for practicing
reading music. In Maryland, we have got Pickpocket Books, which
was a company built by a woman literally a stay-at-home mom on
her couch who watched her child using the iPad and said, you
know, I would like to combine this technology with my child's
love of reading. Since then, she has built a micro empire of
more than 80 books on the iPad store that she has hired voice
actors, artists, and developers who have created interactive
applications that allow children to listen to the book, have
the book read to them, and read back and practice.
Now, my own daughter who is now 5-3/4 she reminds me likes
math apps from Montessorium from Sioux Falls, South Dakota. It
is a great app that combines the tactile Montessori Method of
teaching with the touch pad on an iPad screen.
Now, I know that some here will talk about those in the
tech industry or media in a way that implies the larger
faceless corporation. I love the FTC's testimony earlier but
she said we speak with the companies and their counsel. The
vast majority of companies that I have named have no in-house
counsel right now, and so for them this is a learning process.
Now, I want you to remember that the incredible innovation
happening today is not driven by faceless corporations but by
thousands of moms and dads working to build applications that
educate, motivate, and enrich their families. So let us make
sure that we don't mess up this as we work to achieve a better
online privacy protection.
Thank you for your time and I look forward to your
questions.
[The prepared statement of Mr. Reed follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mrs. Bono Mack. Thank you, Mr. Reed.
And just a side note, I appreciate the reference to
California and the earthquake damage, though, up there on the
wall is not my fault.
Mr. Reed. You are bringing good apps, just not earthquakes.
Mrs. Bono Mack. Mr. Balkam, you are recognized for 5
minutes.
STATEMENT OF STEPHEN BALKAM
Mr. Balkam. Thank you very much, Chairman and Ranking
Member Butterfield and members of the subcommittee. My name is
Stephen Balkam and I am the CEO of the Family Online Safety
Institute. It gives me great pleasure to testify before you
today at today's hearing.
We would like to applaud the chairman's leadership on these
issues. The series of hearings held by this subcommittee are a
prime example of an effective step that the government can take
to balance the promotion of technological innovation with the
need to keep children safe online.
FOSI is an international, non-profit membership
organization working to make the online world a safer and
healthier place for kids and their families, and we do this by
identifying and promoting the best practice, tools, and methods
in the field of online safety and privacy that also respect
free speech. Personally, I have had over 16 years experience
working in the Internet safety field and I am the proud father
of two daughters. The views expressed in both my written and
oral testimony are my own and do not necessarily reflect the
views of all the FOSI members.
So the online landscape for all users has certainly changed
in the past 11 years since COPPA was enacted, none more so than
for children. We need a more sophisticated approach that
empowers families to gain and maintain control of their digital
lives. Simply put, in order to encourage safe and responsible
online use, we need tools, rules, and schools: the technology
tools of filters and monitoring devices; balanced laws, terms
of use, and household rules; and education on good digital
citizenship, online safety, privacy and security.
At FOSI, we believe in building a culture of responsibility
to ensure that children have a safe and productive time on the
Internet. We support balanced government oversight of industry
self-regulatory efforts. This approach allows for maximum
innovation and creative solutions, as well as the potential for
enforcement actions and legislative intervention in the event
of industry non-compliance.
Parental empowerment is an important component of this
approach. Recent research commissioned by us and carried out by
the Hart Research showed that 93 percent of parents have set
rules or limits to monitor their children's online usage and 53
percent of parents have used parental controls. FOSI is working
with industry to promote increased awareness of parental
controls and education as to their use.
We commend Congress and the FTC for their work in providing
reasonable government oversight through COPPA and its
corresponding Rule, while encouraging self-regulation and
promoting parental empowerment and children's responsibility.
The FTC has continued to evaluate the effectiveness of the Rule
and propose revisions where necessary.
The planned revisions contain many positive aspects and
ideas relating to the definition of a child, the actual
knowledge standard, the expansion of parental consent
requirements and methods, as well as proposed revisions to the
safe harbor regime. We agree fully with the FTC's analysis that
the current Rule is broad enough to encompass the technological
advancements that have occurred in the past 11 years.
The COPPA statute defines child as ``an individual under
the age of 13,'' and we are pleased that the FTC has determined
that it remains the appropriate age. Changes to the statutory
definition could lead to a substantial increase in children
lying about their age, or for that matter parents lying about
their kids' age, and thus negate protections afforded to
younger kids through COPPA and specific Web site protections
for minors.
The FTC's enforcement mechanism foreseen in the original
Rule has provided a flexible and valuable tool that has allowed
the FTC to adapt to the changing technologies. Recent
enforcement actions which we just heard about against W3
Innovations, an app developer, show that the FTC was able to
use the Rule to ensure the compliance of a technology that was
not widely available when COPPA was enacted.
The FTC's review of the Rule, in conjunction with their
recent enforcement actions, demonstrates that no further action
on the part of Congress is required at this time. The current
system, with the FTC's proposed revisions, allows for privacy
protection as well as technological innovations. Furthermore,
attempts by Congress to pass legislation will almost certainly
be rendered inadequate within a few years by the innovation of
new methods of online interaction, sharing, and communication.
In my opinion, a positive step that Congress could take in
this sphere would be to increase funding for Internet safety
and privacy education in schools, as well as for research into
children's online behaviors and attitudes. This would allow for
all future legislative efforts to be founded on a factual
basis.
Finally, I believe that the best way to ensure that
children have productive, safe, and secure experiences on the
Internet is through awareness, education, and empowerment. I
would like to thank the subcommittee again for holding this
timely and important hearing. We believe that with reasonable
government oversight, the self-regulatory and multi-stakeholder
approach currently being championed in the United States--
although under attack in other parts of the world--can continue
to protect kids and their privacy on the Internet without
impeding technological innovation.
Thank you very much.
[The prepared statement of Mr. Balkam follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mrs. Bono Mack. Thank you.
Dr. Montgomery, you are recognized for 5 minutes.
STATEMENT OF KATHRYN C. MONTGOMERY
Ms. Montgomery. Thank you very much, Chairman Bono Mack,
Ranking Member Butterfield, and the other members of the
subcommittee. I really appreciate the opportunity to be here to
talk about children's privacy. It was during the 1990s in the
mid-1990s that I started investigating what was going on with
online children's Web sites, and I was very disturbed to find
that because of the increasing value of children as a target
market and their avid involvement with the Internet, companies
were setting up Web sites all over the web that had a business
model really based on taking a lot of personal information from
children and offering prizes and doing all kinds of things in
order to get children to give up personal information. One of
my favorites was the Batman site that said ``be a good citizen
of Gotham and fill out the census.'' And there were many, many
others like that.
And I did not hear when I went to industry meetings and
when I read all the cited coverage about all this any mention
of children's privacy, any concerns raised in the industry, and
that is why we went to the FTC. I was pleased that I was able
to work with both sides of the aisle in Congress, with the FTC,
with the Coalition of Child Health, and consumer groups, and
with industry stakeholders to craft a statute and a set of
regulations that would successfully balance our collective
interests in nurturing the growth of commerce on the Internet
while protecting the privacy of our children.
And because decades of research had already identified that
younger children had particular vulnerabilities to advertising,
one of the key goals of the law was to prevent online companies
from targeting individual children with marketing messages.
COPPA has served, as many people have observed here, as an
effective safeguard for young consumers under the age of 13,
and it sent a strong signal to the industry if you are going to
do business with our Nation's children, you will have to follow
some rules. And that was built into the system. As a result,
some of the most egregious data collection practices that would
have become state-of-the-art were curtailed.
Today, however, children are growing up in a ubiquitous 24/
7 digital media environment. The data collection practices that
we identified in the '90s have been eclipsed by a new
generation of tracking and targeting techniques. The
Commission's proposed rules for updated COPPA offer a careful,
well-researched, and sensible set of recommendations for
addressing many of these practices, and I want to briefly
highlight three of them.
The first, which others have mentioned is mobile and other
location devices. Roughly half of all children have mobile
phones now by the age of 11. You can ask any parent.
Advertising is growing on mobile technologies. Geolocation
makes it possible to target kids wherever they are. This raises
not only marketing abuse issues and privacy issues but also
safety issues. I think the agency has appropriately clarified
that COPPA should apply to mobile and other web-connected
location devices.
The second issue concerns this notion of what is personally
identifiable information. I was a participant in the 2010 June
roundtable at the FTC. I was quite taken with the amount of
consensus among a wide spectrum of participants that these days
there is really no longer a meaningful distinction between
personal information and such ``non-personal information'' as
persistent cookies and IP addresses. And the Wall Street
Journal did an investigation last year showing that a lot of
these things are being placed routinely on children's sites.
While the FTC proposed rules would then apply COPPA
safeguards to protect children from companies that want to use
the tools to behaviorally target individual children or to
create profiles or share the information, the rules are also
narrowly tailored so that they wouldn't interfere with what the
companies are doing in terms of their regular normal business
operations. And I think this kind of sensitivity is reflective
of how the FTC has done a good job here.
By the way, on mobile phones, I am disappointed about text
messaging. I hope we can talk about that because we know how
much kids are using texts.
And finally, I agree with the Commission that the mechanism
of parental verification that we created with COPPA is not
appropriate for teens. However, I do feel strongly that
adolescents can no longer be ignored in the public policy
debates over online privacy. We know they are being encouraged
to share a lot of information. They also do not know how all of
their data are tracked by all of these other kinds of
technologies that are now online. I hope the FTC will develop
some specific recommendations in its broader privacy agenda.
And the goal of any public policy on teen privacy should
balance the ability of young people to participate fully in the
digital media culture with the government and industry's
obligation to ensure that youth are not subjected to unfair
deceptive surveillance, data collection, or behavioral
profiling. The legislation offered by Representative Joe Barton
and Representative Ed Markey known as the Do Not Track Kids Act
of 2011 is based on these principles and it is to give teens
themselves the power to make their own decisions about their
privacy online. If we can build privacy principles into how our
online businesses engage with both children and adolescents, we
can help ensure that young people are treated fairly in the
digital marketplace and that they grow up with an understanding
of their rights and responsibilities as consumers.
Thank you.
[The prepared statement of Ms. Montgomery follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mrs. Bono Mack. Thank you.
Mr. Simpson, you are recognized for 5 minutes.
STATEMENT OF ALAN SIMPSON
Mr. Simpson. Good morning, Ms. Bono Mack, Ranking Member
Butterfield, and thank you to all the members of the
subcommittee for this important hearing. I am Alan Simpson. I
am with Common Sense Media, and I want to begin by outlining
that Common Sense Media works as a nonprofit, nonpartisan
organization dedicated to helping children and families thrive
in a world of media and technology. One way that we describe
our work is that we love media. We work with everyone to make
it better for kids. We admire and embrace many of the
innovations we have seen in this space in recent years, and we
believe that parents, educators, companies, and policymakers
all must play a central role in helping to protect children's
privacy in this rapidly changing electronic world. And we work
with each of these groups to improve the media lives and the
privacy opportunities of children.
The Federal Trade Commission's proposed rule revisions will
help keep COPPA up to date with this rapidly changing world.
They will improve protections for children's online privacy,
encourage parental involvement, and foster innovation in online
services for children, especially the innovations we most
need--innovations to protect children. The COPPA
recommendations will help hold the industry more accountable,
and most importantly, they will build on the fundamental
purpose of COPPA, which is bolstering the role of parents as
the informed gatekeepers in the lives of their young children.
This is not a question of whether kids will be online or
offline. We all know that kids are online and they will always
be online. It is most a question of who will be watching them
and who will be watching over them when they are online.
I would like to echo Dr. Montgomery's remarks about the
value of the FTC recommendations and emphasize most of all that
the FTC has struck a careful and reasonable balance between
maintaining the internal operations of online services and
protecting children from intensive tracking and behavioral
advertising.
The FTC proposals will be important steps for younger kids,
but teens still need protections and they need empowerment, and
the legislation Mr. Barton mentioned--H.R. 1895--will be a
strong baseline for those protections and that empowerment.
In my written remarks, I have outlined in more detail the
work that Common Sense Media is doing with parents and schools,
including dozens of articles that we have published in the last
year and a half around privacy and security. And many of those
parent tips that we published are among the most popular
resources on our site for parents.
We also work in more than 18,000 schools around the country
providing the education around smart, responsible use of media
and privacy and security are an essential part of that. But one
of the most important parts of this equation are the media and
technology companies themselves, and we feel they must do far
more to help parents and families protect children's online
privacy in part because they are in the best position to
develop better technology, better tools, and better information
for users. There have been positive steps in this area of late,
but on the whole, media and technology companies have not done
enough to provide better solutions for families. Parents need
the innovators to innovate to protect. In our experience, the
companies will, especially if they are encouraged by this
subcommittee and this Congress to do so.
Thank you.
[The prepared statement of Mr. Simpson follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Mrs. Bono Mack. Thank you, Mr. Simpson.
And I will recognize myself, then, for the first 5 minutes
of questions. And again, I thank you all very much for your
testimony.
And I would ask, Ms. Engle, can you elaborate on why the
Commission opted not to seek a change on the age threshold?
Ms. Engle. Yes. That was an issue that we considered very
carefully and we thought that Congress when it enacted the
statute and it also thought about that at the time and believed
that it reached the right result that under 13 is the right
cutoff. While any particular age cutoff is going to be somewhat
arbitrary and children do develop at different rates, the whole
idea behind and the way that COPPA works is for the child to
provide their parents' email address in order that the operator
may contact the parent to get permission to further interact
with the child. And the concern is that if you raise the age,
COPPA may not work well because older children may not provide
the parent's email address. They may provide their own or their
friend's or a sibling's. And that is true even more now than it
was earlier because it is very common now for children to have
their own email addresses or multiple email addresses or they
may simply lie about their age. And younger kids can do that as
well but it is less likely.
And finally, we have concerns about the constitutional
rights that courts have afforded to teenagers and whether that
might be unduly intrusive on the teenagers.
Mrs. Bono Mack. Thank you. And you mentioned the email-plus
rule. So the COPPA Rule allowed Web site operators to use a
low-cost email-plus approach in determining whether there has
been verifiable parental consent. And this was intended to be a
short-term option available only until the Commission
determined that more reliable consent methods had adequately
been developed. Has the Commission now made such a
determination and do sufficient substitutes for email-plus
currently exist? And if you disallow that mechanism
immediately, does that leave businesses in the lurch?
Ms. Engle. So the Commission, when it crafted the COPPA
Rule, decided to make a distinction between personal
information collected for a site's internal use and information
that is used publicly. That distinction is not in the statute
itself but the Commission decided that it made sense on a
temporary basis to make that distinction and allow a less
reliable method of obtaining consent called email-plus assuming
that more reliable methods, new technology would develop. That
turned out not to be the case. The Commission expanded allowing
that unreliable method a couple of times and then ultimately
made it go on indefinitely when no new technologies developed.
But having reconsidered it over the years, you know, we believe
that COPPA statute didn't make that distinction between
internal and external uses and that perhaps this unreliable but
easy method has actually deterred the development of
technologies that would allow a more reliable method.
So in its place we are proposing that companies can apply
to the Commission for a new method if we would place it on the
public record, get comment, and that would allow the Commission
the opportunity to really evaluate the method and determine
whether it is reliable and then essentially include it in the
Rule. It is true right now that the list of reliable methods is
not exclusive. Companies can use any method that is reasonably
designed to ensure that the person providing consent is the
child's parent, but what we heard is that companies prefer the
assurance that this is the method that essentially the
Commission has blessed. They want it listed. They don't want to
take the risk that the Commission may find it inadequate. So we
have proposed this new method to help provide that assurance.
Mrs. Bono Mack. Thank you. That is understandable.
And the FTC proposes to add factors to its ``totality
review'' of Web sites to determine if they are targeted to
children under 13--for instance, music and celebrities that
would appeal to children but many celebrities and a lot of
music content appeal to both 8-year-olds, 13-year-olds, and 49-
year-olds. Would that blur the age line and create confusion
for Web sites as to whether or not they would be considered a
COPPA operator?
Ms. Engle. No, I think that, you know, we are still
maintaining the same test basically. It is the totality of the
circumstances. We look at a number of factors to determine
whether a particular site is directed to kids under 13 and by
adding more factors, we are not changing the test. We are just
making it clear that these are factors that one can consider.
And yes, it is true that it is never, you know, will never be a
bright-line cutoff that no children under 13 would be
interested in an over-13 site and vice versa. But by adding
more factors, we are trying to make it more transparent to
operators the kinds of factors the Commission considers.
Mrs. Bono Mack. Thank you. And right on time.
The Chair will recognize Mr. Butterfield for 5 minutes.
Mr. Butterfield. Thank you.
There is a published study titled ``Always Connected: The
New Digital Media Habits of Young Children.'' I believe Dr.
Montgomery has referred to it from time to time. This study
published through the Sesame Workshop contains some interesting
findings about the digital media usage habits of white,
Hispanic, and African American children. In particular, while
the study points out that the digital divide remains, when
children of color do have access to digital media, they tend to
use it substantially more than white children. African American
children between ages 5 and 9 the report says spends 41 minutes
online per session. White children in that group spend 27
minutes online per session. Hispanic children between the ages
of 8 and 14 spend almost 2 hours online each day. That is 40
minutes more than white children. The study also points out
that children from low-income and ethnic minority homes are
less likely to have adult guidance when accessing the Internet.
As a result, they are spending more time on lower-quality Web
sites or on activities that won't help them develop school-
based skills.
And so, Dr. Montgomery, I would like to hear any thoughts
that you might have whether COPPA parental notice and consent
models work well for all children or if there are any changes
that could and should be made to account for the differences
that I have referenced.
Ms. Montgomery. Yes, thank you for asking that. I am
concerned about ethnic children as you point out and I am
actually looking at a lot of those issues in another context. I
am doing a project on food marketing and we are very concerned
that there are very aggressive techniques that are being used
to target particularly ethnic children who are at greater risk
for obesity as well. So this is a very complicated problem.
I think it is probably difficult to enact a law that can
address those specific needs around privacy. What we want to do
is to have a set of rules that work as best as they can for all
children with special sensitivities to children who are at
risk. And I think that the proposed changes in the guidelines
will do that, but it is going to be very important that
companies take these obligations very, very seriously. And
particularly, I think companies that are targeting that age
group ought to be encouraged to develop their own self-
regulatory mechanisms to work more effectively to ensure
children's privacy.
Mr. Butterfield. But you do agree this is an issue that we
need to be concerned about and address?
Ms. Montgomery. It is.
Mr. Butterfield. As best we can legislatively.
Ms. Montgomery. And not only that. Spanish language needs
to be looked at. I think that the Congress could do more to
look into these things. We haven't had enough examination of
these areas either.
Mr. Butterfield. Ms. Engle, has the Commission looked at
this issue in any respect?
Ms. Engle. The Commission has not received specific data
on--I mean we do have information on the greater use of
Internet technologies and mobile technologies certainly by
ethnic minorities for example. Whether there are additional
protections that are needed that come from that, we haven't
received information on that.
Mr. Butterfield. Do you agree with Dr. Montgomery that it
might be a little difficult to develop some type of regulatory
protections to protect against these, that ideally it is a
problem but developing protections might be challenging?
Ms. Engle. Yes, I agree with that.
Mr. Butterfield. All right. Can you help us out, Mr.
Simpson, with this, please?
Mr. Simpson. Well----
Ms. Montgomery. Can I add something?
Mr. Butterfield. Yes, sure.
Ms. Montgomery. Because I do think in one area that we
might want to think about changing some things because if we
look at the kinds of data that are collected, when racial data
are collected and children are then marketed to based on the
kind of profiling that can take place with that data, that I
think can be very problematic and can be very discriminatory
and I think that needs to be investigated.
Mr. Butterfield. All right. Mr. Simpson?
Mr. Simpson. The only thing I can really add, sir, is that
one of the concerns we see in the broader space around privacy
and other concerns that parents have around digital media is it
is, as the FCC's studies have shown, one of the reasons for
lack of adoption of broadband and digital media. We all see
great benefits for families and communities in broadband and
what it can bring to their communities, but if they are
reluctant because of what they see as the downsides--and lack
of privacy and security is certainly one of them, especially in
rural areas and among low-income communities.
Mr. Butterfield. Let me give my last 5 seconds to Mr. Reed.
Yes. Yes.
Mr. Reed. I want to be the guy with good news here. I am
sure that you have seen studies from Danah Boyd and more
importantly, we have worked with Dr. Nicol Turner-Lee at the
Joint Center and it turns out that mobile applications and the
mobile environment is something that actually is having an
impact in low-income and especially minority communities. And I
think as we talk about privacy and what the government can do
to shut down things and be careful about it, I think it is
really important that we allow some opportunity for these
things to flourish. Remember, mobile apps have only been in
existence since 2008 and what we have seen from Dr. Nicol
Turner-Lee's information and Dana Boyd is there is a huge
opportunity for us to reach people who have never had a PC in
their home through their mobile phone, but more importantly,
their mobile smartphone. So I think as you talk about what the
government can do and the ways it can play a role, we need to
make sure that the choices are there for them to have cool
things to do rather than just tell them how they can't do
things.
Mr. Butterfield. Thank you.
Mrs. Bono Mack. Thank you.
The Chair will recognize Mr. Barton for 5 minutes for
questioning.
Mr. Barton. Thank you, Madam Chairwoman.
I am going to ask my first question to the representative
of the Federal Trade Commission.
If you don't expand the protections of the law to 13- to
17-year-olds explicitly, how do we protect them? Because they
are not adults and while they are able to make some decisions
on their own, I do not know that they are fully capable of
making some of the decisions that would be required in this
area.
Ms. Engle. The Commission is considering the privacy
interests of teens in its broader review of privacy generally
and certainly we have considered that. Some of the ideas that
we have offered in that area, for example, very clear notice
about the kinds of information that is being collected and how
it is being used made at the point that the information is
collected as well as data security would also provide benefits
to teens. But the Commission at this time hasn't reached any
conclusions as to what additional privacy protections teens may
need.
Mr. Barton. So would it be safe to say that the provision
in the Barton Markey bill that gives these protections
explicitly to 13- to 17-year-olds, the FTC is not automatically
opposed to; you are just not totally supportive of? Is that a
fair statement?
Ms. Engle. The Commission hasn't taken a position on the
legislation yet, but I would say that we are definitely not
automatically opposed to it and we would be happy to work with
you on it.
Mr. Barton. In a similar vein, in the bill that Mr. Markey
and I have introduced, we explicitly cover mobile applications.
The proposed enhancements that you testified to in existing law
do not explicitly cover mobile applications. Are you opposed to
the provision in the Barton Markey bill that makes that
explicit or you just need to study that more also?
Ms. Engle. No, we are not opposed to it. In fact, we
believe COPPA already does cover mobile applications. We
interpret them to be online services already covered by the
Rule, and in fact we recently brought a case against a company
that was a mobile app provider on that basis.
Mr. Barton. See, my position is that more and more of our
teenagers and certainly even, sadly, children are getting
iPhones and iPads and you almost have to explicitly cover
mobile applications just because that is where the younger
generation is going. So, you know, they are not going to be
sitting behind a computer. They are going to be walking around
and doing stuff as they are out and about.
I want to ask Mr. Balkam, your institute has got a great-
sounding name. Who funds that? Who funds your institute?
Mr. Balkam. We have more than two dozen members mostly from
industry, so from AOL at one end of the alphabet to Yahoo at
the other.
Mr. Barton. And there is nothing wrong with that, but they
would be industries that try to make a profit--which again is a
good thing--by using the Internet and they would tend to want
to collect information about people on the Internet. Is that
not a fair statement?
Mr. Balkam. I think that is a very fair statement and I
also agree with my colleague Nigam's point that it would be
against their very own interest to, as it were, violate kids'
privacy in so doing because it would actually rebound against
them.
Mr. Barton. OK. Now, my understanding is that your
institute doesn't support the bill that Mr. Markey and I have
introduced, is that correct?
Mr. Balkam. That is correct. I particularly took notice of
the eraser button idea and particularly Congressman Markey's
own statements at an Internet privacy hearing in July when as
he was talking about kids posting stuff--particularly teens--I
will quote him, ``what were they thinking? It will want to be
the parents who will want to erase it. They have a right to do
so. I am not talking about Big Brother; I am talking about Big
Mother and Big Father.'' And so given that, while proponents of
the bill talk about giving kids and teenagers more control over
their privacy, what we see--and particularly let us think about
a 17-year-old who is already----
Mr. Barton. I want to ask you one more question. I am not
going to cut you off but I have only got 20 seconds so----
Mr. Balkam. We have serious concerns about parents taking
things off the Internet of their 17-year-olds and it is not as
simple as rubbing out like a piece of----
Mr. Barton. We can work on that. I want to get consensus on
one thing I think that your group can agree with me on. Do you
oppose the use of super cookies, your group?
Mr. Balkam. We think that it is something that deserves
considerable amount of attention and we are looking forward to
future hearings on that, yes.
Mr. Barton. OK. Well, for those of you that don't know, a
super cookie is something that is put on your IP address
without your permission and you cannot delete it. You don't
know about it. It can collect information--it can even collect
information on where you go on other sites and you don't know
anything about it and it can't be deleted. And I hope at some
point, Madam Chairwoman, that we will all agree legislatively
to ban super cookies. And with that, I would yield back.
Mrs. Bono Mack. I thank the gentleman.
The Chair recognizes Mr. Towns for 5 minutes.
Mr. Towns. Thank you very much, Madam Chair.
Mr. Simpson, in your testimony you emphasize companies can
play a more active role in protecting privacy and personal
information. In what ways can companies play a more active role
in protecting our privacy?
Mr. Simpson. Thank you, sir. I think most importantly I
would recognize there are quite a few companies that are doing
a better job of providing information, but I think the most
important change that companies need to make in this space,
companies large and small, is better opportunities on their own
platforms, on mobile apps, on all the devices that they provide
so that parents in the case of younger children and teens
themselves have more chance to understand what is going on;
what data is being collected; how they can opt out of it;
whether they should or shouldn't opt into it; and to keep that
information simple, accessible, and actionable. The big
challenge in this space right now is that it is very hard to
find out what is going on with my data when I use a given
device or platform. The easier they can make that, the more we
have parents who can make informed choices on behalf of young
kids and teens who can make informed choices on behalf of
themselves.
Mr. Towns. All right. Thank you very much.
Mr. Balkam, Family Online Safety Institute is your
operation, right?
Mr. Balkam. Um-hum.
Mr. Towns. All right, good. What do you think the FTC did
right in their proposed rule and what do you think is missing?
Mr. Balkam. Well, as I said in my own testimony, I think
they got the balance just right between protection on the one
hand while not squashing innovation on the other. I don't think
that there was anything that they left out. I mean it was quite
a thorough review. We are very impressed with the range in
their technical know-how about emerging technologies. So we are
pretty happy with it.
Mr. Towns. What about the definition of a child's age?
Mr. Balkam. We think that is appropriate. We certainly do
not advocate for it to be increased. As I was beginning to
explain in my last response, we have some serious concerns
about the older teens and whether or not they have some rights
of free speech themselves. We don't really see the need for
parents to come in and to take away their content as it were.
Mr. Towns. All right. Thank you very much.
Ms. Engle, you know, there has been some questions about
the response period and the notification and that people are
not informed. What methods and techniques do you use to solicit
responses?
Ms. Engle. Are you referring to comments on our proposals?
Mr. Towns. Yes.
Ms. Engle. Well, we have published it in the Federal
Register issued, of course, as we must with all proposed
rulemakings. We issued a press release, we have reached out
extensively, we have an extensive email list to privacy
advocates and people who have expressed interest in privacy,
you know, in COPPA over the years. We are doing a lot of
speaking. In fact, one of my colleagues is up in New York this
morning speaking to the Children's Advertising Review Unit
Conference on our proposal in COPPA.
Mr. Towns. And the reason I raise this issue is that many
members of the faith-based community are saying, look, nobody
talked to us. We are not aware of this. When did it happen? In
fact, they even blame me in many instances, you know, and that
is my problem.
Ms. Engle. Well, I know we have done outreach to faith-
based institutions in other areas, for example, in fraud
protection, and I think we can look into doing that here as
well.
Mr. Towns. Right, because these faith-based institutions
have what we refer to as national conferences and if you in
some way could arrange to get on their agenda, I think it would
be a great service to all of us because they have some input
there and I think that we should solicit it.
Yes, Mr. Reed?
Mr. Reed. I just wanted to add to that. I think you really
hit a key point, and Congressman Butterfield, the app that I
was talking about from your district, the author of that app
has raised concerns. This was the first she heard about it when
I contacted her through a group of developers. And she said
well, this app allows grandparents to contact kids. Do I need
to get parental explicit consent? How do I go about the
process? And so this entire process to her, while there are
rules and regulations, the publishing of something in the
Federal Register, having discussions with privacy advocates is
not necessarily the same as reaching out to the faith-based
communities. And specifically, the app in your district is
exactly the kind of app that Congressman Ed Towns has talked to
me about. And I am hoping that we can work with her to make
sure she understands the changes.
Mr. Towns. Thank you very much, Madam Chair. Yes, thank
you.
Mrs. Bono Mack. I thank the gentleman.
The Chair recognizes Mr. Harper for 5 minutes.
Mr. Harper. Thank you, Madam Chair.
And I certainly want to thank everyone for being here and
as a parent now to a 19-year-old and a 22-year-old that we
dealt with those issues and we had AOL and we used age-
appropriate email settings as they were growing up. You know, I
think there is a large responsibility for the parents
themselves to make sure that they are monitoring this and we
certainly want to have those tools available.
And this is just a curiosity question, Ms. Engle, on
violations that come to your attention that result in fines.
Just a general breakdown of the percentage that come from your
own search or investigation or policing, those that might come
from third-party organizations and those that perhaps are
reported by parents, can you give me just a general breakdown?
Ms. Engle. I would say probably most of the violations we
detect are from our own review. We do also get complaints and
things are brought to our attention by the COPPA Safe Harbor
Programs. They are a frequent source of complaints.
Mr. Harper. If I could just ask this sort of as a--you
know, we have heard a lot of different testimony here but just
at its most basic level, what is wrong with advertising to
children based on those likes or dislikes so long as the child
is anonymous?
Ms. Engle. So we think that the same privacy interests that
inspired Congress to enact COPPA in the first place, the idea
that at least with respect to children under the age of 13,
young children, that parents are the ones who should be in the
position of making the decision of permitting their children or
not to interact with a Web site. And it goes both ways, both in
terms of the Web site collecting personal information from the
child and also being able to contact a child individually. And
what we are seeing now and what is behind our proposal is that
with things like tracking cookies which are able to track
children across Web sites over time and direct ads based on
their web browsing activity, that that is a form of contact of
an individual that falls within COPPA.
Mr. Harper. OK, thank you.
Mr. Reed, I would like to ask you a few questions if I may.
And certainly I know your position in a statement on a Supreme
Court decision earlier this summer, Brown v. Entertainment
Merchants Association, 7-2 Supreme Court decision that dealt
with the sale of videogames to minors. Is there anything about
that case that correlates to this that you have seen?
Mr. Reed. Well, I think we have to step back and think to
ourselves, what are we trying to do? What are the goals we are
trying to achieve? I have an obvious bias. My goal is to make
sure that we have mobile apps developers able to create jobs
and specific applications that reach the right audience. And so
when you look at both the Supreme Court decision and where we
are heading both on this panel, I think it is pretty clear that
our industry is, to borrow a phrase that was used earlier,
putting the pedal to the metal and trying to get things into
the hands of as many people as possible. Therefore, we are
going to be enthusiastic and supportive of ways that allow
people to have access to our technology.
That said, just like with videogames, we are very sensitive
to the content question. There is a big difference between, as
we have discussed, and it is an interesting part about this
whole privacy regime, in interviewing parents prior to this
hearing and in other cases, when you ask them what do you think
when you see that ``only 13 and over'' in this location? The
vast majority actually think it is about content, not about
privacy. So I think that we have merged a lot of these privacy
questions with content questions in a way that I think we need
to pull back from. So when it comes to violent videogames, when
it comes to Supreme Court decision, we need to maybe separate a
little bit out on how we view the collection of information,
the content of information, and who the audience of those are.
Mr. Harper. And I know I am almost out of time. I want to
end with one last question, Mr. Reed, if I can. You know, you
had expressed some concern about the FTC's proposal to disallow
the email-plus system. And I would like for you to just speak
for the next 23 seconds on that.
Mr. Reed. I will make it really short. We are concerned
that the FTC's email-plus complete abandonment is a bit of a
Hail Mary. It is a well, we will get rid of this technology and
magically new technology will develop. Now, that might happen
but I think we are probably better off given just exactly how
nascent the mobile apps industry is and how we are quite
literally learning every day that I think we probably, if we
are going to do anything, it should be considered sunsetted or
given a longer time to stretch it out a little bit because I am
not sure in the mobile space people are exactly ready to just
magically create new technology out of next week. Remember,
most of these companies are small and they don't have staffs of
technologists ready to develop their own version of verifiable
parental consent. So there needs to be some industry
percolating and I believe there are other incentives that can
be used rather than just tossing it all out at once.
Mrs. Bono Mack. I thank the gentleman.
I now recognize Mr. Guthrie, also the home of Oink-a-
Saurus, for his 5 minutes.
Mr. Guthrie. Thank you very much. I have to figure out
where Oink-a-Saurus is so I have to----
Mr. Reed. I will send you a link.
Mr. Guthrie. Send a link. That would be great. Thanks a
lot.
To Mr. Nigam, in your testimony you said that we don't need
to be focusing on things that sound bad and focus on things
that are bad. What is an example of things that sound bad that
we have focused on that distracts us from----
Mr. Nigam. I mean I will go back more into the historical
Internet safety world. There was a time when anytime somebody
went online there was this fear that predators were going to
attack them and that sounded bad, and then once that happened,
there were tons of proposals on do A, B, C, D, and E to stop
that. But every time research was done, what ended up happening
was researchers showing around less than 1 percent or even less
than that there were actual issues with that as opposed to
issues with things like digital fingerprints that kids are
leaving online when they are going places and 10 years later it
is going to be haunting them when they are applying to college.
That is bad versus what sounded bad. So those are the kinds of
things that I am referring to when talking about that.
Mr. Guthrie. OK. And you mentioned that it would be against
the business model to abuse the information because obviously
people would quit going to that business if that is the issue,
but the FTC does find violations of it. Even though it would be
a bad business model to do it, people are doing it or have done
it, because from the FTC you do find violations of COPPA, I
think. So how do you explain that?
Mr. Nigam. I think that is a great question because if you
look in the last 11 years, there has been 17 actions, which to
me is amazingly small. And what you are finding if you go
through each of the 17 actions, for the majority of them what
you are going to find is companies who are unaware, didn't have
the resources, didn't have counsel advising them, hadn't done
the review when the developer was creating this great idea and
most of the time didn't even know they were doing what they
were found to be doing, which I think is very different than
saying there is a company who made an executive decision. We
know there is COPPA, let us see if we can get away with it, and
we will make $10 million by the time they figure it out, and we
will be disappearing after that.
Mr. Guthrie. So there are no kinds of cases of that like
you see in Medicare fraud or stuff like that?
Mr. Nigam. I haven't read every line of everyone, but I
would----
Mr. Guthrie. You know of no case that does that?
Mr. Nigam. If there is, I am not aware of it.
Mr. Guthrie. The typical violator would be someone who you
find are small businesses that just, ``Well, I didn't know I
was supposed to do that'' kind of thing?
Ms. Engle. No, actually many of our cases are again very
large companies--Sony BMG, Universal Music Group, Iconix, but
what we have found in those cases is they attempted to comply
with COPPA but didn't really follow through. So they may have
at the registration page asked for someone to enter their date
of birth and they intended that if the person entered an age
under 13, they would be kicked off. In fact, they weren't. And
then those kids were able to post information, et cetera.
Mr. Guthrie. OK.
Mr. Nigam. If I may.
Mr. Guthrie. Yes, go ahead.
Mr. Nigam. And having worked inside the companies with
developers, what you often find happening is legal counsel in
the large companies, most say here are the requirements.
Developers don't always understand that and there is where the
disconnect occurs. So when something is executed, you create a
new product, a new feature, it may be one of those left-behinds
or the right process wasn't in place, which is very different
than an intentional violation or attempt to collect information
from children that you know would violate their privacy rights
or violate COPPA for that matter.
Mr. Guthrie. Professor?
Ms. Montgomery. Yes, I just wanted to say that having
observed this all from the very beginning, if we hadn't
instituted COPPA, you would see a very different marketplace.
It is not a question of a business model not working. It
wouldn't work now because it is not legal to work in that way,
but it was heading in a direction that would have been
absolutely outrageous and we would all be very, very upset at
what we saw because data collection was built into the heart of
it. And that is also what is happening with teens and adults as
well. So that is why I think we need safeguards for everybody.
Mr. Guthrie. Thanks.
Mr. Nigam. And I do agree with what was just said in the
sense that the expectations have been established and it has
had a tremendous impact on the marketplace and the way it
exists today. And so when I am focusing on what do we do next,
that is when we have to look at each individual proposal and
say is it proposing to solve a problem that sounds bad or
actually is bad? Is there gaps? Are there things that can be
done and are there going to be unintended consequences? For
example, shutting off email plus is a great example of that.
Companies have been doing email plus with millions of users
for, say, 11 years or 10 years and all of a sudden that
function disappears? What do you do with that millions of users
on your site? How do you recreate the process? Are they
grandfathered in? Those are the questions that have to be asked
in that category of is there technical implementation concerns?
Will there be unintended consequences?
And I think that is why I wanted to focus more today on
providing a framework within which to look at it as opposed to
let us go line by line right now in this 2 hours that we have
and come up with the answers.
Mr. Guthrie. Thank you. I yield back. My time has expired.
I yield back.
Mrs. Bono Mack. I thank the gentleman and now recognize Mr.
Olson for 5 minutes.
Mr. Olson. I thank the Chair and I want to welcome the
witnesses. And thank you for coming here today and giving us
your time and your expertise.
And my question is for you, Director Engle. And you stated
in your written testimony that the Commission is not aware of
any operator directing online behavioral advertising to
children. However, the Commission is proposing adding to the
list of what constitutes ``personal information persistent
identifiers.'' For example, numbers held in cookies, user IDs,
IP addresses, as well as screen and user names. And you state
in your testimony that the effect of these additions would be
``to require parental notification and consent prior to
collection and use of persistent identifiers for purposes such
as behaviorally targeting advertising to children.''
My question for you, ma'am, is if the Commission isn't
aware of any online companies directing behavioral ads to kids,
then why does the FTC feel so strongly about wanting to change
the COPPA Rule to address this issue?
Ms. Engle. Our testimony is that no individual company has
admitted that they are behaviorally targeting children under
the age of 13, but there have been widespread reports in the
press, for example, Dr. Montgomery referred to the Wall Street
Journal article earlier that reported dozens and dozens of
tracking cookies placed on child-directed sites. So it appears
that the industry position has been that self-regulation is
sufficient here to address the problem or the issue but our
thought is that, I mean, what the regulatory principle says
that their members will not behaviorally advertise to children
under the 13 except in compliance with COPPA. And so that
actually doesn't say much because if COPPA doesn't cover it,
then they are free to do it. But the outward statement appears
to be that they won't do it. So we want to kind of close that
gap and require parental permission before that occurs.
Mr. Olson. OK. Mr. Simpson, it seemed like you had some
comments. Do you want to follow up on that at all, sir?
Mr. Simpson. I would echo those remarks and say that we are
seeing signs of what is increasing. We saw it in the Wall
Street Journal story, we see it in the increase in ID theft,
and we see it as a basic business principle of some of these
companies, as Dr. Montgomery talked about, the pattern of
advertising towards kids before COPPA was established. We also
need to keep an eye on what the pattern of valuation of
companies in Silicon Valley is right now and that is eyeballs.
Do they have people on their sites? None of these companies I
would suggest want to turn anyone away, and so their
opportunity to reach out to kids of any age is valuable to
them.
I respect what some of my colleagues have said about the
importance of corporate responsibility here, but I think they
are caught in a tension and they do want the biggest audience
they can get, whether that is an individual app or a large Web
site. So we see lots of signs of how much they are marketing
toward kids and targeting kids under 13 and over.
Mr. Olson. Yes, sir. OK.
One more question for you, Director Engle. For the 5 new
proposed rule changes to the COPPA Rule being put forth by the
FTC, has the Commission conducted any kind of economic impact
analysis on these proposals, and if not, will you?
Ms. Engle. We have certainly considered the cost as well as
the benefits that we hope to achieve by the rule changes, and
in our Federal Register Notice, we have estimated costs on
small businesses and we are specifically seeking comment on our
estimates. And if we are, you know, off on our estimates and
inaccurate, we certainly would like to hear from businesses
about that.
Mr. Olson. And Mr. Reed, you are representing the app world
so to speak and I want to say, by the way, while I was sitting
here I texted my 14-year-old daughter and told her I was with
the app guy and she basically said, Dad, can I get a job with
him in the future?
Mr. Reed. We are hiring.
Mr. Olson. Do you agree with that assessment? I mean the
small businesses that you represent be involved in the process?
Mr. Reed. I have found the FTC to be towards me--as a trade
association based in Washington, D.C.--very responsive. I think
that they lack the manpower and resources to really reach out
to a community that is now over 100,000 developers in the
larger picture and tens of thousands of developers in the
educational app space. So I think that I respectfully say that
we will be filing comments with the NPRM specifically about the
small business impact and we look forward to working with the
FTC to make sure their estimates are appropriate. I think that
as we think about all of this, we have to remember 2008 was
when we had our first app store. So we have had all of these
changes in business models, in technology, in capabilities in
24 months. So we are looking forward to working with the FTC,
and I think I am probably going to say that we are going to
estimate their cost up and encourage them to take a very
measured approach on the impact to small business.
Mr. Olson. Yes, sir?
Mr. Nigam. I just wanted to make a comment. Because of the
company that we have in terms of consulting with online
businesses, we spend countless hours talking about COPPA and
whether to choose even going under 13 and over 13 and the
eyeballs question comes up and the uniform reaction is eyeballs
that are good we want; eyeballs that are going to hurt us kill
our reputation, therefore kill our business. And I think that
is something we should keep in mind because that goes back to
companies being incentivized to find the right way to do the
right thing. Now, the challenge may be what is that right thing
because we can't understand what it means. That is a very
different question than whether you are motivated to even try.
Mr. Olson. Thank you, sir.
I am over time. I yield back.
Mrs. Bono Mack. I thank the gentleman.
And the Chair recognizes Dr. Cassidy for 5 minutes.
Mr. Cassidy. I got a 10-year-old, and she will take my
iPhone, go to my iTunes, and she will download Angry Birds.
``Dad, can I get Angry Birds?'' I never recall being asked if I
am over 13. I assume iTunes knows I am over 13. But as I listen
to you guys, I am suddenly realizing, man, how do you empower a
parent? It sounds so nice as rhetoric, but as a guy with a 10-
year-old who is always on my iPhone, I have no clue how I am
empowered. I am feeling very un-empowered.
Mr. Reed. I can help you with that.
Mr. Cassidy. Somebody empower me, buddy.
Mr. Reed. Within most of the devices, I am happy, you know,
I can grab a cup of coffee and I am happy to walk you through.
All of the devices now--some of them are better; some of them
are worse--have pretty granular and pretty incredible parental
restrictions that you can set up. On your iPhone, there is a
page that you can go to where you can say your daughter can't
download. You can set it up with its own password. You can----
Mr. Cassidy. OK. So my daughter downloads. My son who is
17----
Mr. Reed. Right.
Mr. Cassidy. Vim and vigor, full of himself. Downloads
something but my 13-year-old uses it.
Mr. Reed. Right.
Mr. Cassidy. Or if I go to my desktop, my 84-year-old
mother who moves in with us is on the computer, my wife is, and
then my daughter. So the super cookie has a place for my mother
but it tracks all the way through three generations. Now, it
seems like, unless somebody is logging off, which we don't do--
we reboot it--whether there is COPPA or not, it is going to be
tracking whoever is on that computer, correct?
Mr. Reed. That is correct. I would of course recommend that
you get more mobile devices for your household. That is the
clear solution here.
Mr. Cassidy. Well, we are going that way.
Mr. Reed. Get more.
Mr. Cassidy. Yes.
Mr. Reed. But yes, you are right.
Mr. Nigam. Oftentimes I talk about how people distinguish
between the online and the offline, but when you actually step
back and say as a parent, how would I handle this situation if
it was in the physical world? I think those same kinds of
conversations need to apply, which means a conversation--and I
have an 11-year-old--of you are not allowed to do this but your
16-year-old brother is. That is part one. Part two----
Mr. Cassidy. That assumes--think about a television. You
walk by, you see the program, you have a sense of the content
over a 30-minute show. You can have an entree into an online
and then that entree takes you someplace far different. So the
parent downloads it looks pretty benign, and next thing I know
I have got, you know, $10 on my credit card bill. Now, I
figured out how to stop that, but that said, I just say it
takes you in places--Ms. Montgomery, I liked your testimony, so
let me get your--I think you were going to say something?
Ms. Montgomery. Yes. Well, what I wanted to say is I think
what we need are tools that will help parents because it is
baffling for all of us, and I agree with you. It is very
frustrating and you can't really control where your kids are
all the time, and that is why COPPA was designed to really
address the business practices and really to minimize data
collection. It was not set up to facilitate parental
verification so that companies could collect a lot of data. It
was really developed to ensure that Web sites targeting
children did not collect a lot of data.
Mr. Cassidy. But again, if my mother is on who is 84 and
something is placed which begins to track and does not log out
and my daughter gets on, something benign at the outset but
perhaps less benign further in, I mean my mother has set the
table for my daughter to be tracked, correct?
Ms. Montgomery. Well, right. That is right. And that is
why, you know, I mean this is an evolving marketplace and there
will be more and more of that happening, as others have noted.
Mr. Balkam. I just wanted to make a quick point that all of
the major cell phone operators now offer pretty good parental
controls. And in our survey that we just released a couple of
weeks ago, we found that 25 percent of American families now do
use that. Now, that seems like a fairly low figure, but then
you compare it to the v-chip usage, which is around 15, 16
percent, that is not too bad. I would highly recommend that you
also use----
Mr. Cassidy. Yes, I have a parental control but I am sure I
am not using it to the full robustness as it should be.
Mr. Balkam. And education. We need to empower----
Mr. Cassidy. Now, I will tell you when I look at your
documentation and it says click here, once I actually read it,
it was 40 pages of legalese and a lot of it was redundant. A
lot of it was actually repeated. And it is like I am thinking
they are trying to defeat me from reading it. Now, we laugh
but----
Mr. Balkam. Sorry, sir.
Mr. Cassidy. --it is repeated, repeated, repeated, and some
of it is totally extraneous. It makes me think that that which
actually I might object to is buried deep within.
Mr. Balkam. I feel your pain. That is all I can say.
Mr. Cassidy. I will tell you, though, but we have got to
move beyond feeling pain to actually having something where a
parent can look at and say it is one paragraph, boom, this
works and this does not.
Mr. Balkam. Right.
Mr. Cassidy. Because right now I am thinking, heck, I can't
read through this.
Mr. Balkam. But there is another factor as well, sir, that
you should consider especially with apps is that what drives
those parental controls in many cases is the rating that was
provided for the content. In television and movies that is
provided by an industry----
Mr. Cassidy. Can I ask one more question before I run out
of time, Ms. Montgomery? I read in the Wall Street Journal that
if they have this interactive game and they make the tractor
red, white, and blue on a patriotic holiday, people are more
like to purchase something online. You realize that there is a
subliminal suggestion taking place which is modifying the
behavior of the person who is actually looking at the screen.
Now, if that is true for an adult, this is absolutely true for
my 9- and 10-year-old. How are we going to regulate this sort
of subliminal molding the person who is looking at the
interactive game to manipulate them into a behavior which they
frankly may not be aware they are being manipulated?
Ms. Montgomery. Well, these are major concerns. And I agree
with you and we haven't even talked about things like
neuromarketing, which is one of the trends in the industry as
well, in the online industry. But this is exactly why I think
we need to ensure that COPPA makes it impossible for companies
to behaviorally target, to track an individual child and to
create marketing that is designed for that child based on that
child's behavior, psychological profiles, and other information
that has been collected from that child.
Mr. Cassidy. OK. That seems like nice-sounding
recommendations, but how do we get there? I am not quite sure I
know that.
Ms. Montgomery. We have to keep working at it.
Mr. Cassidy. OK. Thank you. I yield back.
Mrs. Bono Mack. Thank you.
The Chair recognizes Mr. Kinzinger for 5 minutes.
Mr. Kinzinger. Thank you, Madam Chair.
I may be the last person to ask you questions, so
congratulations. You made it. Thank you for coming.
Mrs. Bono Mack. Excuse me, sir. We plan a second round, so
don't let them off that easily.
Mr. Kinzinger. OK, this round. But I really appreciate you
coming in and talking to us. This is very important. And I
think as we, you know, here in Congress debate things like the
economy and jobs and what is the proper role of government, you
know, does government micromanage an economic recovery or is it
the private sector, which I believe? This is a great
opportunity to show how this area is an explosive market and
really a bright spot in the American economy. It would be
really sad to think of where we would be, frankly, without, you
know, technology innovation right now as an economy. What place
would we have in the world?
So I think as we go forward it is very important that we
understand that there has got to be a proper balance, of
course, between where the government is involved and what it
does and also stamping down on the innovation of the free
market. Because again if we are going to get out of this
recession, and we are, it is going to be through that free
market.
So it is good to hear also from the witnesses that the FTC
is working well with the stakeholders in updating our privacy
rules to reflect that evolving world. As you have heard from
everybody here, I am amazed at what the young folks are able to
teach me about, you know, what to do with applications and
stuff like that. Even though I may be one of the younger
members of Congress, all I can do on my iPad right now is surf
the Internet. I really don't know how to do much else. So I can
go to my nieces and nephews to help me with that if they need
to.
But I also want to say to me it is incredibly hard for
parents to control or even know what their children are doing,
and at the same time, I feel confidence, obviously, that
mothers and fathers want to have that assurance that they know
what is going on and things like that.
The FTC has played an important role in this regard and
should continue to work with the various stakeholders to ensure
children's personal information is not being collected online.
More can always be done and this committee must determine and
it will determine whether the FTC has enough authority to keep
up with online advances, at the same time finding that balance.
My first question, though, is to Mr. Reed. As the apps
become more enhanced in geolocation and social media
interactions advance--and they do it at a record pace and an
exponential pace, frankly--do parents have the tools to ensure
that predators won't have access to their children's location?
Because, to me, I see that as potentially being a very terrible
story in the future.
Mr. Reed. Right. That is becoming kind of a universal
conundrum. How does my child share his information with his
friends and not let people that we don't want to see it, see
it? We are working on technological solutions, we are working
on allowing kids to kind of develop their own friends list, but
that has its own shortfalls. Does my 13-year-old--mine is 5-3/4
so she is not there yet--but does she know who her friends
really are? The problem is is if we take a step back, we had
this problem with this device called the telephone. People
could call each other and say this is where I am. I will meet
you behind the park or behind the baseball field. So it is
really a struggle that we have on how do we take this location
information that we are provided in our mobile device and
somehow segregate it in a way that is different than, say, my
physical telephone in my house saying I will meet you behind
the baseball field.
Mr. Kinzinger. Right.
Mr. Reed. So we don't have the answers. We are trying to
figure it out, but I a big part of what we are doing is
empowering parents to know what their kids' device does and by
alerting them very clearly, hey, this is going to share your
location. Are you OK with it? And in the case of most of the
mobile devices, you can turn that off completely. So in mine,
my daughter can't actually hit any button that charts her
geolocation. And so that is what we are going to have to do.
Mr. Kinzinger. And that is good. And again, I mean in 2 or
3 years if you all are fortunate enough to come back here and
talk, we are going to have a whole slew of new different
questions----
Mr. Reed. Right.
Mr. Kinzinger. --because there is going to be so much that
we can't even begin to imagine now. And again, that is what
beautiful about our innovating economy is that, you know, that
is the case.
But let me ask Ms. Engle. How is the FTC approaching
geolocation technologies as it relates to children? And
specifically, do you believe parents are given enough
information to know what an app is storing about a child and
what information is being shared with other users?
Ms. Engle. The FTC believes that geolocation information is
already covered as an item of personal information under COPPA
because COPPA refers to physical location including street name
and city or state and geolocation information is at least as
precise as that and often more so. But what we have proposed is
specifically adding geolocation as an element of personal
information just to make that crystal clear.
Mr. Kinzinger. Well, thank you. And again, this appears to
be a good example of where government and private sector seems
to be working well together. And I yield back.
Mrs. Bono Mack. I thank the gentleman and recognize myself
for the next 5 minutes.
And to Dr. Montgomery, I appreciate very much your thoughts
on this and your work on this over the years. Last week, I took
a trip up to Silicon Valley and I visited a number of the big
firms. It was very thought-provoking and I think that what
really strikes me the most is how over the years the Internet
has been built on the back of intellectual property. And early
on when you think about Napster and Kazaa and the peer-to-peer
networking and how we have moved into other models that
actually try to pay for intellectual property, do you think, I
mean behavioral advertising to me, I kind of grapple a little
bit with why it is bad when sometimes they are trying to
monetize these new models that end up trying to pay for
content.
Anybody who is a writer in the audience, you know, anybody
who has ever been a part of any creative work, any longer your
work is devalued because you can't get paid. And when something
is out on the Internet in digital form, a master copy is a
master copy is a master copy. How do you see moving forward,
then, in a world where we need to try to provide decent,
quality content for our children and still protect them from
behavioral advertising? And you said that if we hadn't had
COPPA--and I don't disagree with you--but you said it would
have been outrageous what we would be living under now. How do
you find outrageous and how do you see paying for quality
content going forward as people are grappling with how to pay
people who create valuable content for our children?
Ms. Montgomery. Well, I will tell you that what I saw in
the early days was leading to a business model where marketers
were talking about creating personal relationships between a
product spokescharacter and a child, things that nobody would
ever talk about now in terms of microtargeting and targeting
individual children. And I think what we have been able to do
with COPPA is allow and enable that industry to grow and
flourish but by creating some guardrails, some rules of the
road where we are not taking advantage of the youngest
children, whereas I mentioned earlier, research shows they
don't have the cognitive capacities or the psychological
developmental capacities to handle these kinds of very, very
sophisticated behavioral targeting and----
Mrs. Bono Mack. But there must be some positive behavioral
targeting out there, too. And this is what troubles me about
these discussions we have in here with privacy, with security,
is all of these issues have another side to the coin where some
people see benefit, others see risk, all of these. My point
here is what if we wanted to do an anti-bullying campaign? That
is positive. What if we want to encourage our children to go to
a great university like USC or something like that? And so
there are ways to target them in a positive way as well, aren't
there? We are stifling----
Ms. Montgomery. Absolutely. And from the beginning what we
have said and I still agree with, we were never trying to
eliminate marketing or advertising in this context. We think
that is perfectly fine and identifying the IPs, understanding
that an IP address is still now personal information,
personally identifiable, that doesn't mean you can't provide
contextual advertising to children. That is still very much
possible. You can do all kinds of anti-bullying campaigns. They
are happening online. None of this would restrict it.
What I think is important, however, is that we create some
safeguards for the kinds of data collection and profiling and
highly targeted and potentially very manipulative advertising
that is targeted at younger children. Now, when it comes to----
Mrs. Bono Mack. And can you speak a little bit towards
monetizing the delivery of quality content? This is what it is
all about at the end of the day.
Ms. Montgomery. It is a tradeoff. It is always a tradeoff.
And yes, of course you need to monetize the content but you do
that at a price. And if it is a price that is not fair to
children, that takes advantage of them, then I think you look
for ways to alter that business model.
Mrs. Bono Mack. Thank you very much, Dr. Montgomery.
Mr. Simpson?
Mr. Simpson. Just quickly to add to that, as a big believer
in those incredible educational opportunities of apps, of a lot
of this digital media, how do we monetize that? As much as
possible we do that with the engagement and empowerment of
parents. Make them part of the equation so that they know about
the cyber bullying campaign that we want to promote and that
they are engaged with their kids with talking about USC and
other great institutions. Make them part of the equation.
Mrs. Bono Mack. Quick question--and we are trying also to
get enough time to Mr. Markey so he can be here--you like the
eraser button. I don't understand how that is technologically
feasible. I am not opposed to the concept, but again, if it is
a digital recording, if a song is out there, it is out there
forever. If a photograph is out there, it is out there forever.
How do you technologically think that an eraser button is
possible when it is already out there in cyberspace and you
can't even attribute necessarily who originated it?
Mr. Simpson. You are very right on that part and one of our
first pieces of advice to parents and to our educational
materials for kids is to make them recognize that these things
can be forever and all the more reason why kids need to be very
careful about what they post, what they share. But as the bill
has drafted, to the degree that it is technologically feasible,
the eraser button should address some of the opportunities for
kids or teens, parents in the case of kids, to take down what
they own.
This also gets back to what, I believe, Congresswoman
Blackburn has described as who owns the virtual you. So this is
also an issue of intellectual property. This is an issue of
property. When we start sharing things online, they do get much
more complicated. They run into First Amendment issues and they
run into shared ownership. But at what point do we have tools
for parents and for teens where something that belonged to me,
a picture I took of myself still belongs to me and is something
I can take down.
Mrs. Bono Mack. All right, thank you. I need to yield to
Mr. Butterfield for 5 minutes.
Mr. Butterfield. Thank you, Madam Chair.
Ms. Engle, let me start with you. The statute contains a
broad definition of personal information. It states simply that
personal information means ``individually identifiable
information about an individual collected online'' and then
includes a nonexclusive list of identifiers. The FTC is also
granted the authority to expand the definition to include any
other identifier that the Commission determines permits the
physical or online contacting of a specific individual. This is
the authority that the FTC is relying on to bring the meaning
of personal information into the COPPA Rule in line with the
technological changes that have happened since the Rule first
went into effect.
Let me just ask you yes or no. Am I correct that you are
not required by the statute to determine whether changing the
definition of personal information will unreasonably impede
technological innovation?
Ms. Engle. That is correct.
Mr. Butterfield. All right. Yes or no, am I correct that
you are not required by the statute to determine whether
changing the definition of personal information will adversely
affect interstate commerce?
Ms. Engle. That is correct.
Mr. Butterfield. All right. Yes or no, am I correct that
exercise of this authority does not require any finding other
than that the identifier permits physical or online contacting?
Ms. Engle. That is what the statute says.
Mr. Butterfield. All right. Yes or no, am I correct that
you get to use streamlined APA rulemaking and are not required
to follow the more burdensome Magnuson-Moss rulemaking process
to change the definition?
Ms. Engle. That is correct, although we always, you know,
seek comment on burdens and cost and technological feasibility,
but it is not statutorily required.
Mr. Butterfield. All right. Yes or no, is this the first
time in the 11 years since the COPPA rule became effective that
the Commission has proposed changes to the meaning of personal
information using its statutory authority to modify the meaning
of that term?
Ms. Engle. Yes.
Mr. Butterfield. All right. Those are my yes-or-no
questions. All right. We need to use some more time.
It seems to me that when the FTC is given the ability to
modify the meaning of a key statutory term like personal
information, and 2) is allowed to do so following a
straightforward and streamlined process, it is shown it will
not abuse the authority or act hastily. It will not run wild
and create chaos and unnecessary cost for businesses. I think
our experience with COPPA shows the FTC can exercise this sort
of authority carefully and deliberately. I hope that is a
lesson all of us here can apply to the data security context as
we look to move legislation in that area that is both effective
and adaptable to changes in technology and expectations about
what information should be protected.
This has been a good hearing, Madam Chairman. I want to
thank the witnesses and want to thank you for your patience. I
yield back.
Mrs. Bono Mack. I thank the gentleman and at this point I
will thank the panel very much for your answers to our
questions. You have been very gracious with your time. And as I
said, these issues I think no more than any others have a
flipside to everything that we do. And the law of unintended
consequences can be very, very frightening. And with that, I am
actually just stretching--you owe me. And I am happy to
recognize Mr. Markey for 5 minutes.
Mr. Markey. Thank you. I thank the gentlelady and I thank
you for allowing me as a nonmember of this subcommittee to
participate. Thank you so much.
I am the House author of the Children's Online Privacy
Protection Act, which Congress passed and President Clinton
signed into law in 1998. It is the communications constitution
when it comes to protecting kids online but we need to update
it to take into account the explosive growth and innovation in
the online ecosystem over the last 13 years.
I commend the Federal Trade Commission for its thoughtful
and comprehensive review and for its proposed changes to that
Rule, which reflect and reinforce many of the same safeguards
contained in the Do Not Track Kids Act that I introduced this
past May with Representative Joe Barton.
As in our bill, the Commission appropriately notes that
teens should be provided with clear information about how their
personal data is used and also empowered to exercise control
over these uses. As in our bill, the Commission also proposes
to add children's location information under the category of
personal data that require a parent's permission before it is
collected or used. Given the potential for this sensitive data
to be misused to endanger a child, the Commission's proposal in
this area is a much-needed step.
I commend the Commission for rejecting arguments that
voluntary self-regulatory efforts are the best way to address
privacy concerns in connection with behavioral targeting of
children online. Strong legal requirements along with vigilant
enforcement are needed to protect children from tracking and
targeting on the Internet.
Children should be able to grow up in an electronic oasis
that enables access to online education, to education and
entertainment opportunities in a safe environment. And I look
forward to working with you, Madam Chair, and all the members
of the committee so that we can strengthen privacy safeguards
and ensure that kids and teens are protected when they go
online, and that is why I introduced the Do Not Track Kids Act.
Mr. Simpson, you mentioned in your testimony that teens
still need privacy protection online because, as we know, COPPA
covers users 12 and younger. I agree with you. And the Do Not
Track Kids bill that Joe Barton and I introduced provides teens
with safeguards specifically tailored for their age group
without expanding the COPPA structure to adolescents. Can you
expand on Common Sense's views on privacy protections for
teens, please?
Mr. Simpson. Thank you, sir. We think you are taking very
much the right approach. There is a complicated issue here
called child development and we all know that not all 8-year-
olds are the same, 8-year-olds are not the same as 14-year-old,
and 14-year-olds are not the same as 20-year-olds, and many 20-
year-olds act like 12-year-olds. But the reality is that teens
need something more than they have right now. The FTC's
recommendations are very valuable for kids under 13, but there
are a lot of 13- and 14- and 15-year-olds who are quite capable
of making mistakes in this innovative space, and those mistakes
can come back to haunt them. They need opportunities and they
need a lot more education and they need a lot more information
that is actionable. They need resources they can use that are
designed for their age group, not for the lawyers who are well
versed in privacy.
Mr. Markey. Thank you.
Dr. Montgomery, do you agree that younger teens need a
framework for them as well, perhaps not for the 12 and under
but something tailored for that group?
Ms. Montgomery. Yes, I do and this is something I have felt
very strongly about for a long time since we were debating
COPPA where the issue of whether we ought to apply the COPPA
protections to teens was very much part of the discussion at
that time. And what I really believe is that we do need
protections here. What we have seen is with COPPA, we have a
framework where there is an industry that appreciates the
concerns about children, but with teenagers, it has been no
holds barred and no real sensitivity to their concerns.
Mr. Markey. Can I ask, what is your response to the
questions that are raised by the eraser button that Mr. Barton
and I have included in our bill? What do you think about its
functionality as a way for parents to be able to protect kids?
Ms. Montgomery. I don't really know how the eraser button
will work but I do believe, as my colleague Alan Simpson has
said, that teenagers themselves should be able to have some
control over the information they have placed online.
Mr. Markey. Mr. Simpson, what is your view in terms of the
eraser button?
Mr. Simpson. Absolutely. And you know, we don't know
exactly how they will work, but I think they key is here we
have seen a lot of innovation on how to collect and not enough
innovation on how to protect. And I think something like an
eraser button is a tool that industry can design to empower
teens in richer ways.
Mr. Markey. OK. Thank you. And I thank all of you for your
participation in this very, very important discussion. It is
only going to get more and more dangerous for kids if we don't
put these safeguards in place.
Thank you, Madam Chair.
Mrs. Bono Mack. Thank you, Mr. Markey.
And again, I would like to thank Ms. Engle and the entire
staff at the FTC who has devoted time and thought to this
effort. Job well done. And also to all of you once again, thank
you. I would like to say that this is a third in our series of
online privacy hearings so far this year. I look forward to our
continued discussions on how we can best balance the need to
remain innovative with the need to protect all of our privacy,
certainly our children's privacy.
Next week, we will take a close look at consumer attitudes
and expectations, and we know that is going to be a very
interesting hearing.
I will remind members that they have 10 business days to
submit questions for the record, and I ask all witnesses to
please respond promptly to any questions you might receive.
And the hearing is now adjourned. Thank you again.
[Whereupon, at 11:02 a.m., the subcommittee was adjourned.]
[Material submitted for inclusion in the record follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
�