HOME >Our action >Digital World

At school and at home, how much does the Internet know about kids?

Friday 11 December 2015, by SIGNIS

Brussels, Washington DC, December 11th, 2015 (SIGNIS/Npr). Children’s personal information isn’t supposed to be an online commodity. But whether kids are using Google apps at school or Internet-connected toys at home, they’re generating a stream of data about themselves. And some advocates say that information can be collected too easily and sometimes, protected too poorly.

Last month, a hacker stole personal information and photos of more than six million children after breaking into the computer records of an educational toy company, VTech.
VTech says that they’ve since hired a security company to deal with the breach.

JPEG - 11.3 kb
A child playing with the Kidizoom Multimedia Digital Camera made by VTech in 2009.

The issue, of course, spans beyond VTech. In the toy world, there’s the new Internet-connected Barbie doll, which has also been found to have security flaws, for example. And privacy advocates have long waged a battle against cookies and other data collection based on kids’ Internet activity.

Google is one of the companies that have come under fire. A nonprofit advocacy group called Electronic Frontier Foundation has filed a complaint with the Federal Trade Commission over Google’s data mining practices. More than half of classroom computers in the U.S. are Chromebooks and many students and teachers are using Google Apps For Education, a group of tools that include Gmail, Google Calendar, Google Docs and the purpose-built Google Classroom.

Anya Kamenetz of NPR’s Ed Team and Lorenzo Franceschi-Bicchierai, a staff writer for the tech news website Motherboard who has reported on the VTech data hack, spoke to All Things Considered about the issue of children’s privacy. Here are a few takeaways.

Lorenzo Franceschi-Bicchierai:
On the VTech hacker’s motivation: their services are really easy to break into. There are a lot of personal data that are easily accessible.

On what the hacker discovered: it’s possible to figure out who the kids are. The children database only had their first names, so you couldn’t really identify the children. But from some other data in the files, Troy Hunt (an Internet security analyst) realized that you could actually link the two databases and figure out who the kids were, who were their parents, and effectively find where the kids lived.

On sharing addresses with toy companies: If you’re a parent and you buy a V-Tech toy, put in a fake address. If the company doesn’t need that address, you might want to not give it out. And that way, there’s no damage there.

On planning for the future: The big takeaway here is that these things can happen, and as we connect more stuff to the Internet, we’re going to lose data. That’s unfortunate but that’s the reality. So we have to accept it and find ways to limit the damage if it happens — and also, hold more companies accountable as well.

Anya Kamenetz
On what happens when you type a search into Google: When you log in to Google, whether you’re using search, or Maps, or gmail, you have one account, following you around — sometimes literally in the physical world — and it’s collecting information. When you’re logged in and using Chrome, which is their web browser, Google can actually, with permission, track your entire browsing history, every site you visit. And Google uses all this data to better target ads and search results and to improve its services, not only for you but for everyone.

On why that can pose a problem in schools: For students, the rules are supposed to be a little bit different. When students are using the Google Apps for Education and "Core Services" within them — gmail, docs, sheets, slides — Google says that they don’t collect personal data to target ads. In fact, they stopped collecting student data for ad-targeting last year after a California lawsuit questioned that practice.
But the EFF says that there’s a little bit of a sliding door, a back door: when students are logged into their student Google accounts but they’re using other Google services like YouTube videos or they’re searching Maps — that Google is collecting that information after all. And when students are using Chrome on these school-issued computers, they’re browsing the web and Google potentially has access to their entire browsing history as well.

On legal implications of such data collection: That depends on who you ask. Google denies any wrongdoing here. They have signed a voluntary but binding pledge called the Student Privacy Pledge, along with 200 other companies. And that pledge says that Google will seek parental authorization before collecting data that isn’t being used explicitly for educational purposes. And EFF told that they’re not necessarily digging into what Google is doing with this information, they just want Google to get permission.

Subscribe to our Newsletter
SIGNIS in the world
Choose your organization in the world.