IGF 2010
VILNIUS, LITHUANIA
15 SEPTEMBER 10
16:30
THE NEW BREED OF LOCATION SERVICES –
CHALLENGES FOR CHILD SAFETY
***
Note: The following is the output of the real-time captioning taken during Fifth Meeting of the IGF, in Vilnius. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the session, but should not be treated as an authoritative record.
***
>> DIANA SUTTON: Good afternoon, can everybody hear me? Welcome to this workshop which is on the new breed of location services and the challenge they propose for child safety. This workshop is hosted by the European NGO alliance, and this is nongovernmental alliance working for children's rights across the European union. We want to raise awareness of the challenges associated with location based services and child safety. We have a series of speakers today who will explain what location based services are, how the different industry players are trying to solve some of the challenges posed by child safety and what are the places in the United States where they have had services for some time and members from the European parliament. Location based services are sometimes marketed as a tool to know where your child is, praying on concerns by parents and they allow you to track the whereabouts of individuals but for children they raise a number of crucial questions some of which are similar to the concerns raised by adults and some different. Do they breach the child's right to privacy? Are children and indeed are adults aware of the risks of publishing location data about themselves? Will location based services lead to the inappropriate targeting of children both by advertisers but more concerning ly by predatory sex offenders? We will consider these important points in today's afternoon workshop. Gives me great pleasure to introduce our first speaker who is John Carr. John Carr is an independent expert on online child protection and he is the secretary of an association called HIS and is a member of eNASCO.
>> JOHN CARR: Thank you, Diana. What I'm going to do is try to explain what we mean by location services, how they work and just refer to some of the issues we think they're creating from a child protection, child safety perspective. So we're doing this because I've now went to several different meetings where it was only sadly halfway through them that we discovered there were quite a few people in the room who were on a different page altogether and haven't got a clear or sharp idea of what a location service was. I'm going to start first of all by describing the first type of location service that I had to think about and deal with and these were location services which emerged within the United Kingdom and we first became aware of them in 2002, 2003, and in those days it was a relatively straightforward business because the only people involved in supplying location services in those days, initially were the mobile phone companies themselves. And I'm going to explain the how's and why's, so here we have a mobile phone, like George Bush in school I'm holding it upside down, but I'm hoping you haven't noticed that! Forget about the internet aspects is this is an ordinary telephone that is provided by T Mobile or orange or AT&T or whatever your company carrier is. Basically what happens when you turn on the electrical power is it activates a radio transmitter in effect which goes looking for a cell that is part of your carrier's, your network's system, it says my number is such, you can all ring me on that by the way, whenever you want, actually beer broadcasting this live so I guess we ought to be careful about what personal information we put out there. Anyway, what happens is that number connects with, in my case, T Mobile's network and they know where the cell is that that number is now located and obviously it needs to know where that is so any calls that come looking for that number can be directed to that cell. But what that also means of course that T Mobile knows where I am because it knows where my number and that cell is. At least it knows where the sim card is, I might have given this to somebody else or it might have been stolen from me or it could be parted from my person by any number of different methods but let's assume for the time being that it is me and it's my number so they know exactly where I am. As I move between different cells, it traction where that number has moved to and from. Figure out of range if I go out of range, lose power, it knows where I was at the last moment when the phone was connected to the network. So what happened in 2002, 2003 was the full big mobile phone companies in the United Kingdom, that was Orange 02, Vodafone and T Mobile, they got together to talk about the information they posed because they knew what cell different telephones were in. Now just to go back a second, for many years when there was a road accident or a criminal investigation or anything of that kind the police and the emergency services were able, with a warrant to get that information if they needed it and in fact it's more or less routine in criminal investigations to get the phone, find from the carrier with a warrant, obviously, where the person was at different times and that can be part of the evident that is produced in court.
So it was always the case that the emergency services, the police, and so on, could get location information around an individual's use of the device. So what changed in 2002 and 2003 was that the mobile phone companies found a way of being able to sell that to other members of the public. Now they didn't sell it directly themselves, what happened was a number of smaller companies sprang up, and they essentially entered into contracts with the networks to sell that information. One of the things that happened at that point was some companies started marketing child location services, so they were saying to people, if you want to know where your child is, buy our service and we can as long as they've got a mobile phone we can tell you where they are. Initially some of the marketing material, some of the smaller companies that were selling location services, some of the stuff they produced was, frankly, shocking and disgraceful, the message was something like, for the moment, the marketing message was, "your child could be kidnapped tomorrow" or "your child could get seriously lost tomorrow" so if you love your child and want them to be safely rescued from these terrible kidnappers or if you want to find your child quickly if they get lost, to prove that you love your child you will buy our service, right?
Now we thought that was bad on a number of levels, one of the most obvious being, of course, the point I made right at the beginning, knowing where a sim card is, is not the same as knowing where your child is. Alternatively, your child could be hanging off the edge of the cliff by their fingertips knowing that they're somewhere by the sea doesn't tell you necessarily that your child is safe.
So there were a number of things that we found wrong with the way these things were plate operating and we met with the mobile phone companies and by the way we had no resistance at all, they got the point immediately, we said how do you know who it is that's tracking the child? What security systems are in places to make sure that if X is tracking Y that they've got some sort of right to, especially in the case of a child. So the long and the short of it was that we negotiated with the four networks a code of practice which they all then followed and it specified the security steps that had to be taken before you could sell a mobile phone service that tracked a child. There were several crucial things about that code of practice. No. 1, the service was sold, right? This was not a free service, it was a service you had to pay for. So what this meant, immediately there was an audit trail because there had to be a credit card number or bank account that was paying for the service so that meant immediately that you had some way of checking who it was that was doing the checking.
There had to be and it was one to one, so one person would track another person and it would be done between two mobile phones in effect, you could do it on the web but there had to be at least one other mobile phone in there somewhere so you had a second potential audit trail because you knew what individual was actually tracking which child. Third security feature that we insisted upon for tracking children was that you could not start this service over the internet immediately. There had to be, where it was a child location service, the company selling the tracking service had to send a pin number through the post, so through the old fashioned postal system, a pin number had to arrive at somebody's private address, that pin number was then same way for your bank card and so on, your ATM card, the bank sends you a pin through the post and you rip it open and rub it off and then you've got the pin number and you can use you're ATM card. The same principle was applied in this case and one of these would come through your door and then you could go on the internet and on your mobile phone and then you could kick off the child location service. So you can see two things, really, first of all these big telephone companies who admittedly are accustomed to work in a highly regulated environment, they immediately accepted that there was an extra degree of sensitivity, of concern, about tracking people, particularly children, and that there had to be some kind of security trails and audit trails built into that process. Again, particularly for tracking children. Where it was two adults, all that thing about sending through the post didn't apply, but where it was tracking a child, it was accepted by the companies that there had to be this extra layer of security. So we were happy. We were happy that we negotiated a self regulated code of practice, every mobile phone company in Britain observed it and we were not aware of any bad incidents where children had been abducted or molested or put in any danger and we would like to think, we can't prove IT we would like to think it was because of that code of practice that that happened. We did find out about wives expecting their husband's of having affairs, tracking employees, things of that kind, which were quite improper and not really what these services were every meant to do so we did become aware in which location services were being used in ways that we probably wouldn't have approved of or intended, but I like to say partly because of the practice that we negotiated with the companies no ill befell any children that we found out about.
Now, the situation today is completely different but that's the way we approached it initially. Today in this same mobile phone which I'm holding up the right way now, I have got a GPS module that can track with the satellite and I have a Wi Fi so I can go on line by connect to go any wireless router that might be available in my vicinity and of course both of those things have nothing whatsoever to do neither of those things have anything whatsoever to do with the mobile phone network operators. They are completely linked to and part of the world that we know of as the internet.
Of course, by the way, just to be clear, they can those two can also work with the existing, the original system of using GSM so the most efficient and accurate and effective location services that we've got today as opposed to back then, in fact, use all three and you can get very, very, very High Levels of accuracy in terms of tracking where an individual was. I should have said by the way, that in the original system where it was simply the GSM network that was providing the location data the accuracy of how you could how accurately you could pinpoint somebody's location could vary enormously, within central London, Manhattan, a big urban area like that where you probably had lots and lots of cells, you could get accurate pinpoints, 5 meters, 10 meters, but if you were in a rural area or if you were in a less dense urban area you could get location data that would tell you that this person was in 5 square miles, so, in fact, useless really as a way of a tracking tool but most of us live in urban areas so even under the old system you still could get a fairly good fix on where somebody was.
With the new regime where you have the potential of those three different technologies linking up to help pinpoint something, you can get somebody within 3 feet, within 1 meter so it is exceptionally accurate. Just to be clear, what we say about these things, we can see all kinds of upsides for location services and certainly if you read the technical press, the chat, the buzz in the internet world it's all about how location aware applications are leading a whole new generation of innovation, a whole new generation of applications that are going to be coming online, going to simplify or enrich or enhance our lives in all different kinds of ways. We've got Latitude, one of the first out of the box by Google, Fire Eagle provided by Yahoo, Facebook has released places in the United States and they're going to start releasing it in Europe, country by country, and a lot of countries are getting into this, and a lot of people can see the potential of location but of course the big, big difference is who can control it and see what's going on. None of these location services so far that I'm aware of charge a fee, everything is financed by advertising so immediately several things become apparent. First of all the potential of an audit trail, so who is tracking who particularly if it's a child doesn't exist because nothing goes through the post, there is no audit trail linking a credit card or bank account to anybody doing any of this. All of those things which when we negotiated originally in the UK that we thought were important, security checks and balances have vanished because no company who has developed any of these services has so far found a way of rectifying them. Here is the thing: This is stating the obvious again, these services are starting to be linked to different applications on the web, specifically into Twitter, Facebook, into your social networking profile. So now we have the possibility that you can, unlike in the old days where it was one to one, one person could track one other person, only those two people basically knew about it, now
(Loud music in the background)
>> JOHN CARR: Do I have to sing the rest?
(Chuckles.) Now you can broadcast your location to anyone's profile. Some kids because of the issues that we've been talking about for years, they've got 5,000 friends, there is no way that 5,000 people on your social networking profile are your actual friends so you've got the potential for children and young people to be broadcasting their physical location without any hindrance to complete strangers, I'm going to wrap up because I know we are short on time really. We know in the UK, for example, our statutory regulator did a study of who is on Facebook, for example, and what they found was that 25% of children between the ages of 8 and 12 have Facebook accounts. That's despite the fact that Facebook says only children 13 and above are allowed to be members of Facebook. So now we have the prospect of 8 year old children having accounts with Facebook, probably say they're 19, 20, 21, who knows by the way of all of those children between the age of 8 and 12 who were identified as having a Facebook account in the United Kingdom, 11% of them set their profiles as "completely open" it's good that 89% set them as private, well done, they shouldn't have been on there in the first place but at least they had the wit to make them private but 11% left their profiles completely open and Facebook obviously hasn't found a way of stopping that happening. So 11% of a very large number of children is way too many souls not to be concerned about. I'm not saying I have an answer to this problem right now, but what I am saying is that the way these services are coming out, are the way the companies are allowing them to develop is raising all kinds of issues. You know, again, I can't point to any children who have been harmed yet that I'm aware of but if I can quote the Canadian data privacy Commissioner, Ms. Stoddard, what she said was "it's not necessary to establish that there have been victims," paraphrasing slightly but I'm not doing violence to the sense of what she was saying, "it's not necessary to establish that there have been victims, it's only enough for me to see that these systems will allow things to go wrong" and in that case she instructed Facebook to make various changes to their privacy settings.
So I'm not coming here to say this is a huge disaster, loads of children have been injured or harmed, what I am saying is that you don't need to be Einstein to see the potential for these applications to do harm. The fact that they can do good, they wouldn't be there in the first place if they couldn't do good, nobody is saying they shouldn't exist, but what we are saying from the child protection perspective is that much more effort needs to be focused on finding a way of making sure that children at least, if you're 18 and above, you choose to do it, that's your business, but children shouldn't have easy access to applications like this that can expose them to that type of risk. There you are!
>> DIANA SUTTON: Thank you, John. I'm going to pass to the next two speakers and after that we will take a break for questions. So I'll move immediately so if you have a question that you would like to raise with John make a note because you will get a chance to ask that. First to Stephen Deadman who is the Group Privacy Officer and Head of Legal Privacy and Content Standards at Vodafone Group.
>> STEPHEN DEADMAN: Thank you, John, thanks for the explanation of the growth of location services. I wanted to do two things, two key messages. The first is I wanted to describe in simple terms the environment into which we've all location services have evolved. I will try to introduce some analogies to make it simple for you to see different services and the second thing I wanted to say is how we get our arms around the privacy and the location services, what's the solution and I'll talk a bit more about the way Vodafone approached this and the work that we're doing with the rest of the industry.
So a bit of a history of the way location services have evolved and giving you a focus from the UK but to give you terminology, nowadays, when operators controlled information, companies like mine effectively provided information and they could provide services. First generation services or location 1.0. And the code of practice that was adopted in 2005. (Away from mic.)
The primary concern was tracking type services so, for example, the benefits of keeping children safe is one example, I would say the way companies provide corporate track to go assure their so consumers generally were liking the devices, they like Android devices and others, and they were provided locally, through global platforms, fast forward to 2006, the first generations continue today but what we are concerned with is the new breed, and there are important changes in the sector that John highlighted. Let me capture some of those. First of all, location, there is access for GPS devices installed in units of personal devices and devices themselves are quite keen on picking up locations, like sniffing for hot spots, figuring out where they are. Applications that are developed like that is all very clever and not controlled by anyone in particular. The second device which is smart allows individuals to install software, they write interesting applications for platforms that are open and now we see a proliferation in the Smart Phone area and iPhone is the best example and they have a number of applications and a number of platforms are proliferating. And then there are the developers, typically we talk about start up businesses, very clever in businesses doing interesting things. The model is we will continue to proliferate. Comparing it to windows by fragmentation, you have a verge and different group very large group providing applications, a wide range of devices, different companies providing those services, and it's a difficult environment to create a simple set of principles that everyone can set up to.
We will talk about one of the solutions now. The emergence of location services, surveillance is an application but growth has been in the emerging of location with social media and that's the area that has most of the attention and I think a lot of what John is referring to is the social medium and location. So there are two things which cause people to be concerned, are the social networking and the ability to be located. The second generation services, for example, I have an application on my device, when I get somewhere on busy press a button and it tells the contacts where I am, it finds my location. I'm not being tracked but I'm sharing my location. Now, I understand that doesn't create privacy problems or issues, it's not a surveillance type problem and those remain separate issues and have their own characteristics and the solutions are different and there are different types of solutions that we need to look at for what I would call clever applications that you run on your device, for example. The second part of what I wanted to say is we need to get our arms around this problem and some of you might think isn't this a job for policy makers, don't we need more laws? But if you think about the nature of the environment being fragmented, global environment, it's not reliable to pass a bunch of laws. They would be geographically limited, these services are provided by companies all around the world and if you take European style privacy laws that are focused on those who collect data, there are lots of things involved in the way privacy is managed, want just those who collect the data or the developer but the platform, the device, and so on, so how does regulation deal with that? Things are changing rapidly. It takes European privacy laws, and there is no way that regulators could be quick enough to adapt what is needed in location services. It is actually quite difficult, the kind of laws they put in place in 2004 was not restrictive, and we have started looking at different ways we can do this. We started looking at the privacy outcomes, what does a user want to get from services? How do they want their privacy to be protected? If we can begin to articulate those outcomes then we can design principles to ensure that we can know what privacy looks like in a service environment. You describe an environment mixed up with platforms and devices and developers and we can define what we think should happen from a user perspective and work back from that point to what does the device feed to do? Should there be an icon that tells you an application is using your location? What should the developer be doing when designing privacy into the locations, how should the APIs work, we can begin to work back from that common point and a lot of this stuff has to be built into standards so there are people in standards bodies working to try to solve these problems but we haven't articulated what we want the outcome to look like. So we would like to have those outcomes considered by the major players in the ecosystem together and started a dialogue and that continued for the best part of the year and it was clear to us even the companies were behind on thinking about these issues. It is now under the GSMA to try to get industries together to look at a range of charges using this type of approach. It's called "privacy initiative and it's not intended to be industry setting in the rules but we need to be industry setting in finding the solutions to many of the problems and civil society will be a key participant in that process, so make sure it's heading in the right direction and to work with industry to make sure the outcomes are the outcomes that we collectively want for your users, thank you.
>> DIANA SUTTON: Thank you very much, Steve. I will pass to Jonne Soininen, from Nokia, go ahead.
>> JONNE SOININEN: Yes, thank you, Diana, I would like to start with something a little different and start with a kind of notion what we have to keep in mind here that though the mobile communications have introduced new challenges, perhaps mobile phones are kind of this single best innovation that improved security of children because now children are you can call them and they can call you if they have a problem. That's at least what I as a parent like very much so my daughter started school this year and she got her mobile phone. She had very specific requirements what kind of phone she wanted, she wanted a "pink" one!
(Chuckles.)
But the thing is that brings also some challenges, that I as a parent or we as a company have to look at. Especially the new location services being a lot of industry privacy issues, who can see where you are and why can they see where you are and those are interesting questions indeed.
These issues are not specific only to children, in the case of children they become more urgent, who do you give your location to, who can see your location is always an important question and we have the overall question of privacy in these services. Then there is the age old question of how can these services help to protect children as well? This is something that what John said, there are these services where you can track where your child is and you have at least some more of a feeling of security that you know that children your child has forgotten their mobile phone at school and it's actually somewhere else! Those are opportunities, as well, and, of course, they have limitations and we have to also think about the rights of children and especially what Diana said earlier, are the privacy of children as well, how much we as parents have to trust our children and how much we want to track them and so on.
This responsible process is for a vendor and not only a phone vendor but everybody, for instance, who does applications for services that use this data and use this location information in the first place.
These are especially things that we have to understand when these services are on or when they are off and they have to be able to use, that you can understand what you are doing and this is of course interesting. We understand this responsibility very well and this is very much in line with what we want to do anyways because we want people to know how to use these services and understand them as well. But this is very important, though, because if the consumer or the user child or adult doesn't understand what the service is on or not they might be giving out information that they wouldn't like to or if they don't understand who they are giving that information to or they may get do you say different kind of trouble. How this can be eliminated on the new services what we believe first and foremost is educating the parents and the children about this. I don't think we can shield the children off of these new services and say you are not allowed to use until you're 18 and then drop them into water and expect them to be able to swim. I don't mean that we should try to explain this to a 7 year old like my daughter, I'm sure they doesn't understand what location is. Sometimes I at least have that feeling! But when children get older they can be given more responsibility. But we as parents have to understand these services that we can educate the children. In addition to us as adults and parents educating the children we have to have also some sort of peer support among the children. This means that the children have learned to use them and can teach each other about the possibilities and risks, also, of these services. This means they have to have material in the language that they understand and material that explains these challenges and the benefits in language that they understand and that appeals to them. Of course we have to take into account really the age of the child as well. You cannot expect the same sort of responsibility or the same sort of level of education from very small children as you can from an already an older child and this is important as well.
Therefore, us as vendors, as well, when we, for instance, sell phones it's important that the adults that buy the phones ultimately for the children understand the capabilities of the phones that they give to their children and when they are advanced features and advanced location features in particular, they can make an intelligent choice if they buy that particular phone model or not or if they should go to a simpler model that doesn't have these services if they expect the child is not ready to use them.
Line like Stephen I have the feeling that there is only so much that can be done through law especially when technology is moving as fast as it is. There is a big risk of doing hasty decisions that doesn't fit the problem at the time that we have at the time the regulation is ready and therefore we have to look at alternate means which is basically looking at that as an industry as a whole and also really looking at the education of the parents and children themselves. The other thing what the law cannot do is it cannot regulate your own responsibility, it cannot take that away and that is, for instance, that it's the phone and the service for the phone that can be bought by an adult and given to the child and the responsibility then relies on the adult who has identified himself or herself and has the services open and all the opportunities. Law cannot foresee much about that.
These are things that I think that severely limit the options that we have through law and regulation. We actually do quite a bit of cooperation with different child safety organisations to try to address this and have the material available and for us to understand the issues that we can design our products around, also that they can be used by children. We don't really address child market, we try not to not try, we don't market our products to children or try to sell them to children but we want to understand the issues that if parents decide to buy products for their children that we have mechanisms in place that adults need.
So like what I started with, these are new challenges but also new technologies always bring new challenges. This means that we as parents have to learn and the children have to learn to use them responsibly. However, we have to remember that mobile phone as a device has improved the safety of children altogether despite any new challenges that are talked about here and those challenges can be addressed in helping the child to understand those. Thank you.
>> DIANA SUTTON: Now I would like to open the floor to my questions so if you would like to ask a question using microphone, say your name and who you're representing. Or not. Okay well if there are no questions, I will move on to Larry and I will take another slot for questions after that so please think through, I think there are a lot of stimulating, thought provoking contributions by the speakers so you obviously as an audience need a warm up, so I'll hand it over to Larry to get your questions flowing. Larry serves as a Technology Analyst for CBS News and is co director of ConnectSafely and is co founder of Safe Teens, safeteens.com.
>> LARRY MAGID: I've talked everywhere in America and first of all we have a legal concept which I believe applies to most of the world which is "innocent until proven guilty" and I raise that because indeed as John pointed out we don't know of cases where children have been harmed as a result of location services on mobile based phones. That is not to say that they can't be but it is to say that based on the evidence before us mobile phones seem to be innocent when it come to the implication that they might harm children. So it's important as we go through the process and think about how we can make sure that the status quo, parent status quo continues long into the future that we realise that this is not necessarily a towering problem and I choose those words carefully because as amy colleague Ann Collier knows we have politicians who like to think that anything having to do with the internet and children are towering problems. It is true there are horrible things that can happen to a child with regard to them having location services on their phone. One can conger up the thought of a pedophile who has access to location services for a child can abduct a child, and it's important that we not inhibit technology simply on the basis that things "could happen" because after all I could probably beat John with this relatively blunt instrument which proves that there is no question that mobile phones can do damage and perhaps we need legislation to prohibit that.
The other thing we don't know is whether or not these services are even being used by children to any great extent. We are a little bit in the United States with regarding adults and location services and if anybody in the room is getting ready to invest in these technologies, you might want to listen carefully, only 4% of U.S. online adults had ever used a location based application and only 1% of those had used it more than once a week. So when you do the math of roughly 217 million adults and you take 4% you're talking about 87,000 people in the United States that have ever even used these on a regular basis, which is to say that this technology is very, very much in it's infancy. For all practical purposes we are not even Henry Ford, I don't know who who originally designed the automobile, but we're thinking about a possible situation way into the future. It's great that we're talking about it because we want to keep that wonderful statistic that John is believing to be the case and I won't hold him responsible because as smart as he is he doesn't know everything about a child but certainly we know there has not been a lot of danger as a result of it.
We also know that there is a lot of variation in terms of how location based services are being and can be used. John talked about the Child Finder. In addition to that there are many services out there where people are using them to place themselves in the world. There are sort of three different kinds of services ha come to mind as I think about it. There is the device or the service that essentially places you and allows others to track you, and I'm thinking of looped and Google Latitude, you turn them on, establish a relationship, so, for example, if I had said that John Carr is my "looped" friend or my Google Latitude friend, he can track me wherever I am until we terminate that relationship. That's one strategy that's being used and I actually have problems with that because the problem with friends is that sometimes they can being ex friends especially with young people so we need to be careful when using any of these services ha we know how to terminate them and we think about that if a friend does become an ex friend and we warn our children accordingly. Then there are ones that allow you to be tracked for a finite period of time and I'm thinking of Glimpse which started in the United States a little more than a year ago and if I want somebody to know where I'm located I send them a Glimpse, go to the application which runs on the iPhone and I believe Blackberry and other platforms, and I send an email to them and they can then track me for a period of time and the minimum is 15 minutes but the maximum is four hours so there is no way one could stalk you into the future because it exists for no more than 4 hours. That's an interesting safety feature, and what's also interesting is it traction you when you move. I had a funny experience and I was on a bus between Washington, D.C. and New York and I sent a Glimpse to several of my friends and I posted it on Twitter, knowing full well if a pedophile wanted to attack me they could, and I got several messages telling me that the bus driver was driving above the speed limit, so you need to be careful that someone is not tracking some sort of law as they track you. But it literally traction you as you move about the United States, probably not the entire world. Then there are the services that allow you to check in. The Four Square and others that are popular in the U.S., among this tiny 4% group of people and they allow you to go to the restaurant and have it automatically recognize that you are at a restaurant and you can become the mayor of a location, there are all sorts of social networking types of games or interaction to go around with your location. Also in this category is what could very well become the 800 pound gorilla of location social networking which is places from Facebook which was announced only a few weeks ago in the United States. We have not heard much data yet about how "Places" is doing, it doesn't seem to be doing extremely well in terms of installed base or users but Facebook with it's more than 500 million members and considerable clout is in a position, if it chooses to and say successful at it, to make Places very popular.
I am pleased to say that Facebook has a safety advisory board and I see Will Gardener from Child Net and our own people here, and they were talking in advance to launching it and it's a victory for the advisory board to get Facebook not to tell us about it afterwards but to tell us in advance so we can avoid problems and we did give them advice, some of the members of the board suggested that they create special provisions for minor and they did, in fact, limit to some extent what can be done with minors, for example, with a minor only friends can see that the minor is checked in. The way it works is if I were to go to the the popular example that the Facebook C.E.O. goes to is Antonio's Nut House, it's appropriately named and a lot of Facebook people hangout there so if I were to go there and I wanted to use "Places, I would check in, Antonio's Nut House would come in as where I am, and all of my Facebook friends would know I'm there and anybody who is at Antonio's Nut house could look at the page and say, oh, Larry Magid is there, and so in the case of minors, the only people that would know that would be their Facebook friends so at least they cut back on the universe of people seeing them the other thing that's interesting about Facebook and problematic is tagging. It's one thing if I decide to go to a sleazy bar and tell all my friends I'm there, that's my right I'm over 18 I can do that. But Ann Collier might not want her friends to know she's at sleazy bar with me, but the problem is once Ann has signed into Places and has agreed to the terms of the service, once she has used Places once and checks in there I can say Ann is here and suddenly all of my friends know that Ann is there in the bar with me.
Well, in the case of friends, in the case of minors they eliminated that so only adults need to have that worry. That was a cool thing. It would only be seen by their friends, if they did. Also when you go to the Nut House page, there will be a "here now section, only minor's friends will know they're there, so they have built some safety tools into the service but, again, because of the tagging process there is the possibility that someone could essentially "out" someone by disclosing that they are there and not necessarily having their explicit permission. We have in fact I forgot to pass it out we have safety tips that we developed about a year ago and we just recently added one of the tips is to be aware of the fact that in some situations others can disclose where you're located and I will as soon as I'm done make sure everybody gets a copy of these.
So it's clear to us that there needs to be as other speakers have pointed out a great deal of education on the proper and safe use of location based services, I don't think anybody including people in the industry would disagree that that's essential. One of the things I think we also need to be careful about is that there are controls over who can see your location, that you always have the ability to control who can see you. You could never have a situation where you randomly broadcast your location which by the way, fortunately we don't have that problem, the services that I'm aware of, at least, don't randomly broadcast your location you have to establish a relationship with the person who knows your location. We need to educate young people not only not only that they need to restrict that to their friends but they need to be even more selective, that location is a special type of information and has a High Level of sensitivity even than other things that people are likely to disclose online. Young people need to understand that and they need to understand that friends can become ex friends and I would like to see systems that don't automatically and perpetually broadcast your location, but perhaps a reminder or a renewal process so you have to say, yes, positively, Larry, do you still want John Carr to know where you were? You set that up two weeks ago, did you want to continue that? So there needs to be a safeguard like that built in.
Another thing that's increasingly becoming just on the radar is geo tagging. If you were to take a photograph with a mobile phone, an iPhone or some digital cameras, there is geo tagging not into the devices so the meta data, which lives with the photograph, which is accessible when you have access to the file, not only says what type of camera you used and the resolution but it can say the location. So there can be situations where people don't even know they're using a location based service they simply take a picture with a mobile phone or perhaps a camera ha as a Wi Fi adapter in it or perhaps one of the 3G or 4G cameras that are on the market you post a picture or send it to someone and if they have access to the file they could under circumstances have access to the location. The good news is that it's probably that photograph isn't going out in realtime but it could disclose a person's home, or their location to their school, other information that you might not want to share with the world. I think going forward we're going to have to look carefully at these cameras. Bringing up the issue of cameras brings up another question, which is we can talk on this panel I think quite competently about the services that exist, perhaps people from industry although they wouldn't, but at least could talk about the services that are on the drawing board, the ones they're not going to tell us about, but the most interesting location based service, I can tell you what it is. It's the one that we can't yet imagine.
Every technology that's every been invented has always created the opportunity for applications that the founder, the creators of that technology never envisioned. So the only thing I know about this technology is because it's in it's infancy and because it's interesting and because Silicon Valley is continually exploring new ideas, we can't imagine what might come about. Any device that could conceivably contain a chip that could disclose your location, that needs to be thought about by industry as a whole as they build these devices and policy makers as they think about how these are being introduced into society but once again in the context of what I said at the beginning that innocent until proven guilty, the mere fact that the potential is there doesn't mean they do harm, it's that the potential is there. The way you help people is educate them on the use of these devices. Kitchen knives are things that we all use productively and safely but there are occasional situations where they're used unsafely and even maliciously and the same could be true with any technology but by and large I think this is an exciting technology, are it's been used and has been used to protect children potentially, it can be used to enhance social interaction. As I said before we have no research even on when children are using it even on how they're using it so it's difficult for me to envision how it can be used by young people and if you study young people's migration habits, they are less likely to be as mobile as adults are in the sense that they are less likely to be hanging out at restaurants all over the city, less likely to be traveling outside of adult supervision so we have to understand how these things are being used by children before we get too panicked about this. But I think it's exciting and I think it's important that the Internet Safety or the group of people who pay attention to youth risk with technology it's important that we keep our eye on this but it's also important that we not prejudge it.
>> DIANA SUTTON: I'm going to ask the floor if you have questions for any of our speakers. Could you come to the microphone? Thank you.
>> Okay. They say we know that location services are only starting but we also know that web services grow very fast. The question is how to strengthen the education issues with internet service provider and with all the industry about the risks before having big and global problems, normally we promote campaigns after there have been an important number of cybercrime cases, how do we prevent for the near future, should children eliminate their country or planet, how do we promote a safer use of these location services.
>> DIANA SUTTON: Thank you, good question. John and then Larry.
>> JOHN CARR: I've been wanting to change my planet for a while, I'm still looking! Obviously education awareness is key. It's not original but as we all know the best safety mechanism that every child has is the thing that's been their left ear and their right ear. So everybody should be in favor of children being educated and being made aware of the risks so that they keep themselves safe and everything else is irrelevant.
Unfortunately we know that that is not the way it actually works many practice. I mean, maybe this is the difference between a European outlook and American outlook, but also, if you I was taught if you can reasonably foresee a risk you have an obligation to anticipate that risk and head it off and if you don't, you are subsequently liable for the foreseeable consequences of your omission to deal with that risk. All I'm saying here is when by the way I should just briefly divert. When child pornography first started becoming an issue in the UK on the internet we went to see the industry and they asked whereas your evidence? You have one or two cases reported in the newspapers, how why should we invest all this money doing this stuff on the basis of virtually no evident? When chat rooms first came out on the internet and one or two pedophiles manage to get ahold of one or two children in the UK and sexually abuse them, the industry said why should we spend education around chat rooms when virtually no children have been abducted or raped or whatever, every single time that we as the child protection lobby have raised an issue with the industry they've always said exactly the same thing, "bring us the evidence, show us the harm and we'll react" I don't think that's the right way of going about it. I think if you can anticipate a risk it's absolutely wrong to say that you must wait for the evidence to pile up. A lot of companies when they produce a new product they have to do an environmental assessment, they have to predictor say how this is going to impact on carbon efficiency or you know how it's going to affect different things in the community. I think companies that release products, particularly products into the free internet, that's to say where there are no audit controls, no checks, no way effectively of determining who is going to use it in other words, where you already know where can complete certainty that children can and eventually will use them, that you should be obliged by law to do a child safety audit, you should be obliged by law to analyze the product or service that you're just about to launch and say we have considered the child safety implications of this new service or product that we're about to launch and this is what we think should be the kind of proper response to it. I don't think for one minute that any of the companies that have launched location services did that. I don't believe that there was a careful sort of scratching and thinking about this and they said well, we don't think kids are going to use it, there is nothing to worry about, let's just put it out there, absolutely not.
>> STEPHEN DEADMAN: Up until John's last statement I was going to say I agree, but in true to form I have to disagree with one thing, in fact, our nonprofits are working closely with the providers of location based services, I cannot speak for the entire industry, I can speak for Glimpse, I can speak for Google and Facebook that every one of these organisations has come to leading online advocacy in the United States prior to launching their service. We have had extensive conversations and they have, in fact, thought long and hard about the safety implications. I'm not telling you they have done everything possible but they have, in fact, thought about these issues. Looped is on, active in the online family safety Institute and Glimpse has been participating and Facebook is putting a lot of resources into this, so at the risk of seeming like an apologist for the industry Latitude I didn't say all of them, John, I said a number of them have been involved, and I'm not saying that I disagree with everything you're saying, Ann has passed around this document which we drafted, what, two years ago? So we and I'm not saying this because we and a lot of other organisations in the United States have been thinking about this issue for a long time, we first started thinking about this four or five years ago, so there is no question this is a case where we are trying to anticipate the problem and even as a John said, even prior to knowing if there is a problem, the industry and some of the leading NGOs are trying to make sure we don't have a problem.
>> Kids are inquisitive using controls and they're less able to understand the human nature and the generic things we understand as an adult so any education around this issue needs to pick up on the big messages, internet web safety generally, I don't think it's specifically about location, kids knee to understand how to use features and controls, and I think it's important that the industry makes sure they can make that as simple and intuitive as possible for the kids to discover and use.
>> DIANA SUTTON: John Morris is going to talk this. John is the Director of the Internet Standards, Technology and Policy Project at the Center for Democracy & Technology. John?
>> JOHN MORIS: This is an area where there is tension in what we do and I work on both issues and wear two hats so I sometimes juggle the tension. We have I have a long history of trying to work within the technical standard setting community to try to address location privacy issues. I happened to develop in 2001 a standard that would advocate attaching rules, privacy rules to bind it with the location so that if you receive location, you would know whether you can retain it, whether you can distribute it, and we had success in getting the Internet Engineering Task Force to adopt that approach, but unfortunately we didn't get the Worldwide Web Consortium to adopt that, so we have not been able to kind of change the privacy dynamic by getting a new dynamic where rules can be transmitted with location. So that's an ongoing effort, but not one that is really able to solve the very hard problems that are raised here. In the United States we have for younger minors we've fairly well addressed the privacy of younger minors being 12 and under by a law called COPA and it does restrict what younger minors are able to do and pretty significantly restricts what companies are able to do aimed at younger minors. John Carr is right that there certainly are minors that don't tell the truth when they're asked about what their ages are. But I think for especially for younger minors who aren't very savvy, COPA does provide a fair amount of protection. For older minors, we have been having a debate in the United States about whether to raise the age of COPS law, and privacy advocates such as myself are actually fighting for a different thing in the United States which is for baseline privacy legislation that protects everybody in the United States. As many of you know, the United States does not have broad based privacy laws as are in place in Europe and in many places of the world, so frankly in response to some efforts in the United States to extend COPS to older minors, we've been saying, well, there are very few privacy protections that I want for a 16 year old that I also don't want for a 26 year old or a 52 year old, are as I am. So our efforts in the U.S. has been focused on getting baseline privacy legislation passed. On that point there is, in fact, a little progress, a glimmer of hope. Two significant privacy bills have been introduced in the U.S. Congress. There is much more interest in enacting baseline privacy legislation now than there every has been before, I think there is at least a chance that the U.S. in the next two or three years would enact such legislation. Certainly not if I had to bet a lot of money I'm not sure I would bet on it but it's a greater chance than we've ever seen before. One thing about the proposals, it is quite clear that location information would receive special handling under any of the U.S. proposals, such that location for anyone, whether it's minors or adults, would have to get a higher level of consent, a higher level of understanding and a higher level of user control which is ultimately what we're really looking for. So in the U.S. I think, you know, one of the proposals one of the key parts of the solution is baseline privacy location.
Other parts are, certainly industry efforts like the Mobile Privacy Initiative that Stephen described is something that is very promising, although we've not been successful in getting the technology standards to kind of change the privacy dime am I correct, there is at least I think a chance that the leading companies involved in creating applications, you know, apps that are on the iPhone or the Android phone, getting those companies to look at things like location and other privacy issues raised by mobile applications would be great. So I think industry efforts, industry in civil society and civil society is a fruitful area, but I agree with most everyone on the panel that education is a critical element of the solution as well as technology tools. To the extent that the industry is it able to give parents the ability to know what their kids are doing consistent with privacy principles, is a good thing. I will note in answer to a question that Diana posed, there is a disconnect between the United States and Europe on the privacy rights of children. In the United States, to be honest, there is not as strong of a view enshrined in law that children have privacy rights that might trump the desires of their parents. Parental rights in the United States is say stronger concept than it is in Europe so there is, in fact, a little more of a tension there. But to kind of wrap up, let me just say, come back to how John Carr started off the conversation and John accurately described how the original John and Stephen, the original type of location services that were totally controlled by the carriers were a much simpler problem than what we're facing today where anyone who codes a web site can write a small Java script, a tine piece of code and that web site can get your location, most web enabled browsers, like Fire Fox will ask you "did you want to give your location to this web site"?
But we all know that pop ups and prompts like that are very often checked because the user wants something that the web site is offering and the web site is they're not necessarily paying close attention to what they're being asked about. So the problem of web based and web enabled location is a much harder problem and it's a problem as much as I think John Carr would like the carriers to be part of the solution, it's a problem where I'm not sure that the carriers are really going to be able to be part of the solution to the web based location services. The carriers have no direct control over those location services. They have no easy way to have visibility into when location services are being provided, so I think we would be putting back my free speech hat on, we would be very concerned about a requirement that somehow carriers had to control all applications that were being run on their phone on hand sets that they provide, because I think that would harm both speech and innovation. That's a place where my two hats do somewhat collide.
>> DIANA SUTTON: Thank you. You would like to ask a question?
>> I'm from Asia. I think next time perhaps we should have a child be on the panel because sometimes adults say "protection" but as a child they think it's violence so I think it's important to involve them into the discussions, making us know each other a little better.
>> DIANA SUTTON: Thank you, very important point, actually, and certainly we in UK actually have facilitated children entering this but obviously the logistics of bringing the children to an international meeting require a lot of planning but it is very much a principle that we certainly adhere to in the NSCCP.
>> DESERAI: Deserai from Hong Kong, and I want to speak on behalf of the kids you're talking about I'm actually one of them, I'm quite young so 10 years ago when I started using the internet I was actually not 13 so I'm one of the people that you talk about who would lie about their age in order to use a certain service so I'm speaking on that behalf, and secondly I wanted to say that from a personal perspective, a lot of times now from my I have nephews who are also children way below the age of 10 who have Facebook accounts and it's actually not their own initiative, whereas it's actually their parents who set the accounts for them so that they can stay in touch with relatives, like us. So actually kids sort of in a way, they're not the ones making the decisions of whether they're using mobile phones and Facebook. One of the questions that I wanted to ask is whether or not children themselves have been asked or have their opinions been considered? Have they been asked, "how can you help me?" Have we asked the children what are the best ways we can help them to overcome these issues?
>> DIANA SUTTON: Thank you, and the final question at the back and then the panel will answer and then we have one more speaker. Yes?
>> Two main questions, one is around the lack of knowledge here on whether any of the panelists or their organisations are funding research into this area, because I've looked for practical research and there is nothing happening as far as I can tell and it strikes me youth led research and academic research would help us explore this area well.
The other question is around John talked about child safety assessment and I would like to change that to a child rights assessment so it gets children to look at the tools used to protect their safety and we can capture the assessment.
>> DIANA SUTTON: Three questions, I would ask the panelists to be brief because we have one additional speaker. John?
>> SABINE VERHEYEN: My name is Sabine. I'm a member of the Parliament
>> DIANA SUTTON: Sorry, Sabine, we will answer the questions and then come on to your presentation.
>> JOHN MORIS: Certainly there is a lot of research at Carnegie Melon about this subject, and that research is addressing some of the things you mentioned, but Ann, Larry, and other child safety groups in the U.S. have certainly interacted with kids to try to figure out what's the best way to respond, and to provide messages. And I also know that I have a 14 year old daughter who is in the thick of all of this and she may not be a good example because I've been working the child safety area for about 10 years so she may know more but I have the impression from hearing from her and a lot of kids that the kids are savvy about this which doesn't mean that they're not significant risks and not a need to educate them more but I think kids do have a good perception that there are bad people out there and one does need to be careful about them.
>> DIANA SUTTON: Thank you. Child rights, assessment, research or participation of children in the debate?
>> JOHN CARR: I work with 11 children's organisations, and they are constantly talking to children and not just doing quantitative and qualitative research but children are their clients, customers and part of everything they do and we wouldn't be doing our job in the first place if that wasn't fundamental to everything we do. I agree about the need for more research, absolutely, and certainly as I hope I made clear you can see various upsides, various good things, including children's rights, to use the technology, what are part of this whole debate or ought to be. But we shouldn't talk about kids as if they were all the same. People say "kids" as if, hey, all the kids are cool, all the kids are getting it! That is not the reality. 11% of children between the ages of 8 and 12 are on Facebook having lied about being they've put themselves on Facebook as adults and their profiles are open to the public. Whatever way you look at that isn't good. There is nothing positive to be said for that statistic.
You have to accept at some level or another that education awareness isn't always going to work for everybody and it's a bigger thing than just saying the kids are cool, are you're just a boring old "Git" kids get it, that's hip and clever, it's not the reality certainly of the children we deal with and the children and families and background we deal with a lot of kids who never get the same chances that many other children get.
>> STEPHEN DEADMAN: At this time I can totally agree with John and I would like to say I would emphasize that one of the things we would like to talk about is using the health prevention model of look at internet safety or technology safety which is primary, secondary and tertiary but the bottom line is not all children are the same. We have our general population that needs educational messages, we have children who are exhibiting risky behaviors who are from groups for whatever reason are from a higher risk that need a bit more and then we have children who are very much at risk and this does not necessarily correlate with socioeconomic issues, but it's important that it's part of the research that we look at children who are at risk and for what and we don't try to have this blanket educational message other than the kind of basic stuff, which is fine but there are kids who may be, in fact, using these technologies in very dangerous ways and we need to reach them but not necessarily burden all children with the same message.
>> DIANA SUTTON: Thank you, quickly because I have one further speaker to get in.
>> Is this working? Maybe we just book mark this thought but we also probably need to deconstruct the 12, 13 age divide and be careful about making the assumption sort of in responding to the one size fits all issue, making the assumption that all children under are the age of 13 are unsafe in social media. The law that created that John referred to, that created that interesting divide, and it is based on some research about children's ability to understand the kind of messaging that's coming in, that law is a privacy law not a safety law, primarily, and it's about the kinds of advertising that children are exposed to and whether or not their data can be lawfully gathered by advertisers and used to market to them. So we can't make the assumption that because Facebook and MySpace and other social media are moving into other devices are compliant with COPA and that they are unsafe because they are using these web sites.
>> DIANA SUTTON: Thank you I would like to pass to Sabine, who is a member of the Germany Parliament and she represents the CDU/CSU group in the European Parliament.
>> SABINE VERHEYEN: Thank you, the European Parliament deals with subjects that are usually to the IGF. One of them is the issue of child abuse on the internet and I was asked to give you a brief overview on the ongoing legislative process first, afterwards I will present my opinion on location services which I see as a part of the on going debate. In the last month we were talking about the directive for the European Parliament of the council in order to fight child abuse and sexual exploitation and child pornography.
In order to achieve a proper level of security for children, and because of the technical development in the digital age there are several new forms of criminal offenses that challenge societies. The European Parliament conforms to the fact that we need the best possible protection frames for minors and young people.
Concerning the roots to that goal, there are intensive debates at the moment in the Parliament. The Commissioner caused a lot of attention in the media with her requests from member states to block pictures and videos that depict child abuse by using excess barriers, so called "blocking" on the network site. That constitutes a form of sensor ship according to credit particulars and say easy to by pass, and furthermore others have concerned that this will be used to block other things, too. There is a thought about deleting the content, this is significantly more efficient and since the content is deleted in it's country of origin, the Parliament agrees that deleting is the best method the question is the best way to deal with material where deleting is not possible. Blocking respective contents should be only an option if the removal is in spite of all efforts impossible for example because a server is run from outside of the EU. Metrics barriers will not remove content from the internet and only complicate access to the content without completing preventing access. The problem is deleting on for example trance Atlantic service is difficult and will be hard to realise since the international treaties do not exist. This is how blocking is times the only alternative. The best solution to my mind would be not to force member states to block content but to leave blocking as an option while emphasizing the deletion of such content. My recommendation, therefore, is to put deleting content first since it is the only sustainable, effective measure. So far legislation has been surprisingly indulgent by suspending most sentences. The severity of offenses should be taken into consideration from now on. It is important to prevent the public debate from focusing only on the issue of banning versus deleting since the issue has larger dimensions, such as prevention, protection of the victims, technical development, jurisdiction, enlightenment and intensive scientific documentation of the facts that need to be emphasized.
In the discussion we should remind ourselves that there is a higher rankings aim, the safety and dignity of our children. More to the main issue of this workshop, there is yet no legal paper to report on any directive dealing specifically with the issue of located based services. Creating a perspective for the European Parliament on this crucial issue should be a goal for the near future. In this context location based services like any other technology offer a chance and a challenge. According to this, the European Parliament view on location based services ambivalent. We do not see a problem when it comes to active location services where the user has to initiate every transaction. It is an act of communication between two parties. Moreover it's a useful feature when you are trying to find a good restaurant in a foreign city, for example, or friends. The passive locations are different, and there are several reasons why we are concerned. It might appear useful that guarantees safety for some parents who believe it to be necessary to track the children on their way to school or on the playground. Nevertheless the technology contains uncontrollable risks. The three part is involved in the process is the person doing the tracking, the person being tracked and the company supplying the information to the tracker. The term "passive" explains the dangerous part quite well. Once the tracker initiates the procedure and the child agrees to it, the person being tracked has no clue when he or she is being observed. As Mr. Carr mentioned, in the UK it was the passive services which gave rise to major data protection.
Privacy and security concerns, particularly when a number of companies started promoting child location services. You can be sure that there will be a similar debate when the issue reaches the European Parliament because of the following reasons: The new location services can be linked to social the networking sites and other online services, Facebook launched Places and the concern is without fully understanding the consequences, location data will be published as part of a profile. As a matter of fact the developer of applications like Places tells us that everybody who uses Facebook is free to provide just the information he or she wants but there is no doubt that there is a very large amount of minors using social media and the estimated number of unreported cases where children are not truthful about their age in order to get to use social media.
It is increasing every day. It is increasing every day. They technically know how to use the media but does anybody teach them the required responsibilities? You can imagine how easy it would be for anyone to track children with the range of a few feet. Those parents who might think it is necessary to track their kids day and night should begin by teaching them responsibility and rationality, it's a far better method than control them. Information and education in school starting at an early age is the key to a better prevention. But more security on the technical side, I fully agree with John Carr's proposal to establish a general code for everybody where, for example, each child would have to agree to being tracked by a specific individual and delivering the password to the real world address. The new code should specify that only persons age 18 or above may be subject of a location service or may initiate one. Robust verification systems should be developed in order to under are in this policy. New technologies, ladies and gentlemen are always a big challenge for society, everyone one of us, especially minors have to learn how to use them responsibly and it is one of the key issues in politics to secure a good framework. Since we can't ignore the development we have to prevent proper rules and regulations so we can take advantage of the benefits they offer. My opinion is that the protection of children is the most important aim in this, the freedom of internet is one discussion that we always have beside and it's also an important discussion but where the freedom of one person to information, when the freedom of a person saying his own opinion comes to the front to the freedom of the child to be not heard, I think there must be a cut because the freedom of one person has not to be disturbed by the freedom of another to express their own opinion, thank you.
>> DIANA SUTTON: Thank you. I would like to bring in questions now. We have 15 minutes left to have debate and ask questions. We could come back to your point about the 13 divide, and other participants may have questions.
>> JOONAS MÄKINEN: Hello, I'm Joonas Mäkinen from Finland representing Electronic Frontier for Finland, and I'm directing this to the member of the European Parliament, and I agree it's the active work of removing the content, and I'm especially talking about child pornography here, but what I don't understand is why do we bother discussing censorship consider this gone because there is no system at least with our current technology can work because if we're using any system, it's either not sufficient, meaning it's not doing what it's supposed to be doing and everyone who wants to reach content can do it and if it's even possibly, even possibly doing too much, then it's a violation of freedom of speech and it's censorship that goes too far and that's a big risk that we cannot take
>> That is the discussion in the Parliament at the moment, there are some that maintain that safety of children is more important than the freedom of speech and the freedom to give their own opinion is cut, where people do illegal things like sexually abuse of children or exploitation thereof. Freedom of speech finished their exploitation of children in theater but there is a risk in the system of blocking that also other content is to be blocked and that is also applied to other illegal deeds like gambling or other things, the discussion is always on that point, too and that's the reason why you get the cry of the Parliament, there is not agreement on the decision but at the moment there is one totally against blocking at all, and it's very important that we keep in mind the content and first that the possibilities of combatting child abuse on the internet we do everything we can do with regard to blocking the content and after everything is done, that what remains might be an opinion and listen to me might be an opinion that you can that you have the option to debate, to block, sorry, an option. We have some countries in Europe who have established a blocking system like UK, Sweden, Finland, Italy, it's working well. The criminal institutions in Germany say that the blocking would be the best. I think it would not be the best.
>> DIANA SUTTON: May I remind you that this workshop is not about blocking services, and I don't think it would be right to take it over because we haven't had presentations around this issue. I think
>> I was going to
>> DIANA SUTTON: I think we need to talk about this workshop issue, the person next to you would like to comment.
>> Steve Debaccno with the Net Choice Coalition, Andrew McLaughlin said about the internet, "It's innovation without permission," and they are instantly evaluated and available to users, but at the same time the internet permits quick reaction, users can complain and post blogs, advocates and watch dogs can immediately slam a new process both in their own blogs and talk to media. I would say that regulators and legislators can issues statements and hold hearings and propose legislation days later. So the quick reaction to this incremental innovation has so far produced the kind of things that you're talking about today, like location based services, why do we have them? Because we can. So you look for ways to see if you can make it available as a new feature incrementally. So my question is looking at Google, rolling out new features, Facebook, within days dramatic changes were rolled back if pluses in these services cause problems in location based privacy, they, too, can be rolled back and there isn't any residual risk with location information it's a realtime risk to know where you are, if the services roll out and the companies shut is it down the location information is no longer being broadcast it's not residual, so my question is are you satisfied with this incremental innovation without permission or would you prefer that companies go through a precrimes analysis of perspective risks where they then obtain permission from John or regulators and legislators before they innovate.
>> DIANA SUTTON: Good question.
>> STEPHEN DEADMAN: Very good question, the world is not made up of Google and Facebook so that reactive response does work in those cases and in general the way that you described what Andrew said, we would endorse that, we think it's a great way in which the industry can adapt and respond quickly. It won't cover all the risks so the approach that I said in my 10 minutes earlier was, we're clever enough to look ahead and say there is a whole bunch of stuff here that we can do something about, it's not 100%, we shouldn't be trying to seek 100% assurance or regulate the future but when we see big bad problems ahead of us we should put into place things that can reduce that risk, consumer concerns, regulator concerns and so on but that which doesn't harm innovation, so it needs to be adaptive, because the industry is rapidly changing and for example, when we talk to developers, right, we talk to them about issues like privacy and their attitude is, I don't want to worry about that stuff, I haven't got people like you worrying about this, if you can tell us what you expect us to do, great, fantastic, job done. So there are things that businesses can do to speed things up in a way that moved everybody forward in a right way and that's a value to developers and a value to consumers because maybe they don't want to check Facebook settings and find out that Google is completely different, it would be nice if they were all kind of the same. So you have to add value but in a manner that allows rapid innovation to happen. Season.
>> JONNE SOININEN: I agree with what Stephen and John said. We will have to seek for the possibilities, before, whereas the risk and how can we mitigate it, exactly how Stephen said but having the possibility if you get feedback if you are successful and not as successful and sometimes you get even more feedback and you can react to that. This is a very useful tool and that is something that we have to use as well to make improvements incrementally as well. In general the main point is we have to be careful when we do the preassessment what is good and what is useful and what might have some risks, because we can't mitigate the risks if we don't understand what these things can be used for.
>> LARRY MAGID: I know that everyone in this room strongly believes in the rights of the child and how you define "rights" is an interesting question but one of the things we need to consider when we talk about the rights of a child is the rights for children to use technologies unless or until it is proven that these technologies are dangerous to children, so, for example, I would not initially say that location based services can't be used by people under 18 because, in fact, we don't know yet how people under 18 might use these services, they may thrive with them as they thrived with other social media, they may turn their back on them and find that they're stupid and not use them at all or there is the possibility that there could be danger that we need to address but until we actually find that out we should not block it and we should consider their rights to use technology and to express themselves and to share their information, obviously, with a great deal of education and adult involvement in helping them do it safely.
>> DIANA SUTTON: Thank you. The rights of the child are clearly defined in the UN Convention which are talking about the child's rights to privacy and comprehensive universal statements to the rights of a child. Time for one quick question and then it's the end of the workshop. I would like to take a question from is it from a remote participant? Okay, I'll trust you on that.
>> This is regarding the action on the rights of the child based in the UK and they said young people want to use this technology and will find a way anyway by trying to stop them we will create the Facebook problem where children can't ask for help because they know they shouldn't be on these services to begin with, wouldn't it be better to create child friendly services, where they have given thought to the privacy issues and so forth?
>> DIANA SUTTON: Thank you. Safe by design?
>> STEPHEN DEADMAN: I agree with that remark. I think with location services they're not inherently adult activities, something that young people can see the benefit of and shouldn't be excluded from, and if you exclude kids from the participation exactly as the questioner put it, then you are in danger of not designing things in their favor and giving them ways of addressing problems and I think you also for children who don't use their services when they first begin to use them they don't have the initiation that is a natural part of growing up and becoming an adult so I general think that's a sensible way of looking at the issue.
>> DIANA SUTTON: Thank you.
>> LARRY MAGID: I agree with Stephen.
>> JOHN CARR: We have rules about alcohol, tobacco, knives, solvents, all kinds of things and it's true in the end these are matters of judgment and they don't work perfectly well for every child in every situation. I mean I know some adults at 45 who are not fit to be let loose with a bottle of whiskey, and I know 21 year olds who are very responsible with such.
Now, all that's being said here again is that, you've got it wrong, although you don't agreement with our judgment. You either the kind of attitude that created anarchy, what Steve is saying is not always responsible, why is Facebook saying you have to be 13 and Yahoo saying you have to be 18, and why is Facebook restricting it, and they've gone to great lengths to make it as safe as it can be or predicated it on not knowing the actual age of the kids who use it, which is the great, big gapping hole so you can say "let's not have any rules and let the kids find their own level and let the kids do what they like" in this area as you can any other, alcohol, driving, tobacco ask the law, or you can do what adults and parents have done down the centuries and that is try to make a judgment about where to draw a line and make rules that large civilized societies find agreement on what is acceptable. That's the point being made there. Of course kids are always going to be pushing the envelope and pushing the boundaries, that is part of what being a kid is about, it's not a reason for not having boundaries or rules, because these boundaries and these rules in turn shape and influence the way children perceive issues around conduct and behavior. It's part of the eternal struggle. I did have a quote from Plato I could give you about the way irresponsible children never listen to what their parents were saying and so on. It's not a reason for abandoning rules, we have to make the best judgment we can and I don't accept that saying throw it out there and let's see what happens is a responsible way of doing it.
>> DIANA SUTTON: Just as we're closing the workshop we end in a lively debate. John wants to say something and then we have to close.
>> JOHN MORIS: One sentence of push back to say that I think there is a society judgment that alcohol and firearms are something that children should ever need or have and I simply don't think we have that societal judgment that child location services are that inappropriate, they raise risks, we've got to deal with those but I don't think it's the same thing.
>> DIANA SUTTON: Thank you. And on that note I would like to say thank you to all our speakers, a lively and interesting presentation and do feel free to continue discussions bilaterally with them. Thank you.
(Applause.)
(End of workshop)
***