My grandchildren live in a world where computers and the internet have always been there. My granddaughter recently asked me “Gran, what did you do when you didn’t have the internet?” I replied, “somehow we managed to survive”.

The internet, being an integral part of our kids’ lives, can be a very powerful thing. It gives children access to educational material, fun and games, and easier contact with family and friends. But it also, by the same token, allows nefarious elements into their lives in a very sinister and often disturbing way. 

But it isn’t just cybercriminals and online stalkers that put our kids at risk. Big tech companies like Facebook, Google, and Amazon have a light shining on them at present because of their less than respectful attitude towards data privacy. 

The world’s children deserve the best experience possible with technology. But, unfortunately, this is not always the case. 

Here, I look at some of the areas of technology that deserve our attention as good parents and as good technology designers.

Smart Toys Are Not So Smart

In “the old days”, the nearest thing we got to a smart toy was a Tiny Tears doll which would cry and wet its nappy. Today, a toy isn’t a toy unless it has sensors and is connected to the internet. Smart toys, however, can be pretty dumb when it comes to security and privacy.

Safe-KID-One

Photo by European Commission

Here are a few to whet your appetite and send shivers down your spine:

The product: Smartwatches, such as Enox’s Safe-KID-One, sold as a way to keep track of children. Sounds like a good plan, right? Anyone who has turned around for 5 seconds only to find their little tot has disappeared, will know that any way to find that kid quickly is a good idea.

The problem: The European Commission has sent out a recall for the watch. Researchers found that the watch used unencrypted communication of data. The EU stated that 

“A malicious user can send commands to any watch making it call another number of his choosing, can communicate with the child wearing the device or locate the child through GPS.” 

Scary stuff. The watch, with a little more security by design, would be very useful. Hopefully, Enox will fix this design flaw.

Enox watches are not the only smartwatch with these security flaws. There are a number of similar smartwatches with similar design issues that allow children to be tracked, data to be stolen, or that allow location spoofing. 

The product: CloudPets, just the name conjures up an “awwwwwww” in my mind. Cute cuddly connected teddy bears, what could possibly go wrong?

The problem: One of the features of the CloudPet was to record messages between parent and child. Unfortunately, Troy Hunt found that Mr. Teddy had exposed 2.2 million of these messages by storing them in an unsecured cloud database. Bad teddy, bad! To make matters worse, the insecure database had been indexed by Shodan which is used to locate connected devices. 

Unsecured databases seem to be a ‘thing’ at the moment with many instances of data exposure by misconfigured Cloud storage. Design of secure systems extends to the configuration of the components too.

Social Platforms, Age Verification, and Kids’ Safety

It hardly needs saying that mixing social media and kids keep parents awake at night. But many social media platforms have a lower age limit of 13-years. Of course, the truth is, that few, if any, use real age verification checks. 

The product: TikTok (specifically aimed at teenagers) as well as Facebook, SnapChat, Instagram, etc., social media apps.

The problem: TikTok and other social apps, state that they not only collect personal data such as contact details and geolocation, but also behavioral data. These data are used for targeted marketing as well as targeted posts. Social apps (and other online applications, like email) state that you must be over 13-years old to register for an account; but you don’t, you can lie. As long as you register with a date that says you are “over 13” you get an account.

TikTok and similar apps do not check the age of the user in any meaningful way. They do not use age verification checks on any account created by any user. The problem is that not only can persons under 13-years create an account, but they could potentially then be able to access harmful material, scams, and come into contact with harmful persons.

The product: Facebook Messenger App

The problem: The app allows group chats to be created. Children require parental consent and approval to join a group chat. However, a design flaw has meant that children can join any unapproved group chats with strangers.

Digital Assistants the Digital Baby Sitter 

Digital assistants have the potential to be a fantastic digital interface for our children. They could offer new learning methods, tell bedtime stories, and generally entertain our kids. But design flaws seem to make this digital version of Mary Poppins more like Pennywise from IT.

No matter which of the virtual assistants you choose, all of them have a very obvious Achilles heel – privacy.

The product: Amazon Echo Dot “kids’ version”. 

The problem: It doesn’t take a privacy genius to realize that digital assistants and children are a potential privacy nightmare. This year, a complaint has been filed against Amazon Echo Dot “kids version” by a number of organizations including the Campaign for a Commercial-Free Childhood (CCFC). The issues are outlined as the consent obtained cannot be verified as being from a parent or guardian. The device retains children’s information longer than needed and it’s difficult to remove otherwise. The “kid skills’ routinely collect data and almost 85% of them have no privacy policy.

If you design a “kids edition” of anything it should be built to reflect the needs of that demographic, including enhanced privacy, delegated accounts for guardians, and so on.

The Grownups 

The problem: The attitude of parents and guardians. I took a photo of my granddaughter recently stating, “I’ll send this to your mum and dad”. This initiated the response from said granddaughter “Don’t Gran, I am sick of people showing off photos of me”. This little bit of wisdom is something that we, as adults, should take heed of. 

Children have as much right to privacy as grownups do. A paper by Stacey Steinberg “Sharenting: Children’s Privacy in the Age of Social Media” points out that 92% of 2-year old’s have an online presence. And, 45% of photos of children posted to Facebook mentioned a first name and 6% a date of birth. The paper argues the case for the rights of children to privacy and for parents to respect this right.

Laws That Keep Kids Safe

Two examples of laws that regulate the protection of children’s data:

The USA – COPPA: The reason for the “over 13” age restrictions on apps like Facebook is because it is a regulatory requirement under the Children’s Online Privacy Protection Act (COPPA). The COPPA regulation is overseen by the Federal Trade Commission (FTC) and is U.S. based. It sets out requirements for the handling of personal data of children aged 13-years and under, by online services and websites.

EU – GDPR: GDPR has special provisions for the data of children aged 13-years or under. This includes rules and requirements such as:

  • There needs to be a lawful basis for processing the data of anyone under 13-years old
  • That you must be over 13-years to provide legal consent to process data if not, explicit parental consent must be given
  • Special protection when using data for marketing purposes
  • Privacy notices must be age-appropriate

Simple Tips for Keeping Kids Safe Online

Let’s assume we can’t remove internet access from our children. Instead, we can take proactive steps to help reduce cyber-risk. Here are a few tips, which you hopefully already do, to help protect your children from the threats in cyberspace. 

Tip 1: Teach your kids about cybersecurity and privacy; security and privacy awareness aren’t just for employees. Teaching children about what types of security threats are out there should be a modern requirement for good parenting. For example, if kids have smartphones, they are subject to the same SMiShing (phone-based phishing) as the rest of us. Ensuring they understand the implications of privacy is also an important thing to teach children. 

Tip 2: Explain about online etiquette and what lines you shouldn’t cross. You will let your kids know about stranger danger in the real-word, extend this advice to the online one too.

Tip 3: Install anti-malware on a child’s phone and consider using monitoring software too.

Tip 4: Use parental controls wherever possible. Some controls allow you to filter and block certain types of content.

Tip 5: Manage their mobile app installs for as long as you can get away with it. Check out the privacy settings for any app you install. Also, the operating system you chose might be helpful. A survey by Symantec, which looked at privacy based on mobile operating system, found that 89% of Android apps compared to 39% of iOS used ‘risky permissions’. That is, apps required the use of personal data, such as tracking or camera or audio access.

Of course, I’m aware, that once your children reach a certain age, controlling their internet and phone use is difficult. As our kids grow older and enter the teenage years, we can only hope that we have taught them well and that they understand the subtleties of online safety and cybercrime.

Designing Technology for Kids

A study by Pew Research in 2018, found that 95% of teenagers (13-17-years) have access to a smartphone, 45% of them describe their internet use as “constantly on”, and social media use is universal. This intimate connection with technology coupled with naivety has made our children into potential targets for cybercrime, illicit contact, scams, and privacy violations. 

Technology is often a leveler. It can bring young and old together under one umbrella. But when we design technology products for wide-demographics, we need to remember that there are age-related differences. These needs straddle usability, privacy, and security. We need to design with kids in mind. Understand that they may not recognize subtle social cues from online exchanges, that even the most mature of us often miss. Any technology that is likely to be used by a young person or child should be intrinsically and intuitively built with privacy and security by design.

Of course, in an ideal world, apps, toys, and smart devices would be designed to be as secure and privacy-enhanced as possible. But until then, hopefully using some common-sense security advice will help.

Additional Resources

  • The International Association For Privacy Professionals (IAPP) have a number of privacy activity sheets to help teach children about privacy;
  • The National Society for the Prevention of Cruelty to Children (NSPCC) has some useful advice on how to talk to your children about online security;
  • Mozilla has an ongoing list of products that they ask the buying public to rate on a creepiness scale. It is worth checking out.