Adults on Secured Online Environments

¶ … Adults on Secured Online Environments for Children

Conceptual Framework

Scope

Title Searches, Articles, Research Documents, Journals and Websites..

Historical Overview of Individual Technology Usage

Changing Roles of the Instructor, Parent, and Student

Inserted after completion of final study]

Throughout history, children have always been at risk of exploitation by adults, varying only in degrees. An unfortunate but natural concomitant of the increase in use of online resources by children has been a corresponding increase in the targeting of these young people by commercial enterprises that exploit their innocence and lack of guile by soliciting personal information that is then used for target marketing purposes. More alarming, though, has been the use of online forums such as MySpace.com to lure young people into online and offline encounters that may endanger their safety and lives. The federal and state governments have been trying to achieve a careful balance of laws to protect underage consumers from exploitation by online businesses while recognizing the fundamental constitutional rights of commercial enterprises and consumers involved, but this has proven especially problematic. Moreover, the increasing popularity and sophistication of Internet-accessible devices such as laptops and especially cellular phones, has provided entirely new avenues for young people to both access online resources and be accessed themselves by adults seeking to attract underage victims for criminal purposes. In fact, the availability of ring tones that adults are unable to hear but which teenage users can is reflective of the "we-them" mentality emerging in technological applications today. The purpose of the instant study is to identify what can be done to help policymakers and educators alike address these concerns in the classroom and in the home.

Executive Summary

This study proposes to use a five-chapter format to answer general research issues such as to what extent are educational leaders, teachers, and parents aware of potential risks to children during unprotected and unsupervised access to the Internet? A heightened awareness of potential predator risks to children while accessing the Internet unsupervised and unprotected is a vulnerability that will become a reality through further investigation of the issue. The study proposes to employ a phenomenal approach to identify the potential risks and their consequences of the issues that exist in the minds of all concerned, providing substantial significance and heightened sensitivity to the issues addressed. These goals will be accomplished through emphasizing a focus on the subjective experiences and enlightened understanding of the issues in the minds of administrators, educators, librarians and parents using a modified Delphi technique that allows respondents to participate in an iterative questionnaire completion process online.

Informing Adults on Secured online Environments for Children

Chapter 1: Introduction

Background of the Problem

As more and more young people become expert with computers and online interfaces, their vulnerability to exploitation by adult predators also increases. In this regard, Campbell, Calvert and Boswell (2003) stated "as personal and business-critical applications become more prevalent on the Internet, network-based applications and services can pose security risks to all attention resources." According to Festinger (1997), one danger of the internet is that people can be disguised. Festinger asserted "people avoid information that is likely to increase dissonance. Not only do we tend to select reading material and television programs that are consistent with our existing beliefs we usually choose to be with people who are like us." Unfortunately, the internet can disguise people with a different set of opinions or moral values. As Festinger asserted, there is no assurance about the identity of individuals that family members are talking to while online. Therefore, it is imperative that responsible adults implement security features such as the installation of available hardware and software properly installed into every home computer environment ensuring the safest computing environment possible. According to Elder and Paul "skilled critical thinking is to be able to take one's thinking apart systematically, to analyze each part, assess it for quality and than improve it" (2002). Developing a strategy for internet use will require "skilled critical thinking" in order to conduct the kind of analysis that will lead to necessary safety measures (Campbell et al., 2003).

During the 1980s and 1990s, in the beginning of internet use, only the government officials and scientist had to worry about securing data from intrusion, modification, or destruction. Now with desktops or laptops or both in every home, and the increased reliance on the internet for information and as a form of communication, not only is our personal information at risk, but the safety of our family has come into play due to online predators. Because of this dangerous trend, the average administrator, teacher, and parent trying to have the latest technology at their families' disposal but in a secure mode needs a guide on how to manage internet access.

Problem Statement

Children fall prey to online predators at an increasing rate, in a 1998 survey Parry surveyed 10,800 teenage girls of which 12% admitted to meeting stranger's offline. Additionally, in 2000, Family PC reported that 24% of girls surveyed and 14% of the boys polled met strangers on the Internet, moreover, they met these individual offline as well. During a recent visit to a small Midwest community, three children admitted involvement with Internet predators, leading to the torture and rape of one of the children (Wire Safety, n.d.). According to Shields (2003), "In this porous and mixed material/virtual world of the home, parents worry that children and teens will be targets for online predators, paedophiles and online marketing scams at home. Columnists and how-to authors warn parents to limit their children's online time, double-check their email for pornography and debate whether or not face-to-face meetings with others met online should be allowed" (pp. 98-9). Furthermore, the initiatives to date have failed to measure up to the need. For example, the well-meaning but misguided "Deleting Online Predators Act of 2006," or "DOPA," introduced by Rep. Michael G. Fitzpatrick, would require any school or library that received government funding to block access to any website that "allows users to create web pages or profiles that provide information about themselves and are available to other users, and offers a mechanism for communication with other users, such as a forum, chat room, e-mail, or instant messenger" (quoted in Fletcher, 2006 at p. 24). The bill would also make these sites available only to people that were aged 18 years and older (Fletcher, 2006). Although this legislation's intent -- to keep online predators from contacting children through social networking sites such as MySpace -- is admirable, attempting to prohibit the use of these phenomenally popular sites is like using a $200,000 smart bomb to destroy a $10 tent (Fletcher, 2006).

In reality, the problem is that no widely accepted safety recommendations and guidelines as developed by experts in the field that are applicable in many environments including home, school, and offices to insure the safety of children and adolescents are available. Subsequently, the safety of children continues to be at risk in increasing numbers as more people gain daily access to the internet. There is a need to develop a qualitative study that will explore the perceptions of experts in how to protect children and adolescents from online predators. This qualitative study will use a modified Delphi study to explore the perceptions of Louisiana area school districts educators, administrators, librarians, and sample parents through interviews and surveys, seeking to develop a set of unified and consistent recommendations for online safety for children and adolescents.

Problem Statement No. 1

With desktops, laptops or both in every home, and the increased reliance on the internet for information and as a form of communication, not only is the public's personal information at risk, but the safety of American families has come into play due to the increasing presence of online predators (pers. obs.). The Internet's lack of security has created a need for the education of administrators, teachers, and parent to ensure a safer computer environment for families. This qualitative research study will first query computer awareness of education administrators, teachers, parents, and students in the New Orleans school district, next this researcher will explore the required elements by researching documented data to be considered in order to develop a framework that can be used as a guide by educational leaders and parents for the protection of children at school and at home. Research areas will include various Information Systems Security sites that provide security solutions that can be implemented in schools and in the home, other avenues of research will include discussions with a multitude of technical personnel proficient in the security of hardware, software and network technology.

Problem Statement No. 2

The above-described dearth of online security procedures has created a need for the education of administrators, teachers, and parent to ensure a safer computer environment for families. During this quantitative research study, the author will investigate the trend of online predators as recorded by local law enforcement agencies this step will include information on various types of techniques used by these offenders. Next, the researcher will conduct a query of the computer awareness of education administrators, teachers, parents, and students in the New Orleans school district, then evaluation of documented data will provide a research base of the required elements needed to consider while developing a framework that can be used as a guide by educational leaders and parents for the protection of children at school and at home. Research areas will include law enforcement agencies, various information systems security sites that provide security solutions that can be implemented in schools and in the home, other avenues of research will include interviews with a multitude of technical personnel proficient in hardware, software and network technology utilized for computer security.

Purpose Statement

The purpose of this dissertation is to provide recommendations from experienced practitioners of detailed, hands on instruction or guides that even the computer illiterate parent or senior caregiver can use to set up a home computer in the most secure mode available. Research areas will include various Information Systems Security sites and discussions with a multitude of technical personnel proficient in the security of hardware, software and network technology. These sources will support a Delphic study designed to develop safety recommendations for using computers in home environments where minors are present.

The results of the study will contain a systematic instructional guide, a tool that one can use to establish a computer system in as secure a mode as possible. The dissertation will also include a detailed listing of available security hardware and application software with installation details as to how to better utilize the hardware and software security features. A Delphi study research approach engaging administrators, educators, librarians, and parents in the Louisiana school districts who are expert in computer use and safety measures will provide an enhanced understanding of a growing problem that has developed into potential threats to the safety of our nation's youth. Findings resulting from the Delphi study will provide a framework and heighten awareness, thus equipping responsible adults with the tools required to minimize the potential internet predator risks. Change implementation of computer environments in the Louisiana school districts is dependent upon the outcome of the interviews and observations conducted during this research.

According to Linstone & Turoff (2002) "Delphi may be characterized as a method for structuring a group communication process so that the process is effective in allowing a group of individuals, as a whole, to deal with a complex problem." (p 5) given the explanation provided by Linstone and Turoff in regards to the Delphi research method the goal of the research results is to provide valuable information that educators and parents can utilize while providing internet access for our students, technology is a way of life that students in the classrooms today must continue to understand and utilize as a research tool to learn more about our world.

To grasp a better understanding of the technological understanding of students, educators and parents, it is essential to implement a process in which one can obtain insight into the technological skills of students, according to Lang (n.d.):

The Conventional Delphi has two main functions. That is forecasting and estimating unknown parameters and is typical of Delphi as it was originally conceived. It is used to determine consensus on forecasting dates and developments in many areas - but particularly in the area of long-term change in the fields of science and technology. By estimating unknown parameters, respondents make their own estimates regarding the expected levels of an activity relative to present levels. The Policy Delphi on the other hand, does not aim for consensus but seeks to generate the strongest possible opposing views on the resolution of an issue and to table as many opinions as possible. The objective is for it to act as a forum for ideas and to expose the range of positions advocated and the pros and cons of each position (Bjil 1992). And finally the Decision Delphi is utilized to reach decisions amongst a diverse group of people with different investments in the solution. (p 3)

Significance of the Study

Research will assist administrators, educators, librarian, and parents in gaining a better understanding of the potential risks of children accessing the Internet unprotected and unsupervised. Additionally, heightened awareness of the potential jeopardy to children while accessing the Internet unsupervised and unprotected, will allow administrators and parents to design a safer computer environment. Currently it is the intent of the researcher to conduct further investigation of this concern by utilizing a modified Delphi study.

Nature of the Study

According to one authority, "The Delphi technique has been described as 'a method for structuring a group communication process so that the process is effective in allowing a group of individuals, as a whole, to deal with a complex problem" (¶ 1) "...features of a Delphi procedure are an expert panel; a series of rounds in which information is collected from panelists, analysed and fed back to them as the basis for subsequent rounds; an opportunity for individuals to revise their judgements on the basis of this feedback; and some degree of anonymity for their individual contributions." (¶ 4). In their book, Task Analysis and Instructional Design, Hannum, Jonassen and Tessmer (1999) report that, the Delphi technique is a structured group interview technique for seeking consensus among a group about ideas, goals, or other issues. The Delphi technique is often used in forecasting needs, predicting outcomes, and predicting the future. This technique is intended to produce convergence of group opinion and reduce error inherent in individual opinions" (p. 267). The Delphi technique requires an iterative approach so that the initial analysis of group responses are provided to all group participants who then examine the results and subsequently respond another time in a subsequent round; based on this iterative approach, a group consensus is typically reached (Hannum et al., 1999).

Research Questions

To what extent are educational leaders, teachers, and parents aware of potential risks to children during unprotected and unsupervised access to the Internet? Heightened awareness of potential predator risks to children while accessing the Internet unsupervised and unprotected is a vulnerability that will become a reality through further investigation of the issue. Through research utilizing a phenomenal approach the potential risks and their consequences of the issues will then exist in the minds of all concerned, providing substantial significance and heightened sensitivity to the issues addressed, this accomplished through emphasizing a focus on the subjective experiences and enlightened understanding of the issues in the minds of administrators, educators, librarians and parents.

Research Questions/Hypothesis

What concerns do computer aware parents and teachers have about child safety on the internet

Do computer aware parents and teachers currently apply strategies and make adaptations to improve safety for children online?

What suggestions can computer aware teachers and parents make about improving child safety online?

Do computer aware parents and teachers recommend any changes in the way the children use the internet in schools and in the home?

How do computer aware parents and teachers envision the future use of the internet by children in the home and at school?

Conceptual Framework

The conceptual framework used for this study was an exploratory approach. According to Atkinson (1995), an "exploratory methodology is designed to uncover aspects of data that should generate questions" (p. 77). Furthermore, Thomas (1998) emphasizes that an exploratory research methodology may provide the researcher with some serendipitous findings: "Some studies qualify as exploratory investigations because the researchers are guided only by very general questions rather than by specific hypotheses to test or precise questions to answer. As a consequence, interpretations of exploratory studies often include unanticipated conclusions" (p. 268).

Definition of Terms

Computer Crimes. The U.S. Department of Justice broadly defines computer crime as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution"; because of the diversity of computer-related offenses, a narrower definition would not be adequate (Kim, Lusthaus & Wallace, 2005).

CME. Center for Media Education.

CEOS. Child Exploitation and Obscenity Section.

DOJ. Department of Justice.

FTC. Federal Trade Commission.

Assumptions

For the purposes of this study, it will be assumed that all children of eligible age will be enrolled in a school appropriate for their age and learning levels; it will also be assumed that these students have some level of access to the Internet, and that some of this access will not be entirely supervised by adults.

Scope

Although the general scope of this study will extend to predation of children online in the United States and other countries, the primary focus will remain on the U.S.

Summary

This chapter introduced the topic under consideration, the importance of its investigation and what problems would be addressed, including the significance, nature and scope of the proposed study. The study's guiding research questions and rationale were followed by a description of the study's assumptions and scope. Chapter two below provides a critical review of the peer-reviewed and scholarly literature concerning current trends in online usage by young people and how these trends have affected their vulnerability to predation by adults, and what steps have been taken by government and private organizations to address these issues.

Chapter 2: Review of Related Literature

Historical Overview of Individual Technology Usage

As a major carrier of information, the Internet has become an important part of many lives. Growth of the Internet is driven by cheaper and faster computers, lower access fees, increasingly easy-to-use interfaces, and, perhaps most importantly, significant growth in the amount of information and entertainment provided (Barker & Gronnes, 1996).

Citing research by Coyne (1998) who maintained that the emergence of the Internet as a distribution channel has intrigued marketers who see potential marketing benefits, Cai and Gantz (2000) report that an overwhelming majority (87%) of the members of the Direct Marketing Association (DMA) have Web sites, with 83% of those marketers using their sites for marketing or sales applications; furthermore, about 25% of those who use their Web sites for real-time electronic sales transactions are doing so successfully (Cai & Gantz, 2000). As companies market their wares on the Internet, a number of issues have emerged, including the factors that affect consumer privacy; the results of a 1997 survey of Internet users found that privacy outdistanced censorship as the most important issue facing the Internet and in 1998, it remained a major concern among Internet users (Cai & Gantz, 2000).

By 1998, more than 6 million American children no older than 12 years were reported to be online, up from 3.5 million in 1997; these figures represent a fundamental shift in how marketers are approaching their target marketing techniques, and the increasingly sophisticated and user-specific interfaces can help induce the most skeptical child to reveal more personal information than was intended or allowed by parental oversight, example. Not surprisingly, in view of the increasing privacy concerns for children, the online collection of personal information from children by marketers has attracted considerable attention. Privacy was not as salient an issue with traditional media (e.g., television), since with those media marketers were not able to contact children directly. With direct contact possible on the Internet, privacy concerns became more pronounced (Cai & Gantz, 2000).

In May 1996, the non-profit advocacy group Center for Media Education (CME) filed a formal complaint with the Federal Trade Commission (FTC) about online marketing practices toward children. In it, the CME argued that such practices were "misleading, deceptive, and invasive" (CME, 1996b, p.1). Acknowledging the work of the IITF, the CME also published the first set of guidelines, which specifically addressed the issue of online data collection from children (CME, 1996c). In it, the CME called on marketers to "fully and effectively" (CME, 1996c, p. 7) disclose their data collection practices. For the CME, this included a description of the information being collected; the ways in which the information would be collected; the intended uses of the information; the corporation collecting the information; and the extent to which such information would be accessible to third parties. CME also wanted marketers to obtain valid parental permission when collecting personal information from children. Finally, CME sought correction procedures for previously collected information as well as processes, which would prevent further use of the information.

In 1997, the FTC set up a series of workshops addressing ways to protect the online privacy rights of consumers. Later that year, the FTC announced the results of their "Kids Privacy Surf Day," a snapshot of privacy practices observed on Web sites designed for children. Most (86%) of the sites assessed collected personally identifiable information from children. Only a handful (4%) asked for parental permission. The FTC emphasized the importance of protecting children's online privacy and declared it would conduct a systematic assessment of online information collection practices the following year, with the results of that study sent to Congress (FTC, 1997).

In response, the FTC conducted a content analysis of Web sites, examining 1,402 commercial sites in March 1998, including 212 sites directed to children (FTC, 1998). The study assessed the effectiveness of self-regulation as a means of protecting consumer privacy on the Web. The FTC counted the number of sites, which collected personal information from children and identified the personal information being collected. They also tracked the presence of privacy statements. Within those statements, the FTC looked for the following disclosures, offering the user a choice on how the information about the user could be used; providing the user access to their personal data; identifying the site's policy of transferring personal information to a third party, and stating that the data collected were secure.

The FTC found that 89% of the sites collected personal information from children. Fifty-four percent of the sites provided some form of disclosures about their information practices. Only 23% of the sites asked for parental permission before collecting information from children. Seven percent of the sites noted they would inform parents of their information collection afterward; in addition, fewer than 10% offered options for parents to control the future use of the information collected (Cai & Gantz, 2000).

A study conducted by the Electronic Privacy Information Center (EPIC) revealed that among 40 new members of the DMA which had Web sites, only eight had any form of privacy policy (EPIC, 1998). None of these sites allowed individuals to gain access to their own information (EPIC, 1998).

Concerns about children's privacy on the Internet are not restricted to surfing the World Wide Web. Junk e-mail from marketers and chat room opportunities, for example, also raise privacy issues. Parental and government interest in general has coalesced around Web sites, a function of availability, use, and publicity about both to insure child safety on the net. With this is mind, the study by Cai and Gantz focused on Web sites and examined the nature and extent that such Web sites for children would make an effort to gather information from children. The study approach used by the FTC tracked information by analyzing the content of each site's privacy statement; however, the study by Cai and Gantz (2000) focused on the content within the main body of the site itself. The rationale for this approach provided by the researchers was that few children would willingly click on a site's link to its privacy statement in order to read such a statement. Rather, children would be more likely to read privacy information if encountered directly on the Web sites' main content pages. This is congruent with the results of an FTC study that drew its sample from so-called "Yahooligans." All of the sites in its sample were operated by commercial (for-profit) entities. In this study, the authors utilized a variety of lists of children's Web sites and included a broader array of domains (Cai & Gantz, 2000).

The FTC study cited by Cai and Gantz (2000) began by addressing two fundamental research questions: (a) What proportion of Web sites for children collect personal information from children and does the proportion differ between for-profit and non-profit sites?; and (b) for sites which collect personal information, to what extent do these Web sites comply with self-regulatory guidelines? Do compliance rates differ between for-profit and non-profit sites?

On the basis of their 1998 study, the FTC recommended that Congress develop legislation regulating children's Web sites; in response, a number of large private corporations quickly responded, establishing the Online Privacy Alliance on June 22, 1998 (Cai & Gantz, 2000). This coalition committed itself to protecting the privacy of individuals in cyberspace and issued a series of principles regarding the collection of personal information from children no older than 12 years.

Eleven lists of sites for children were used as the population of sites for this study. The lists were selected on the basis of peer recommendation and reported popularity. Two additional selection criteria were employed:

The list had to be recommended specifically for children (not for a general audience); and,

The list could not be designed for a specific interest group (e.g., Christian kids links), person (e.g., list for a designer's 12-year-old daughter), topic or purpose (e.g., dictionary) (Cai & Gantz, 2000).

The 11 lists ultimately included in the FTC study were as follows: (a) Berit's Best Sites for Children; (b) Virtual Sites References; - Site Sentral List; (d) Links-4-Kids; (e) Surfing the Net with Kids; (f) Ace Kids-Cool Sites; (g) the Kids on the Web; (h) ALA (American Library Association) Great Sites for Kids (2 lists); (i) Hotlist for Kids; and, (j) Hot Weekly Lists for Kids. All together, these lists contained 3,130 links to children's sites although a subset of the sites listed appeared in multiple lists (Cai & Gantz, 2000). The authors emphasize the problematic nature of accurately assessing the representativeness or comprehensiveness of the lists used in the FTC study because of the nature of conducting research in online environments where researchers routinely experience unique constraints and obstacles not encountered elsewhere; despite these challenges, though, the lists selected fit criteria relevant to the public concerns and policy issues at hand (Cai & Gantz, 2000). The authors add that the sites on these lists were successful at attracting visitors; for example, Berit's Best sites for children on average received 79,751 successful requests per day (Cai & Gantz, 2000).

The authors initially sought to analyze about 10% of the sites from the lists selected. Systematic sampling following a random start generated 391 sites. Sites were then excluded if they:

Were not designed for children (defined here as anyone no older than 12), even if apparently safe for children to visit (e.g. CNN.com);

Were search engines (e.g., Yahoo) or link sites without content;

Had inaccurate URL addresses; or,

Had already been coded.

In order to be eligible to be considered as a site for children, the site had to either use language or graphics directed to children or feature content directed to children. As it turned out, more than half of the sites initially selected were excluded, leaving the FTC study with 166 sites (Cai & Gantz, 2000). The initial data for the study was collected from May 26 to June 4, 1998 which is defined as Wave 1; for this step, 166 sites were coded by the researchers and a majority of the coded sites (65%) were commercial in nature (Cai & Gantz, 2000). The second set of data (Wave 2) was collected from July 15 to July 17, 1998, approximately six weeks after the FTC's report was released; at this time, the original sites coded in Wave 1 were revisited and all told, 163 sites were successfully recoded (Cai & Gantz, 2000).

The results of this early FTC study were highly revealing. In fact, fully ninety-five sites (57%) collected personal information from children during Wave 1; during Wave 2, ninety sites (55%) sites collected personal information from children, approximately the same proportion as found in Wave 1. The remaining results are based on the sites which collected personal information and there were 95 such sites in Wave 1 and 90 in Wave 2 (Cai & Gantz, 2000). Table ____ below provides supplemental findings from the FTC study cited by Cai and Gantz (2000):

Table ____.

Recapitulation of Supplemental Findings from Cai and Gantz Study vs. FTC Study.

Wave No.

Supplemental Findings

Wave 1

1. Twenty-seven percent of the sites (26 sites) which gathered personal information asked for parental permission. Eighteen of them (19%) simply reminded children to ask their parents, with no confirmation of parental permission. Three sites (3%) requested written permission from parents; four sites (4%) stated they would inform parents afterwards. One site sought online (via e-mail) permission from parents. Half of the requests (54%) for parental permission were found on the same page where data were collected, before the child was asked for any personal information. Seven sites presented requests for parental permission right after data collection but before children sent out the information. For remaining five sites (19%), requests were located in the midst of the personal information questions.

2. The average site offered 3.7 disclosure statements. Fourteen percent of the sites which collected personal information from children noted they were going to do that (see Table 1). The remaining sites made no such effort even though they collected information. Relatively few described the information they were going to collect (29%) or how they were going to collect that information (24%). One in four (25%) presented the site's policy on providing this information to a third party.

3. Wave 1: Eighty-five percent of the sites listed their purpose of data collection, just about exclusively in terms of the benefits the child would get by providing personal information. The most often cited benefit (26%) was membership (e.g. join a club or chat group run by the site), followed by ordering products (15%), publications (14%), feedback (13%) and gifts (11%).

4. Wave 1: The average site sought 4.0 personal information items. Children's names (93%) and e-mail addresses (83%) were most often sought. Fewer than half requested postal addresses (43%) or the child's age (37%). One in eight sites (12%) asked for the parents' e-mail addresses; one in ten asked the child for information about other children.

5. Wave 1: Thirty-five sites (37%) provided privacy statement links somewhere on their sites. Almost all (31 out of 35) of these links appeared on the main menu. Eight sites provided links to privacy information in the body text before personal information from children was collected; 10 sites featured these links at the bottom of the page where information was collected. More than half (61%) of the links to the privacy statements used a smaller font than the font used in the body text; however, those links usually were in a different color and/or highlighted making it somewhat easy to spot.

6. Wave 1: Seventy-one sites (43%) did not collect any personal information from children. Among the 95 sites which did collect personal information, only seven sites requested parental permission as well as informed children of their data collection efforts. Sixty-two of the sites which collected personal information (65%, 37% of all sites) did so without disclosing their data collection practices or requesting parental permission.

Wave 2

1. Thirty-three percent of the sites which gathered personal information asked for parental permission, a small increase from Wave 1 but statistically significant (t = 1.97, p [is less than].05). The locations remained largely the same.

2. A sizeable majority of the requests (70%) for parental permission were found on the same page data were collected, before the child was asked for any personal information. This represents a considerable increase from Wave 1 (t = 2.58, p

3. Wave 2: The average number of disclosures was 4.1 per site, which represented a significant increase from Wave 1 (t = 4.23, p [is less than].01). Thirty-nine percent of the sites disclosed their policy on information use, significantly up from Wave 1 (t = 3.36, p [is less than].01). More than half of the sites (57%) offered ways to change the information before being sent out, again up from Wave 1 (t = 2.95, p [is less than].01). Most of those sites (76%) disclosed how they could be contacted (t = 2.03, p [is less than].05). Moreover, a greater number of sites offered ways to prevent further use of the personal information (t = 2.02, p [is less than].05) as well as encouraged children to use fake names (t = 2.21, p [is less than].05).

4. Wave 2: Consistent with Wave 1, eighty-nine percent of the sites disclosed what children were going to get in return to the information they provided. This slight increase was not significant.

5. Wave 2: Thirty-three sites (37%) provided links to their privacy statements, consistent with Wave 1. The font sizes of those links were usually smaller than the font sizes of the content letters (63%). Again, however, those links usually were in a different color and/or highlighted. There is no evidence that the presence of privacy statements changed from Wave 1 to Wave 2.

Source: Cai & Gantz, 2000.

Table ____.

Disclosures Associated With Collecting Personal Information

Wave 1 (95)

Wave 2 (90)

Site discloses how they can be contacted (e.g. phone number, e-mail addresses).

Site offers opportunities to change the information before sending out (e.g. "reset, "clear" button or a statement).

Site discloses how they are going to use the information collect (e.g. For better services in the future").

Site discloses what information they are going to collect (e.g. children's name, e-mail address, etc.).

Site discloses whether a third party will have access to the information collected

Site discloses whether the information will be used to re-contract children.

Site discloses how it is going to collect information (e.g. cookies, online survey).

Site encourages children not to use their full names (e.g.,. nicknames, screen names or first name only).

Site discloses that it is going to collect personal information.

Site offers ways to prevent further use of the information (e.g. unsubscribe a mail-list).

05; (**) p

Source: Cai & Gantz, 2000.

Figure ____. Disclosures - Personal Information Responses in Percentages.

Source: Based on data in Cai & Gantz, 2000.

Table ____.

Type of Personal Information Collected.

Wave 1 (95)

Wave 2 (90)

Child's name

Child's e-mail address

Child's postal address

Child's date of birth/age

Child's gender

Credit card number

Child's school information

Parent's e-mail address

Other individuals the child knows

Child's likes/dislikes

Child's hobbies

Siblings' information

Family income

Psychological information

Other (e.g. child's URL)

01. Wave 2: The average site sought 4.2 personal information items, up slightly from Wave 1. Requests for age increased to 43%. In Wave 2, a larger proportion of sites (19%) requested the names and e-mail addresses of other individuals the child knew (t = 2.52, p

Source: Cai & Gantz, 2000.

Source: Based on data in Cai & Gantz, 2000.

Table ____.

Compliance with Guidelines: Wave 1 (N=166).

A cum%

Sites which did not collect personal information

Sites which collected personal information, had the disclosure and requested parental permission.

Sites which collected personal information had the disclosure but did not request parental permission.

Sites which collected personal information, had requested parental permission, but did not have the disclosure.

Sites which collected personal information but did not offer the disclosure or request parental permission.

Source: Cai & Gantz, 2000.

Table ____.

Compliance with Guidelines: Wave 2 (N=163).

A cum%

Sites which did not collect personal information.

Sites which collected personal information, had the disclosure and requested parental permission.

Sites which collected personal information had the disclosure but did not request parental permission.

Sites which collected personal information, had requested parental permission, but did not have the disclosure.

Sites which collected personal information but did not offer the disclosure or request parental permission.

Note: The disclosure statement stated: the site was going to collect personal information from children. Wave 2: Here, 73 sites (45%) did not collect any personal information from children. The number of sites which requested parental permission and provided the disclosure increased by one. Fifty-four sites which collected personal information from children (60%, 33% of all sites) did so without requesting parental permission or informing the child that personal data would be collected. This represents a modest drop from Wave 1.

Source: Cai & Gantz, 2000.

Figure ____. Compliance with Guidelines: Wave 1 (N-166).

Source: Based on data in Cai & Gantz, 2000.

Figure ____. Compliance with Guidelines: Wave 2 (N=163).

Source: Based on data in Cai & Gantz, 2000.

The study by Cai and Gantz (2000) found that a majority of children's Web sites (57% in Wave 1 and 55% in Wave 2) did collect personal information from children; nevertheless, these rates were shown to be much lower than the 89% rate identified earlier by the FTC. The authors suggest that three factors may account for this difference:

The FTC study focused solely on commercial sites whereas this study covered a broader array of sites. (in the Cai and Gantz study, approximately 66% of the commercial sites requested personal information.)

Sites coded in this study had been recommended by consumer groups for children to visit. These sites either were the most popular children's Web sites and/or considered safe for children. It is quite possible, then, that these sites were less likely to seek personal information from children than the broader population of children's Web sites the FTC examined.

It is possible that some Web sites abandoned their practices of gathering personal information in the interval between the FTC's data collection in March and this study's effort in May. Since this study used a sample which did not overlap that of the FTC, this explanation could not be validated (Cai & Gantz, 2000).

Collection of personal information was not restricted to profit-driven sites. Sites maintained by non-profit organizations also sought personal information from children. Indeed, sites associated with non-profit organizations which did collect information were less likely than their for-profit counterparts to comply with basic elements of industry self-regulatory codes. It seems, then, that collection of personal information is a phenomenon that cuts across Web site types; while non-commercial sites might not be interested in selling the information collected or using it for marketing purposes, it seems reasonable to maintain that parents and educators should remain sufficiently alert children concerning data collection practices, regardless of the nature of the sites young people visit (Cai & Gantz, 2000).

The benefits that sites provide in exchange of personal information warrant some attention as well. The results of the Cai and Gantz study determined that the direct promotion of products accounted for only a small portion of the benefits offered to children. Rather than directly promoting certain products, sites encouraged children to join various clubs. Even before the Internet, the use of children's clubs represented an effective way of bringing children to marketers, providing a "single unified channel for all marketing communications to children"; these types of social clubs not only serve as channels of communication but also as channels of distribution (Cai & Gentz, 2000). These forums provide the continuity of an ongoing relationship with children; furthermore, it is a simple and straightforward for young people to join such clubs on the Web, because they may join by typing and clicking (Cai & Gentz, 2000). Given all of the benefits associated with club membership, it may be particularly hard for children to resist the temptation to join. In this regard, Cai and Gentz reports that 27% of the sites in their study which collected personal information from children collected information using clubs. Other researchers have argued that some sites were almost entirely filled with promotion efforts of the company's products, with no space for educating and entertaining children. In this regard, the findings by Cai and Gentz may represent the tip of an explosion in online marketing efforts targeted at children.

The authors identified another trend that bears mentioning. According to Cai and Gentz (2000):

In the process of coding, one additional phenomenon appeared which merits attention. Some sites included ads which lead to different -- and not always children's -- Web sites. It has been reported that sites other than children's Web sites frequently collect personal information. In ClickZ's latest survey, 76% of online marketers and publishers were found collecting user information (Pieper, 1998). This fact indicates that once children enter such sites, their rights to privacy face a higher risk. Related to this phenomenon is the fact that links may also lead children to other sites which are not appropriate for them to visit (e.g. sites promoting products, even sites dealing with sex, encountered once by the first author while coding for this project). (Cai & Gentz, 2000, p. 201)

These findings highlight the need for increased parental oversight for young people's computer usage, particularly for online experiences, and these issues are discussed further below.

Parental Involvement. According to Fletcher (2006), "We need to pay attention to technology's impact on people. We need to figure out how to use technology effectively and responsibly rather than ban it, and put the onus of responsible technology use on the users: teachers, students, and parents. I think that works for cell phones, MySpace, and the like" (p. 25). Indeed, the self-regulatory codes published by the DMA and CARU highlight the need for parental involvement. CARU's (1997) guidelines specify that "before obtaining any personally identifiable information, the company must obtain prior parental consent, regardless of the intent of the use of the data" (p.5). In a similar vein, the FTC (1998) argued that "it is parents who should receive the notice and have the means to control the collection and use of personal information from their children" (p.4). Nonetheless, in the present study, no more than one in three of the sites which asked for personal information sought parental permission. Even this figure may overstate compliance since most of these sites simply reminded children to ask for parental permission without any effort of confirming it; in this case, the immediacy and interactive nature of the Web may challenge any initiative to the contrary and securing written permission or call-in permission takes time, an instant death knell for users and marketers alike (Cai & Gantz, 2000). Therefore, like the efforts currently underway by federal and state lawmakers, it may also remain problematic to achieve a reasonable balance between the speed of online communication and actually obtaining parental permission (Cai & Gantz, 2000).

By all accounts, though, it appears reasonable to assert that children are not overly well protected online. For example, a majority of Web sites examined by Cai and Gantz (2000) collected information from children without significant disclosure or effort to elicit parental involvement. Approximately 66% of the sites which collected personal information from children failed to disclose that the site was gathering personal information, note the purpose of their information-gathering activities, or request that the child obtain parents' permission before submitting personal data (Cai & Gantz, 2000). Because the sites included in the Cai and Gantz study were among those specifically recommended for children, it may be that their data actually represent a conservative estimate of online data collection activity. "Marketers running more broad-based sites (e.g., those for general audiences) may be unaware of -- or feel less constrained by -- FTC and industry guidelines aimed at protecting children" (Cai & Gantz, 2000, p. 201).

The authors suggest that it is only possible to speculate concerning the actual value of disclosures such as those described in this study as other studies have not yet assessed the extent to which children (or adults) attend to -- or ignore -- disclosures. "It is quite possible that their impact is nearly negligible," they advise, and, "Disclosures may not even register among children who quickly attend to more salient and interesting features on Web sites, features deliberately designed to attract attention" (Cai & Gantz, 2000, p. 201). Nevertheless, the presence of disclosures may alert some children, particularly those who had been taught by their parents to remain aware of their children's online activities: "At a minimum, these disclosures are unlikely to harm (e.g., scare) children" (Cai & Gantz, 2000, p. 201).

Following the publication of the FTC study, some corporations modified their Web sites in line with industry self-regulatory codes. In Wave 2, a larger proportion of sites requested parental permission, disclosed they would keep the child's information to themselves, and encouraged children to use fake names when playing the online games, participating in chat rooms, or joining online clubs. Overall, nearly half of the sites studied either did not collect personal information or complied with guidelines associated with collecting such information. Even so, more information was requested from children in Wave 2 than in Wave 1. Even after the publicity surrounding the FTC's study, a majority of the sites which collected personal information failed to comply with industry guidelines (Cai & Gantz, 2000).

Increased compliance with self-regulatory guidelines is likely to be related to a confluence of four factors: heightened parental awareness of online data collection efforts directed at children; more widespread awareness within the marketing community of self-regulatory guidelines; the development of meaningful self-regulatory enforcement measures, and; sustained FTC interest in the area, coupled as needed with threats of regulatory activity. Electronic commerce is still relatively new. Marketers, consumers, consumer advocacy groups, and regulatory agencies are still exploring their options. It remains to be seen how, or whether children will be protected from online marketing efforts (Cai & Gantz, 2000). A recent report by Williamson (2004) noted that, "Parents are still ignorant of the dangers their children face daily on the internet, a major survey has found. Research by a team based at the London School of Economics found that 57% of young people aged 9-19 have come into contact with pornography online. However, only 16% of parents said that their children had seen such material" (p. 3). About 33% of the young people who used the internet or text messages also received unwanted or nasty comments; however, just one in 20 parents were aware of this activity and almost 50% of the respondents reported they had given out personal information on the internet, but only 5% of the parents knew this had taken place (Williamson, 2004). The findings of this study and others like it have fueled the demand for more to be done to protect children from unsuitable material and online predators today and in the future. Some of the salient findings of this study included:

Most of the pornography witnessed by young people was seen unintentionally;

Pornographic pop-up adverts had been seen by 38% of respondents who used the internet at least once a week; 36% had found themselves accidentally on an adult website, and a quarter had been e-mailed porn junk mail;

One in 10 said they had visited a pornographic site on purpose, 9% had been sent adult material by someone they knew, and 2% were given pornography by a person they met online;

quarter of those aged 9-15 said they were 'disgusted' by the pornography (Williamson, 2004).

Unlike television and newspapers, the internet remains largely unregulated and some degree of increased vigilance is needed today to protect children.

The report was based on 1,511 in-home and face-to-face interviews with children and a written questionnaire to 906 parents, also determined that 30% of children had no guidance from school on using the internet (Williamson, 2004).

In response to these trends and needs, the U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice (DOJ) have also created a number of initiatives and used new technologies to assist in their investigation and prosecution of computer crimes in general and those involving predation on children in particular. According to Kim and his associates (2005), "In 1998 the FBI launched a new division, the Cyber Division, dedicated to investigating computer crimes. The Cyber Division is designed to act as a central coordinator for the FBI divisions that address computer climes. Specifically, the Cyber Division is responsible for criminal investigations of intellectual property, high-tech, and computer crimes" (p. 223). In addition, and relevant for the purposes of this study, the FBI's Innocent Images National Initiative has enabled law enforcement authorities to initiate investigations of transmitted child pornography by posing as both children and sexual predators in online environments, and by August 2002, more than 3,500 people had been convicted by this initiative (Kim et al., 2005).

Furthermore, the U.S. Department of Justice (DOJ) has also escalated its enforcement of child pornography. Based on its initiative, Child Exploitation and Obscenity Section ("CEOS"), the DOJ provides training and assistance to law enforcement officers across the country (Kim et al., 2005). As a result, the prosecution of child pornographers has increased, in spite of the constitutional challenges to the various Federal Child Pornography statutes (Kim et al., 2005). Currently, the U.S. prosecutes approximately 400 child pornographers a year in federal courts alone. Given the global nature of Internet related crimes, the CEOS has also begun working with many other countries to make progress in the prosecution of Internet related child exploitation cases. Enforcement has also grown through the proliferation of computer bulletin boards and other online services that implicate laws addressing the distribution of computerized pornographic materials and sexual assault on minors (Kim et al., 2005).

Besides specialized task forces designed to identify and prosecute computer crimes, advances in technology have also increased the efforts of law enforcement to combat computer crime. For example, Kim and his colleagues report that the FBI uses a device called "Carnivore" to intercept Internet communications. "Carnivore" is a special filtering tool that may be used to gather the information authorized by a court order, and no other additional information. Carnivore is useful in tracking the trail of an online criminal because it allows the FBI to gather only the information that it is entitled to gather. For example, the FBI may gather only address information of e-mail communications. The FBI asserts that it will use Carnivore only in cases where the ISP is unwilling or unable to provide this information, notwithstanding a court order. The FBI has also employed a keystroke logger system to circumvent the difficulty associated with intercepting encrypted Internet communications. Once installed on a target's computer, the keystroke logger system may retrieve every keystroke input to that computer. The FBI has also developed an improved keystroke logger, nicknamed "Magic Lantern," that eliminates the need for law enforcement to manually install the keystroke logger software on the target's computer. By manipulating the target to click on an e-mail attachment or by taking advantage of software holes, the FBI can remotely plant Magic Lantern, which acts as a virus, on the target's computer. Constitutional Issues. There are three main constitutional issues that arise in conjunction with computer crimes: (a) the Interstate Commerce Clause; (b) the First Amendment; and - the Fourth Amendment, which are discussed further below.

Interstate Commerce Clause. One federal circuit court held that application of federal statutes prohibiting the knowing possession of child pornography to intrastate possession of child pornography violated the Interstate Commerce Clause. In United States v. Maxwell, the court held that the application of 18 U.S.C. 2252(a) was an unconstitutional exercise of the Commerce Clause because there was not enough evidence that prohibited images did travel in interstate commerce and the defendant's possession of those images was not an "interstate" act; however, in United States v. Kimler, the court rejected the defendant's challenge against the conviction under the same statute that it was unconstitutional because "there was no evidence that interstate commerce was substantially affected, and the mere fact that he had internet access, without more, cannot satisfy the interstate commerce count of the statute." The court held that because "every transmission from his computer via the internet necessarily crossed state lines... The jury could conclude beyond a reasonable doubt that the interstate commerce element of the statute was constitutionally applied." In Kimler, the defendant emailed prohibited materials across the state border, which is distinguishable from Maxwell. Accordingly, the constitutionality of 18 U.S.C. [section] 2252(a) when applied to intrastate activities, seems yet to be resolved.

First Amendment. The Supreme Court's 1997 Reno 1273 ("Reno I") decision conferred an unqualified level of First Amendment protection upon Internet communications by striking down CDA. Under Reno I, legislation will not withstand scrutiny if it requires web surfers or Internet content providers to estimate the age of those with whom they communicate or to tag their communications as potentially indecent or offensive, prior to engaging in "cyberspeech." (Kim et al., 2005, p. 233).

The ACLU also challenged the constitutionality of COPA. After the District Court issued a preliminary injunction preventing COPA from coming into effect, the Third Circuit affirmed, holding that the statute's assessment of harm to children by "contemporary community standards" was overly broad. After the Supreme Court vacated and remanded the case, the Third Circuit again affirmed the District Court's injunction preventing the enforcement of COPA. Finally, the Supreme Court upheld the injunction holding that the Government did not meet its burden to prove that there is no less restrictive alternative to COPA. The Supreme Court did strike down the CPPA, which prohibited virtual child pornography. (Kim et al., 2005).

Fourth Amendment. In 1986, Congress passed the Electronic Communications Privacy Act ("ECPA"), which extended the prohibitions in Title III of the Omnibus Crime and Control and Safe Streets Act of 1968 ("Wiretap Act") (294) to electronic communications intercepted during transmission. The U.S.A. PATRIOT Act further amended these statutes and the DOJ promulgated updated unofficial guidelines in July 2002 to assist federal agents and attorneys address unique Fourth Amendment issues that were emerging from computer crime investigations, including those involved online predation of children by adults (Kim et al., 2005). These guidelines organized searches and seizures by types of evidence (hardware, software, printouts, etc.), relevant statutes, and parties implicated; the authors note that the guidelines highlight potential problems associated with the search and seizure of computer related evidence and present law enforcement with protocols and procedures likely to prevent the ultimate suppression of such evidence (Kim et al., 2005). Citing the case of United States v. Upham wherein the First Circuit upheld a search warrant authorizing the seizure of "[a]ny and all computer hardware and software,... computer disks, disk drives..." And "[a]ny and all visual depictions, in any format or media, of minors engaging in sexually explicit conduct [as defined by the statute]," Kim and his colleagues report that by affirming the defendant's conviction for possessing and transporting in interstate commerce computer images of child pornography, the First Circuit stated that: "the seizure and subsequent off-premises search of the computer and all available disks was about the narrowest definable search and seizure reasonably likely to obtain the images" (Kim et al., 2005, p. 24). Likewise, in the case, United States v. Sawyer, a search warrant listing general categories of business records, including "computer records or printouts relating to customer accounts, which are evidence and fruits of, and the means of commission of violations of [certain federal statutes]," was upheld notwithstanding Fourth Amendment considerations to the contrary (Kim et al., 2005). In this case, the Eleventh Circuit held (and other courts have concurred), that the Fourth Amendment's particularity requirement must be applied flexibly in computer crime cases; in addition, the seizure of computer disks is allowed even when the warrant facially refers only to records and documents and some courts have held that law enforcement agents with a warrant may search and seize computer files even though doing so might cause seizure of contents having no relation to the crime being investigated, while other courts have not been willing to sanction this type of conduct by law enforcement officers (Kim et al., 2005). Likewise, law enforcement authorities are allowed to search computer hardware and software when they have reason to believe that those items contain records covered by the warrant. When agents conduct these types of searches, they may also seize and examine a disk, even if its label indicates that it does not contain information within the scope of the warrant. The agents may even remove the hardware and software from the owner's premises to conduct their examination; however, they may not seize peripheral items, such as printers, to assist them in their review of the seized items (Kim et al., 2005). Still another Fourth Amendment issue that may be implicated when law enforcement intercepts electronic communications under the Pen Register or Trap and Trace statutes, which do not require a warrant according to the legislation but prior to the enactment of the U.S.A. PATRIOT Act and its revision of the Pen Register and Trap and Trace statutes to include electronic communications, the FBI routinely secured the analog of pen registers or trap and trace devices on Internet communications without much mention of any constitutional issues; however, while the Supreme Court has found that there is no expectation of privacy in the address information on phone communications and therefore that this information is not subject to Fourth Amendment protection, the Court has not directly addressed whether there is an expectation of privacy for address information on Internet communications (Kim et al., 2005). While the revision in the U.S.A. PATRIOT Act indicates that address information on Internet communications would not be subject to Fourth Amendment protection, the analogy does not necessarily follow. Because the U.S.A. PATRIOT Act does not provide a definition for the term "address" with respect to Internet communications, it is unclear exactly what constitutes address information. The use of the FBI's investigative tools such as Carnivore and Magic Lantern may present additional Fourth Amendment questions. Although the DOJ denies any Fourth Amendment violation through the use of Carnivore, others are more skeptical. While the courts have not addressed this issue, new Fourth Amendment challenges may be raised as the FBI discloses more information about the technology of Carnivore in response to requests under the Freedom of Information Act. In order to prevent misuse of Carnivore, there are strict procedures in place regarding the use of Carnivore to intercept wire or electronic communications. Such procedures include: (a) approval of a Title III (322) application from the Office of Enforcement Operations ("OEO") in the Criminal Division of the DOJ; (b) approval from a Deputy Assistant Attorney General; and - approval by the proper court. According to Title III, the interception can last no longer than thirty days without an extension by a court. Courts can also impose their own requirements and may terminate the interceptions at any time. Remedies for violating Title III include criminal sanctions, civil suit, and adverse employment action for law enforcement officials; moreover, evidence that is seized in violation of the Fourth Amendment may be suppressed (Kim et al., 2005). Although the FBI has used Carnivore twenty-five times in the last two years, such sanctions have yet to be applied. Yet another Fourth Amendment issue implicated in computer-related cases is the doctrine of staleness. The durability of data and graphics stored on computer hardware has drastically extended the time frame in which the staleness doctrine is implicated in computer-related cases. With the passage of time, information supporting a warrant application may become stale because of the diminished probability that the evidence sought will be found at the location named in the warrant. In United States v. Lacy; however, the Ninth Circuit upheld the validity of a search warrant even though it was supported by ten-month-old information, based on an "expert" agents' explanation that those who collect and distribute child pornography "rarely if ever" expunge sexually explicit material, securely storing it for a long time, usually in their own homes. The Northern District Court of New York similarly reasoned that a warrant remained valid because child pornography is illegal and difficult to obtain and those who do obtain sexually explicit images of children are unlikely to destroy them quickly.