Abigail McAlpine - Children's Data Online - Basics of Sharenting and PII of Minors Online 2021
AbigailMcAlpine
8 views
25 slides
Jun 27, 2024
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Research introduction to subject of Personally Identifiable Information (PII) of children aged (11-16) on Social Networking Services (SNS) focussing particularly on the most commonly used platforms according to Ofcom’s “Children and parents: media use and attitudes report 2018 Human-based cyber ...
Slide Content
Abigail McAlpine
Cyber Security Researcher (PhD)
from the Secure Societies
Institute at The University of
Huddersfield
Cyber Security Researcher (PhD)
from the Secure Societies
Institute at The University of
Huddersfield
AM
Background
•Cyber Security Researcher (PhD) from the Secure Societies Institute at
the University of Huddersfield
•Research on Personally Identifiable Information (PII) of children aged
(11-16) on Social Networking Services (SNS) focussing particularly on
the most commonly used platforms according to Ofcom’s “Children
and parents: media use and attitudes report 2018
•Human-based cyber security research, particularly focusing on the
“what” and “where” of sharing online when it comes to children’s
information
•3 Studies, public, parents, risk propensity
•My background pre-PhD was in business and marketing as a
marketing manager
Background
•Cyber Security Researcher (PhD) from the Secure Societies Institute at
the University of Huddersfield
•Research on Personally Identifiable Information (PII) of children aged
(11-16) on Social Networking Services (SNS) focussing particularly on
the most commonly used platforms according to Ofcom’s “Children
and parents: media use and attitudes report 2018
•Human-based cyber security research, particularly focusing on the
“what” and “where” of sharing online when it comes to children’s
information
•3 Studies, public, parents, risk propensity
•My background pre-PhD was in business and marketing as a
marketing manager
A personal story
A case in isolation.
A case in isolation.
AM
What is Personal Identifiable
Information (PII)?
•Personal data is information that relates to an identified or identifiable
individual.
•What identifies an individual could be as simple as a name or a number or
could include other identifiers such as an IP address or a cookie identifier,
or other factors.
•If it is possible to identify an individual directly from the information you
are processing, then that information may be personal data.
•https://ico.org.uk
What is Personal Identifiable
Information (PII)?
•Personal data is information that relates to an identified or identifiable
individual.
•What identifies an individual could be as simple as a name or a number or
could include other identifiers such as an IP address or a cookie identifier,
or other factors.
•If it is possible to identify an individual directly from the information you
are processing, then that information may be personal data.
•https://ico.org.uk
AM
If we took this information online
•We can develop an idea of her potential likes and dislikes
•We can produce and idea of products and services that relate to her
age/location/trends in the area
•We can curate a timeline of products and services we can push towards her
•We can identify potential placement in the AIDA Model/Sales Funnel
5
If we took this information online
•We can develop an idea of her potential likes and dislikes
•We can produce and idea of products and services that relate to her
age/location/trends in the area
•We can curate a timeline of products and services we can push towards her
•We can identify potential placement in the AIDA Model/Sales Funnel
5
AM
Ultimately
•The ability and tools to collate more information about an individual
(regardless of age) exist in both marketing and cyber security
industries
•The skills to take the information we have and turn into viable
information are already in the room, a lot of the tools and methods to
do so are very established, be it in technology or simply observing an
individual
•These cases will always exist, it is justifiable for the existence of data
collection around children online for marketing purposes – whether
directly through children’s use, or through a third party or parent’s
use or purchasing data points.
6
Ultimately
•The ability and tools to collate more information about an individual
(regardless of age) exist in both marketing and cyber security
industries
•The skills to take the information we have and turn into viable
information are already in the room, a lot of the tools and methods to
do so are very established, be it in technology or simply observing an
individual
•These cases will always exist, it is justifiable for the existence of data
collection around children online for marketing purposes – whether
directly through children’s use, or through a third party or parent’s
use or purchasing data points.
6
AM
Ofcom Report (12-15)
•83% of 12-15 year olds have their own smartphone
•50% of 12-15 year olds have their own tablet
•99% of 12-15 year olds go online for 20 ½ hours per week
•69% have a social media profile
7Children and parents: Media use and attitudes report 2018
Ofcom Report (8-11)
•35% of 8-11 year olds have their own smartphone
•50% of 8-11 year olds have their own tablet
•93% of 8-11 year olds go online for 13 ½ hours per week
•18% of 8-11 year olds have a social media profile
Ofcom Report (12-15)
•83% of 12-15 year olds have their own smartphone
•50% of 12-15 year olds have their own tablet
•99% of 12-15 year olds go online for 20 ½ hours per week
•69% have a social media profile
7Children and parents: Media use and attitudes report 2018
Ofcom Report (8-11)
•35% of 8-11 year olds have their own smartphone
•50% of 8-11 year olds have their own tablet
•93% of 8-11 year olds go online for 13 ½ hours per week
•18% of 8-11 year olds have a social media profile
AM
Privacy Pin-Ups
•“We take your privacy and security seriously.”
•“Your privacy matters to us.”
8
Privacy Pin-Ups
•“We take your privacy and security seriously.”
•“Your privacy matters to us.”
8
AM
Huge changes in Facebook
•Encrypted end-to-end messages through the messenger app
•Reducing Permanence – deleting long term information as standard
(undefined) March 2019
•Right to be forgotten/ The right to erasure – GDPR 2018. Doesn’t limit the
sharing of information primarily
•Suspension of tens of thousands of applications (69,000) in Sept 2019
made by about 400 developments
9
Huge changes in Facebook
•Encrypted end-to-end messages through the messenger app
•Reducing Permanence – deleting long term information as standard
(undefined) March 2019
•Right to be forgotten/ The right to erasure – GDPR 2018. Doesn’t limit the
sharing of information primarily
•Suspension of tens of thousands of applications (69,000) in Sept 2019
made by about 400 developments
9
AMParental Awareness of
Minimum Age Requirement
(13)
•Facebook 32%
•Instagram 28%
•Snapchat 15%
10Ofcom Children and parents: Media use and attitudes report 2018
Minimum Age Requirement
(13)
•Facebook 32%
•Instagram 28%
•Snapchat 15%
10Ofcom Children and parents: Media use and attitudes report 2018
AM
Children lie about their age
•EU Kids Online conducted studies
between 2011 and 2014 in 22
different countries
•1 in 4 of the 9-to-10-year-olds and 1
in 2 of the 11-to-12-year-olds were
using Facebook already
•4 in 10 gave a false age.
11
Children lie about their age
•EU Kids Online conducted studies
between 2011 and 2014 in 22
different countries
•1 in 4 of the 9-to-10-year-olds and 1
in 2 of the 11-to-12-year-olds were
using Facebook already
•4 in 10 gave a false age.
11
AM
How many children on SNS?
•In 2011 there was an estimated 20 million minors use Facebook,
according toConsumer Reports; 7.5 million of these are under
13.
•These estimates are no longer in date and the possibility of
establishing an accurate number has been significantly
decreased as more children lie to get past age verification
systems
12
How many children on SNS?
•In 2011 there was an estimated 20 million minors use Facebook,
according toConsumer Reports; 7.5 million of these are under
13.
•These estimates are no longer in date and the possibility of
establishing an accurate number has been significantly
decreased as more children lie to get past age verification
systems
12
AM
If we take everything at face value
Removing potential FUD – lets say:
•Social networking services care about your privacy
•Physical information gathering/safety will always be an issue
•We can’t control children lying about their age to interact on social media
13
If we take everything at face value
Removing potential FUD – lets say:
•Social networking services care about your privacy
•Physical information gathering/safety will always be an issue
•We can’t control children lying about their age to interact on social media
13
AM
Timeline
A timeline of SNS as we know it today;
•1997: First SNS – “Six Degrees” and AOL Messenger
•1999: MSN Messenger and Yahoo Messenger Launch
•2001: Six Degrees Shuts Down
•2002: Friendster launches
•2003: LinkedIn and Myspace launch
•2004: Facebook launches
•2005: Reddit, Bebo, YouTube launch
•2006: Twitter Launches (Facebook releases newsfeed feature)
14
Timeline
A timeline of SNS as we know it today;
•1997: First SNS – “Six Degrees” and AOL Messenger
•1999: MSN Messenger and Yahoo Messenger Launch
•2001: Six Degrees Shuts Down
•2002: Friendster launches
•2003: LinkedIn and Myspace launch
•2004: Facebook launches
•2005: Reddit, Bebo, YouTube launch
•2006: Twitter Launches (Facebook releases newsfeed feature)
14
AM
Features of SNS
Some examples of features that have rolled out in the last 20 years or so.
Some in real time/ some pre-emptive.
•Location data
•Event tagging
•Friend tagging
•Facial recognition features (photo tagging)
•Messenger
•Announcements
•Life Events
15
Features of SNS
Some examples of features that have rolled out in the last 20 years or so.
Some in real time/ some pre-emptive.
•Location data
•Event tagging
•Friend tagging
•Facial recognition features (photo tagging)
•Messenger
•Announcements
•Life Events
15
AM
Childrens Sharing
•Children are sharing more content about themselves than ever before
to bigger audiences
•They are more vulnerable to peer pressure at various ages
•Some of children have more understanding of SNS than their parents or
educators
16
Childrens Sharing
•Children are sharing more content about themselves than ever before
to bigger audiences
•They are more vulnerable to peer pressure at various ages
•Some of children have more understanding of SNS than their parents or
educators
16
AM
Parents Sharing
•“Sharenting” – is the term being used for parents who share a lot of
information about their children online
•Some parents have been over-sharers from the beginning with no
prompts
•However, the introduction of Facebook and features such as the
newsfeed, announcements, timeline, memories have prompted users
to share more about their lives and their children
•A lot of the PII information required can be found about users
independently, but control of the sharing about third parties who
haven’t necessarily consented to the sharing of the information still
accumulate
17
Parents Sharing
•“Sharenting” – is the term being used for parents who share a lot of
information about their children online
•Some parents have been over-sharers from the beginning with no
prompts
•However, the introduction of Facebook and features such as the
newsfeed, announcements, timeline, memories have prompted users
to share more about their lives and their children
•A lot of the PII information required can be found about users
independently, but control of the sharing about third parties who
haven’t necessarily consented to the sharing of the information still
accumulate
17
AM
Fraud - Trends
•The theft of personal and financial data through social
engineering and data breaches was a major
contributor to fraud losses in 2018.
•The stolen data is used to commit fraud both directly
and indirectly.
•www.ukfinance.org.uk
18
Fraud - Trends
•The theft of personal and financial data through social
engineering and data breaches was a major
contributor to fraud losses in 2018.
•The stolen data is used to commit fraud both directly
and indirectly.
•www.ukfinance.org.uk
18
AM
Fraud - Trends
•Recession fraud
•In 2009, it was announced that fraud had increased threefold in the
previous year as a result of the recession
•Cases through British court alone accounted for more than £1.1bn worth
of fraud
•April 2018, a report in America (Javelin Strategy & Research) on child
fraud reported that more than 1 million children were victims of identity
theft or fraud in 2017.
•Two-thirds of those victims were age 7 or younger.
•Six in 10 child victims personally know the perpetrator.
19
Fraud - Trends
•Recession fraud
•In 2009, it was announced that fraud had increased threefold in the
previous year as a result of the recession
•Cases through British court alone accounted for more than £1.1bn worth
of fraud
•April 2018, a report in America (Javelin Strategy & Research) on child
fraud reported that more than 1 million children were victims of identity
theft or fraud in 2017.
•Two-thirds of those victims were age 7 or younger.
•Six in 10 child victims personally know the perpetrator.
19
AM
Why is this used?
CIA Triad
•Confidentiality through preventing access
by unauthorized users.
•Integrity from validating that your data is
trustworthy and accurate.
•Availability by ensuring data is available
when needed.
20
www.ibm.com
Why is this used?
CIA Triad
•Confidentiality through preventing access
by unauthorized users.
•Integrity from validating that your data is
trustworthy and accurate.
•Availability by ensuring data is available
when needed.
20
www.ibm.com
AM
PII used as authentication?
•SMS and/or Email Based 2FA: Whether the site offered a SMS (text
message) or email based 2FA. Sites that offered this method earned 1
point.
•Software Token 2FA: Whether the site allowed you to perform 2FA using
a software authenticator. Popular software authenticators include
Authy, Google Authenticator, or Microsoft Authenticator. Sites that
offered this method earned 1 point.
•Hardware Token 2FA: Whether the site allowed you to use a hardware
token to perform 2FA. Popular hardware tokens include YubiKey and
Google Titan. Sites that used this method earned 3 points.
G3C 2019 - Abigail McAlpine 21
PII used as authentication?
•SMS and/or Email Based 2FA: Whether the site offered a SMS (text
message) or email based 2FA. Sites that offered this method earned 1
point.
•Software Token 2FA: Whether the site allowed you to perform 2FA using
a software authenticator. Popular software authenticators include
Authy, Google Authenticator, or Microsoft Authenticator. Sites that
offered this method earned 1 point.
•Hardware Token 2FA: Whether the site allowed you to use a hardware
token to perform 2FA. Popular hardware tokens include YubiKey and
Google Titan. Sites that used this method earned 3 points.
G3C 2019 - Abigail McAlpine 21
AM
Future Issues
•Children who have had every significant moment of their life shared
online – nearly all potential PII authentication answer. 16 years old
and old enough for a debit account/card
•Children who have had every significant moment of their life shared
online – nearly all potential PII authentication answers. 1 years old
and old enough for lines of credit, many products pushed in their
direction will be highly likely to be targeted at low credit
•Most will be venturing into the professional world, with everything
associated with it, including loans, linkedin profiles, historic social
media profiles
22
Future Issues
•Children who have had every significant moment of their life shared
online – nearly all potential PII authentication answer. 16 years old
and old enough for a debit account/card
•Children who have had every significant moment of their life shared
online – nearly all potential PII authentication answers. 1 years old
and old enough for lines of credit, many products pushed in their
direction will be highly likely to be targeted at low credit
•Most will be venturing into the professional world, with everything
associated with it, including loans, linkedin profiles, historic social
media profiles
22
AM
Right to forget
•Doesn’t mean that other users will forget
•Doesn’t mean that children are protected online
•Doesn’t mean that children’s information is not being shared
•Doesn’t educate users/parents/children about the dangers of oversharing PII online
•Doesn’t fix the problem
23
Right to forget
•Doesn’t mean that other users will forget
•Doesn’t mean that children are protected online
•Doesn’t mean that children’s information is not being shared
•Doesn’t educate users/parents/children about the dangers of oversharing PII online
•Doesn’t fix the problem
23
AM
Potential actions moving forward
•Tackle education of users around the availability of this
information
•Attempt to limit the scope of the issue – through historic
deletion on SNS (this probably won’t happen)
•We change the infrastructure of how we secure accounts – if
these security questions are to remain then there should be
additional steps involved to reset a password or gain access to an
account
•We attempt to tackle this in a way that doesn’t cause additional
issues – i.e Netflix asking for photos of passports through email
to confirm identity
24
Potential actions moving forward
•Tackle education of users around the availability of this
information
•Attempt to limit the scope of the issue – through historic
deletion on SNS (this probably won’t happen)
•We change the infrastructure of how we secure accounts – if
these security questions are to remain then there should be
additional steps involved to reset a password or gain access to an
account
•We attempt to tackle this in a way that doesn’t cause additional
issues – i.e Netflix asking for photos of passports through email
to confirm identity
24
Thank You
Abigail McAlpine
Twitter @abigailmcalpine
Abigail McAlpine
Twitter @abigailmcalpine
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 25
- Age 522 days
Related Slideshows
83
The Ins and Outs of Sports Sponsorship: What Characterizes the Best Deals and Activations
NeilHorowitz
35 views
50
Commerce at the Limit - Marketecture - October 2025_v5.pptx
EricSeufert
369 views
13
Marketing Environment and navigating changes
neetinaag
29 views
34
FAMILY_PLANNING_METHODS available for women
Isaiah47
26 views
8
himani .8.pptx this is about marketing presentation that how marketing control works
sakshi287109
28 views
54
GAT NEW.pptxfgjjkkkbhhhjjjjiiiuuuuuu8uy4rr
SirajudinAkmel1
25 views