MR. KOJO NNAMDIFrom WAMU 88.5 at American University in Washington, welcome to "The Kojo Nnamdi Show," connecting your neighborhood with the world. It's Tech Tuesday. Do you remember what the Internet was like 14 years ago? Many of us dialed up AOL on Netscape to browse the Web. We searched for answers on Ask Jeeves or Dogpile, and email was at places like Excite. 1998 was also the year of the Children's Online Privacy Protection Act or COPPA.

MR. KOJO NNAMDIIt was passed in that year. It required a parent's permission before a kid under 13 could give out personal information to a website, but that was before the advent of Facebook, YouTube, Gmail, Instagram and Twitter. And advertisers who spend $43 billion annually on reaching the tween set alone have found endless ways around these age-consent blockades. Now, the Federal Trade Commission wants to update the privacy law for kids on the Web.

MR. KOJO NNAMDIBut as you may suspect, getting advertisers, privacy advocates and Web operators to agree on the new ground rules is not easy. Joining us in studio to discuss this is Kathryn Montgomery. She is a professor at American University's School of Communication. She's also the author of "Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet." Kathryn Montgomery, thank you for joining us.

PROF. KATHRYN MONTGOMERYThank you very much.

NNAMDIAlso with us in studio is Emma Llanso, policy counsel for the Center for Democracy and Technology. Emma Llanso, thank you for joining us.

MS. EMMA LLANSOThanks.

NNAMDIAnd joining us by phone from San Francisco is Jim Steyer. He is founder and CEO of Common Sense Media and author of "Talking Back to Facebook." Jim, thank you for joining us.

MR. JIM STEYERGreat to be here, Kojo.

NNAMDIYou, too, can join this conversation by calling 800-433-8850. You can send us email to kojo@wamu.org, send us a tweet, @kojoshow, using the #TechTuesday, or you can simply go to our website and join the conversation there. Kathryn, it's not an exaggeration to say that you are at least in part responsible for the 1998 Children's Online Privacy Protection Act known as COPPA.

NNAMDIIt was your leadership as a policy advocate that led to this legislation, and now, 14 years and a generation of Web innovation later, you're working to update the rules since this in a way is your baby. Let's first remind listeners about how we encounter COPPA on the Web.

MONTGOMERYWell, first, I'd like to talk to you a little bit about how we developed COPPA...

NNAMDIPlease do.

MONTGOMERY...and why we did because we're talking about the early days of the Internet when a lot of people didn't even know there was going to be advertising online. And we were following that marketplace very closely. I was running a nonprofit called the Center for Media Education, and the model for the Internet was one-to-one marketing, not targeting groups of people but targeting individual people.

MONTGOMERYAnd marketers already were beginning to put that in place, talking about developing ongoing relationships with products' spokescharacters, for example. What we decided to do was that we needed to have some kind of ground rules, some rules of the game if you're going to be marketing to children who were a very lucrative market. And we went to Congress. We went with a coalition of groups to get these laws in place.

MONTGOMERYAnd they're really designed -- this law is designed to limit data collection, to limit personal information collection. The way you will see it is on a children's website. There should be a prominent privacy policy, and there should be a requirement that, if you are under 13, you are not asked to give personal information about yourself.

NNAMDIHow effective do you think this privacy law has been, and do you think COPPA effectively anticipated the rapid arc of innovation that we've seen since its passage?

MONTGOMERYWell, first of all, COPPA has been very effective in guiding the development of this marketplace. These rules have been in place now for 12 years, and companies know, if they're going to market to children, they need to put some safeguards in place and things that we might have seen have not developed. So there is buy-in from industry, no question about that. We did anticipate changes.

MONTGOMERYWe knew we were at a time when this was a very, very new medium, and it was going to move forward and change very quickly. And now, we're at a very interesting moment because, with the growth of mobile and many, many children having their own mobile phones and...

NNAMDIThey have their computers in their pockets

MONTGOMERYAbsolutely. It goes with them 24/7. I think somebody said, you know, a cellphone is the only thing that a kid wakes up to in the morning, goes to bed with at night, but wakes up with and goes to bed with. So phones can follow them everywhere they go, and we now have geolocation. In addition to that, the kinds of data collection and behavioral targeting that target children's behaviors have -- are being perfected, and they are being developed on a very widespread basis so that you don't even know, as a parent, what's being collected from your kid.

MONTGOMERYAnd the company doesn't need to necessarily know the name of that child. A company can recontact that child easily by the various kinds of cookies and other technologies that track what that child is doing online. So we're in a whole new world. And COPPA was designed to be updated as those changes took place, and that's the moment we're in right now.

NNAMDIWe're talking about privacy rules for kids on the Web at 800-433-8850. How closely do you monitor what your kids do on the Web? What are the rules that you set? 800-433-8850. Jim Steyer, a number of advocacy organizations are involved in strengthening Internet privacy rules for kids, including your organization. What kind of enhancements are you looking for?

STEYERWell, I think fundamentally, I mean, Kathryn gave us a great history of it, and the fundamental enhancement is to protect the fundamental rights that kids and their parents have to privacy and cannot be tracked everywhere for commercial gain by large corporate interests.

STEYERSo I think that what we -- Kathy mentioned several -- I mean, one of them obviously is the whole mobile space had to be covered because that's evolved, so does the whole location-based services and geolocation stuff that's happened 'cause kids are vulnerable to being tracked in that way and having their data and personal identity and information exposed. I think also now we have an issue with first and -- with third-party plug-ins where you have app makers who are trying to track kids as well in order to make money off them with the parents really having no understanding of how that is.

STEYERSo I think you have a series of things, Kojo, now where the world has changed. COPPA was written, you know, I would say when Mark Zuckerberg was in diapers. It's actually correct that he was in elementary school when COPPA was written and when Kathy and her husband, Jeff, and others made it happen.

STEYERSo we just need to update their fundamental privacy laws in the United States, particularly when they apply to kids. And that's what the revisions that the Federal Trade Commission is proposing now are about. And, you know what, I think every parent out there and every teacher out there knows that kids' privacy is critical and that it's been called into question. So these revisions are very timely indeed.

NNAMDIKathryn, we've had some pretty public examples lately of how marketers are getting around privacy laws by having kids upload their pictures or providing the email addresses of their friends while they're using an app, playing a game or interacting online. How is this information being used? What's the fear here?

MONTGOMERYWell, first of all, the fear is that marketers can collect unbelievably large amounts of personal information from children, and we as parents don't know how it's being used. So we're looking at the possibility of dossiers on children being gathered, and those could go on with children as they grow up.

MONTGOMERYBut we also know that marketers want this kind of very granular information on personal -- on individuals, including children so that they can tailor marketing appeals, marketing messages, sometimes very subtle ones to them in a very personalized way, and that means knowing what their behaviors are, what their interests are, what their fears are. That is the model of behavioral targeting. That is the model that's being put into place for all of us. And a lot of adults are concerned about it to the extent that they know about it.

NNAMDIEmma, just last week, the FTC fined a unit of Warner Music Group $1 million for operating fan sites for artists like Justin Bieber and Rihanna that let underage visitors register and pay for membership without notifying their parents, which they were required to do. Is the bottom line for parents here that, even if a site asks for a kid's age for screening purposes, you really cannot be assured that they'll actually screen them out of using the site?

LLANSOWell...

STEYERYeah. I mean -- sorry. Go ahead.

LLANSO...it really depends on the operator, I think. It -- certainly, in the cases you were just mentioning, the FTC found operators who were not abiding by COPPA. They were obtaining what we call actual knowledge of the age of children, finding out that they had users who are under 13. And then it sounds like they were not following through with obtaining the right parental consent.

NNAMDIJim, you were about to say?

STEYERJust about to say this is sort of a classic example. As the parent of four kids, you know, they love Rihanna or Justin Bieber or whatever. So you have people with something that seems really appealing to your 7- or 8- or 9-year-old that can't wait to get that free thing or whatever it is that their favorite celebrity has. But it's actually an insidious tracking device by a company, and, yes, they don't get the parents' explicit permission.

STEYERAnd that's actually what this is fundamentally about. It's informed consent by families. I mean, if you look at what the average person out there feels, when you look at the polls about tracking of our data and our personal private information, you see the numbers are in the 80s to 90 percent of the public not wanting that to happen for themselves as adults and even higher when it comes to children.

STEYERBut what's happened is data is gold to the marketers and gold to the people who built the Silicon Valley-based tech platform. So they've done a lot of different things to try to get around our norms of privacy, and that's really what this update of COPPA is all about. 'Cause from a very simple standpoint as a parent, I don't want my 8-year-old -- and I have an 8-year-old -- going on a Rihanna or Justin Bieber site and revealing all sorts of personal information about himself just so he can get some little thing from some celebrity he cares about.

STEYERAnd that's at the heart of this because kids are easily tricked. They give up a lot of information, and their parents have no idea about what's going on. And they never give the informed consent that is sort of fundamental who are traditional, and I think it's a very important notion to privacy.

NNAMDILet me ask our listeners if they've had any experience with this. Has your child ever gained access to a site that shared personal information with other sites? Call us at 800-433-8850. We're talking with Jim Steyer. He's founder and CEO of Common Sense Media and author of "Talking Back to Facebook." Kathryn Montgomery is a professor at American University's School of Communication and author of "Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet."

NNAMDIAnd Emma Llanso is policy counsel for the Center for Democracy and Technology. You can also shoot us an email to kojo@wamu.org. Even when websites try to create more protected areas for kids, things can go wrong. Earlier this year, three men were accused of raping children they'd met using the social networking app Skout. Skout had created a more protected service for 13- to 17-year-olds after they'd noticed that minors had gained access to their adult dating app. Obviously, it wasn't protected enough, Emma. You know anything about that?

LLANSOI'm not particularly familiar with the details of the Skout case, but it certainly is an issue that comes up a lot when you're looking at sites that have mixed audiences. If you're having a service that is aimed at an older audience but you see younger children using it, operators, you know, are faced with these questions of what do they need to do to protect children's personal information but also address issues of child safety.

NNAMDIJanuary, a Consumer Reports study found that about 5.6 million or 3.5 percent of Facebook users are children under 13, and a study headed by a Microsoft researcher last year showed that a majority of parents who had underage kids on Facebook helped them get around the age requirements. What do age restrictions on websites say to users? Do most people evaluate the appropriateness of the content when they see an age restriction? Do they even think about the privacy issues? This for all of you, starting with you, Kathryn.

MONTGOMERYYeah. I mean, this is, I think, a good example of why we need COPPA as a law because here's a situation where parents were -- you know, their kids, for example, you know, kids who are, like, 10, 11, they're kind of teenage wannabes, so they want to be online. They want to be part of Facebook. It's the cool place to be. And a lot of parents aren't really familiar with the intensive data collection that takes place on Facebook. It's unbelievable how extensive it is.

MONTGOMERYSo they're put in a kind of difficult position to, you know, to have to so-called lie about their kids in order to get them online. In fact, Facebook could create -- part of its website could create services that were designed for younger kids. I'm not sure you'd want your 5-year-old or your 6-year-old on Facebook. But for that younger age group, they could do it.

NNAMDIAt 10, 11?

MONTGOMERYBut they could comply with COPPA, and they -- and we've actually asked them to. A coalition of consumer groups has said, if you are going to allow children on there -- and they know they're on there -- they can comply with COPPA and give parents the information they need to know to make informed consent. And they can also ensure that they're not, you know, engaging in the kinds of viral marketing campaigns and targeted personal marketing that they do with other users on Facebook.

NNAMDIJim Steyer, same question to you. Do most people, in your view, evaluate the appropriateness of the content when they see an age restriction?

STEYERWell, a couple of things. First of all, Microsoft funded the study that you're talking about. The average parent on that said that they thought the age for Facebook is 14 years and nine months that's the most appropriate age for kids to go in. So I actually think that parents are now, even in that study that was -- it's very clear that the average parent understands, in general, it's not just the issue of privacy. This is also the issue of the social, emotional and cognitive development of kids.

STEYERAnd I think, you know, kids, in a different context of privacy from tracking, oftentimes self-reveal before they self-reflect. So one of the big issues here is, why are we trying to introduce certain kind of platforms? It has both positive but significant harms and downsides from a social, emotional standpoint to kids at such young ages. Obviously, the reason is, from financial purposes, for them to make money.

STEYERBut I think that this begs a much bigger issue, which is basically this world of technology, which has brought a lot of great things to our lives in which we at Common Sense -- and I know Kathy and her colleagues and everyone sees the benefits of -- has enormous potential consequences for kids when not used wisely. And what has to happen here is a much more thoughtful approach. I personally don't think it's a good idea at all for Facebook to open.

STEYERThis is one place where I -- one of the few places where I would depart with Kathy. I don't think kids under 13 ought to be on Facebook 'cause I think you're just opening the flood banks. I don't want my 8-year-old learning to have 500 friends and to communicate on it with a click of a mouse or a cellphone as opposed to having face-to-face conversation.

STEYERSo I think this is a great conversation to have, Kojo, because this is something where when you get the average parent, the average teacher out there, and even the average young person, they're much more cautious about this when they understand what's really going on. That is why this conversation that we're having is so important.

NNAMDIKathryn?

MONTGOMERYRight. And for that matter, you know, even my college students don't all know what goes on with Facebook. You know, it's all -- there's a lot of it that's very much under the hood. The kinds of detailed data collection and targeting and the way the website operates is just unbelievable. And for young people who are using a social media platform like that, it becomes internalized. It's part of the way they relate to their friends. It's very habitual. They don't really think about the business model that's underneath it. They don't think about the data collection.

MONTGOMERYThey're not necessarily aware of that. When they're told about it, they're often somewhat alarmed at what they are learning about how much is collected on them and how it may come back to haunt them someday. And it's not just what they're putting online about themselves. It's what's being collected from every single move they make in that place, in that environment.

NNAMDIEmma Llanso.

LLANSOWell, I think this example shows the unintended -- some of the unintended consequences of COPPA and the effect its had on the development of sites and services since it's been passed.

LLANSOYou'll notice on Facebook, on most general interest sites around the Web, terms of service that say, you know this service is not for children under the age of 13. That's because of COPPA. That's because website operators want to have something that they can put in their terms of service that says, we're, you know, clearly not a site that's directed primarily to children, and we are affirmatively saying we are not for kids.

LLANSOThat doesn't change the fact the kids still want to be on the sites, but it means that you have situations like parents looking at some of the -- looking at Facebook and thinking, what I really want to do is just create an account for my child so that they can talk to grandma. I, you know, see an age restriction, think maybe it has to do with the appropriateness of the content and help their kid get an account even though it violates the terms of service.

LLANSOBut I think what this really shows is the challenges of trying to do this fine-grained distinction among ages of users on a website that appeals to a general audience. When we go to websites or use services online, those services don't automatically know how old any of their users are. The only way they can find out that information is if they affirmatively ask users for it and ask them for their age or date of birth or try to do more fine-grained age or identity verification.

LLANSONow, this is certainly not something that we, if we're concerned about privacy, we want to encourage a lot of. We don't want to encourage significant collection about -- of personal information from all users just so we can sort different users into different age buckets. It's important to remember about COPPA.

LLANSOIt's a law about protecting children's privacy and has worked by applying sites that are targeting an audience of children, or in the case where an operator knows the user is a child. It's not a law of general applicability to every website. It doesn't apply to websites that have general audiences.

NNAMDIAnd we're going to get to that in a second. But I have to take a short break. When we come back, we'll continue our conversation on Web privacy rules for kids, inviting you to join in by calling 800-433-8850. Are you satisfied with the restrictions in place for kids on the Web? 800-433-8850. You can send us email to kojo@wamu.org. I'm Kojo Nnamdi.

NNAMDIWelcome back. It's Tech Tuesday, and we're talking about new Web privacy rules for kids with Kathryn Montgomery. She's a professor at American University School of Communication and the author of the book "Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet." Jim Steyer is founder and CEO of Common Sense Media. He's the author of "Talking Back to Facebook." He joins us by phone from San Francisco.

NNAMDIAlso joining us in studio is Emma Llanso, policy counsel for the Center for Democracy and Technology. If you got comments or questions, call us at 800-433-8850. Have you ever helped young kids click through access restrictions to sites like Facebook? Why? 800-43-8850. Do you find all of this confusing? And we'd like some clarity. We'd love to hear from you. 800-433-8850. You can send us a tweet, @kojoshow, using the #TechTuesday or email to kojo@wamu.org.

NNAMDIEmma Llanso, the Center for Democracy and Technology has some concerns about how these pending rule changes to COPPA will impact innovation starting with the impact of the companies that have various plug-ins on websites. First, remind us of what a plug-in is and how it works. They want me to update my flash plug-in even as we speak.

LLANSOSure. So plug-ins for websites are essentially third parties who create some kind of service that helps improve the functionality or ad content to websites. So if I'm running a website that's directed to children, I might decide, you know, I'll create content on my own, decide site layout, that sort of thing. But I might use a plug-in in the form of an analytics provider to tell me how many hits I get on the site or how people use my site. I might use a plug-in that's a -- an advertising company to display ads on my site.

LLANSOAnd I might use a plug-in like a YouTube-embedded video if I want to add some content that's hosted on YouTube's site but have it displayed on my own website. Those are all different kinds of third parties who will be essentially running their service on my site. When a user visits my site, I will get information about the user's IP address. I may read some cookies on that user's browser.

LLANSOAnd the third parties that I've allowed to collect information through my site will also be getting that kind of information or potentially could get that kind of information. One of the proposals that the FTC has made has to do with this relationship between the operators who run the site that's directed to children and these third parties. The CDT agrees with one of the primary suggestions of the FTC that operators are the first party site.

LLANSOThe person who's running the site directed to children and who's making the decision to use all of these different plug-ins has an obligation to disclose all of the different parties that its -- installing on its site that it's allowing to collect information through it's site. The person running the website is going to be in the best position to know who are they allowing to collect information through their site.

LLANSOAnd they're also going to be in the best position to have that relationship with the parent and put that notice in front of the parent as the child comes and visits the website and get consent for that information collection. What -- where we have concerns is the commission has also proposed that plug-in developers -- so say, take YouTube, for example -- who know or have a reason to know that a site directed to children is using their service, those plug-in developers may also have their own independent COPPA obligations.

LLANSOIt's not exactly clear what this means, how a plug-in developer is going to have reason to know that a site directed to children is using their service, and so we think it raises a lot of confusion for plug-in developers. They often provide a code for users to put on their own websites completely for free and with no real...

NNAMDISo if I have to use an Adobe Flash plug-in to access some audio or video information, both the person who's running -- both whoever is running that site and Adobe Flash have to inform the user at that site that information is being collected. You have some concern about that.

LLANSOWell, I think, flash plug-ins may be a little bit different because they're browser plug-ins that help you display content on a site. But in any case, yes. If you're -- say, if you're visiting a site that has YouTube video on it...

NNAMDISure. YouTube.

LLANSO…the commission is saying that both YouTube and the site directed to children would have to get consent.

NNAMDIWhat do you say? Kathryn Montgomery.

MONTGOMERYI think you have to look at this in the context of this era of big data where all of these companies are working together. And the idea is to maximize data collection for targeting purposes. So what the FTC is trying to do here is to ensure that as they take this very critical look COPPA and whether it can work in this emerging era of big data, that there are no loopholes and that the responsibility is where the responsibility needs to be.

MONTGOMERYAnd if it only applies to the website operator and there are no responsibilities on the other parties who are all part of this data collection and marketing and who all profit from reaching child audiences, then we could have a problem. And I -- you know, we're having a lot of debate about this. It's highly technical when you have people sitting around, talking about it. It's like, oh, my gosh.

MONTGOMERYBut people should understand that this is the new digital marketing era we are in. And the FTC, I think, is taking a very responsible approach to this and will weigh all of the comments and hopefully will make the right decision here.

NNAMDIJim, before I go to you, allow me to ask Emma a follow-up here because there's so much cross-site integration, as Kathryn just pointed out, on the Web these days. This plug-in requirement seems like a very slippery slope. How do you think we should enhance privacy for kids yet not put extra burdens on websites that are not targeting children?

LLANSOWell, I think there are a few answers to that. One is certainly this proposal of the commissions to have the first party Web -- person who's running the website actually disclose all of the information collection that's happening through their site in a way that's clear, that parents can understand and really obtain actual consent for parents and let parents know if you're running a site that allows 50 different organizations or 50 different companies to collect information about your child, a parent may not actually want to give consent for that.

LLANSOSo really putting that kind of notice right in front of parents is very important. But I think, you know, from a broader perspective, what we're seeing with -- as, you know, Kathryn's talking about the -- we're in the era of big data, there's so much data collection by so many different entities. What we're really missing in this country is baseline consumer privacy legislation that actually protects all users regardless of what their age is from unfair data collection practices, selling and trading of data without user's knowledge or consent.

MONTGOMERYThere's, you know, there's a real need to get a fundamental level of protection for all users that would, I think, make -- be a lot more workable than something that requires this kind of distinction between users based on age and would give all of us protections that I think we'd really like.

NNAMDIJim Steyer...

MONTGOMERYI think I -- may I just say...

NNAMDISure.

MONTGOMERY...that I've been pushing for that for the last 15 years. I mean, I've been part of that broader movement for privacy policies for all of us. But I would like to also say that -- and first, if we just sat back and waited for that, I don't know if we'd have any prior privacy protections. There's huge pushback from industry.

MONTGOMERYBut the other thing is there are, as Jim pointed out earlier, there are specific issues about children that make them different. They're not adult consumers. They have cognitive differences. They don't always understand when they're -- somebody's trying to persuade them. They get confused about what's an ad and what's a program. So there are a number of things that make children more vulnerable than regular adult consumers, and we have to keep that in mind as well.

NNAMDIWell, Jim Steyer, what I'm hearing here is that, yes, there is some agreement that there needs to be across-the-board privacy protections for all consumers. But what Kathryn seems to be saying is that children still do fall into a separate category.

STEYERDefinitely. And my overall take on this is, look, this, for me, as a parent of four kids and someone who works, you know, in schools all across the country, the industry has spent all their time just trying to water this stuff down, Kojo. They're -- I have very little patience for the overall worries of the industry here that it's, like, over 14 years with no new legislation. Remember COPPA was written in 1998.

STEYERI hope our audience remembers how long ago that was, and there have been massive technological changes. And we're still trying to split hairs and do as little as possible to protect children. And I think Kathy's answer was completely correct about this. But the bigger picture is clear, and I think that the Federal Trade Commission's recommendations have been lobbied and lobbied by legions of lawyers and lobbyists for the tech industry and for the app makers, et cetera.

STEYERThe bottom line is this: we need really clear privacy protections for kids, for their parents, simple and easy and understandable. And the burden ought to be on the industry who's making trillions of dollars off of them in the long run. So I think some of these arcane argument -- I do know they matter, and I say that really respectfully to Emma and her organization. But at the end of the day, the industry just tries to water all this stuff down.

STEYERThey try to totally split hairs, and they basically try to gut or water down any kind of regulation that they can so that they can collect as much information about kids and that they can target them with their constant commercial offerings. That's really the big picture, in my opinion. And it's time that we as a society said enough is enough. Jon Leibowitz and the FTC have been pretty strong on COPPA.

STEYERAnd it's just time we went -- we got these revisions done and actually had a new privacy law as well because these are huge issues for every child out there, and some of these arcane details matter. But they're -- but they lose sight of the bigger picture, which is that kids are really the big losers in the long run for a lot of these violations.

NNAMDIWell, got to tell you how I think about 1998. 1998 was the year I started hosting this show, and I can't tell you how many listeners have said to me, Kojo, you've been hosting that show, like, forever, right?

NNAMDISo that's what 1998...

STEYERIt's a long time ago.

NNAMDIYes.

STEYERJust think about it.

NNAMDIOn to the telephones. Here is Elizabeth in Washington, D.C. Elizabeth, you're on the air. Go ahead, please.

ELIZABETHHi. Thanks. I'm 26 years old. I got my first email address when I was in the sixth grade. And from then, through the next decade, my Web savvy and my Internet knowledge was light-years ahead of that of my parents. I don't think that's the case as much anymore, especially as we have younger parents bringing up new children who have a different kind of Web savvy. And as one of the panelists -- I'm so sorry. I don't remember who.

ELIZABETHBut one of the panelists noted a lot of parents are helping their children circumvent these laws that are in place, and I think the laws are crucial. I think they need to be tightened up, as everyone is saying. But I'm wondering how much -- what kind of onus we can place on the parents to educate their children about Web safety and how much data is OK to give out and what kind of data is OK to give out. At what point does parental responsibility come into play at this conversation?

NNAMDIIt comes in at two points. I'll let Kathryn Montgomery address the first, and we have a caller, Mark in Washington, who may be able to help you address the second. But, Kathryn, go ahead, please.

MONTGOMERYObviously, parents have responsibility here, but it's very, very difficult for parents to understand what's going on online. And if we did not have a law that can help ensure that parents are informed of the kind of data collection taking place on the sites where their kids are, I think it -- they would just be completely overwhelmed by it. This is really, really a complicated environment that's been created here.

MONTGOMERYAnd the other problem is a lot of the data collection that takes place takes place totally under the radar of parents, and that's one of the concerns that I have. So the kinds of things -- Wall Street Journal did a little research survey last year that noted the number, the enormous number of tracking devices and cookies and so forth that were being placed on very popular children's websites that no one knows about. And so it's really very, very hard for parents.

NNAMDIElizabeth, I'll put you on hold while we get the other part of the answer to that question, in a way, from Mark in Northeast Washington. Mark, you're on the air. Go ahead, please.

MARKNo. I don't think I got an answer for nobody. It's more of a question. My daughter is more tech-savvy than I am.

NNAMDIVoila.

MARKI can't navigate the Internet without her, and a lot of times when I get stuck or something, she's the one who gets me out of it. But in hearing the conversation, I'm very concerned about what she has access to. So how will I, as a parent, be able to check what she does online?

NNAMDIThe answer, Elizabeth, is that a lot of parents are less tech-savvy than their children are. So putting the onus on parents means often putting the onus on people who do not have the skills to properly supervise what their children are doing. And I guess you, Jim Steyer, would agree that's one of the reasons that you're pushing for an update of this law.

STEYERWell, that's true. I mean, look, Common Sense, you know, we are in over 100 million homes with our Common Sense content. A lot of -- and it's aimed at parents. So we obviously believe that parents have a big role here. We also now have a digital literacy and digital citizenship curriculum, which includes a lot, by the way, about privacy and simple, easy-to-understand stuff about privacy. That's in nearly 40,000 schools in the United States now.

STEYERSo we believe that parents have a role in this, no question, so do teachers. But Kathy is totally correct about this. Look, I can't keep up. And I'll bet, even though you've been on the air, this show, for 14 years, Kojo, you couldn't keep up with all the different little things...

NNAMDIEven with Tech Tuesday every Tuesday. You're right.

STEYERBut, you know, the thing is -- no, but in all seriousness, there's so much that's complicated out there. And the truth is the idea that the industry continually suggests that the onus is all on parents is almost laughable to me. This is a -- this is an industry which has done enormous innovation that's benefited all of us and which we really applaud at Common Sense. And a lot of what we do in our -- at my day job at Common Sense is highlight all the good stuff that kids and educators and families can use in terms of media and technology.

STEYERBut they're so irresponsible when it comes to the privacy stuff. And there's -- and they -- sort of there's a radio silence from the leaders of Silicon Valley about not just the privacy issues, but also about some of the social, emotional and cognitive development consequences of some of this technology, not just privacy, but -- as I said, social, emotional -- but addiction, ADHD issues. These are big deals.

STEYERAs technology has gone everywhere, these issues are huge, and it's not just parents who are responsible for dealing with it. And the industry just has gotten largely a free pass over the last decade or more, and they have more lobbyists and lawyers per square inch in Washington than anybody, than the oil industry, it seems. So I think this is about having a reasonable conversation, but telling the industry that we want regulations. And I believe we need -- I actually think we need more than just COPPA revisions. I think we need a new do-not-track kids' legislation.

NNAMDIWe're about to come to do-not-track as soon as we take this short break, Jim Steyer.

STEYEROK.

NNAMDIAnd, Elizabeth, thank you very much for your call. You, too, can call us at 800-433-8850 or send email to kojo@wamu.org. Are you satisfied the -- with the restrictions in place for kids on the Web? How closely do you monitor what your kids do on the Web? 800-433-8850. I'm Kojo Nnamdi.

NNAMDIIt's Tech Tuesday. We're talking about new Web privacy rules for kids with Emma Llanso, policy counsel for the Center for Democracy and Technology, Jim Steyer, founder and CEO of Common Sense Media and author of "Talking Back to Facebook," and Kathryn Montgomery, professor at American University School of Communication and author of "Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet."

NNAMDIInviting your calls at 800-433-8850. Kathryn, Jim Steyer mentioned this. Early this year, the advertising industry said it would honor do-not-track options in Web browsers by the end of this year. But last week, the chairman of the Federal Trade Commission said it looks like advertisers are backing away from that. In Amsterdam last week, advertisers and privacy advocates tried to come to an agreement on a do-not-track law, but they failed. What's the sticking point here?

MONTGOMERYThe sticking point is lots of money, and the sticking point is also that this whole big data era has ushered in a set of practices that are all about invading people's privacy. And the industry has basically put its money there, and that's the model the industry wants. And, you know, when companies decide to put in their browsers, you know, a do-not-track and people want do-not-track, people would really like to be able to say, I don't want to be tracked.

MONTGOMERYA study just came out a week ago at UC Berkeley that showed that. And when that starts to be kind of automated in software, the rest of the industry is basically going ballistic over it. They don't want to give customers that right. And the Europeans are very, very upset about it because they have a whole different model there where privacy is seen as a right. We don't view it that way here.

MONTGOMERYAnd so it's a huge fight. It's not over yet. But it just shows how much is at stake here and, as Jim was saying, how powerful this industry is to fight back and to push back against a very small number of consumer advocates and privacy advocates trying to fight this battle on behalf of all of us.

NNAMDIWell, Jim, do you think you're tilting at windmills here? Do you think there...

STEYERNot at all, not at all.

NNAMDI...can, at some point, be a do-not-track law for kids, or are there too many commercial interests at stake?

STEYERNo. You know, I'll tell you why. Simple, two reasons. One, we're right, and privacy is a fundamental right in the United States. You know, I teach civil rights and civil liberties at Stanford when I'm not running Common Sense, and, you know, privacy is recognized as one of the few fundamental rights in the United States under the 14th Amendment to the Constitution. So there's no question that that's true.

STEYERBut I think the bigger thing is that the public is waking up to this. Kathy is totally correct that, you know, there's 800 lobbyists to -- for the industry compared to every one that there is for kids in education and family. But the truth is the public agrees with us by huge margins. So I actually believe we're going to get it.

STEYERI think it's going to take some time 'cause I think the industry, as Kathy just said, has spent, you know, many millions and millions to try to block legislation, to block regulations like the COPPA revision and, quite frankly, to just try to push this stuff under the rug so that they continue their massive march towards data aggregation. But ultimately, the public is getting this and that people, quite frankly, are all on our side. So I do believe there will be Common Sense legislation probably even as early as next year or the year after.

NNAMDIWell, some company seemed to be trying to get ahead of the curve. Microsoft has set Do Not...

STEYERMicrosoft...

NNAMDI...Track to be on by default. Mozilla's Firefox and Apple Safari have Do Not Track buttons that are not automatically activated but don't contain specific language about data that could be collected if enabled. Google had said it will include a Do Not Track option in its Chrome browser by the end of the year. Emma, do you see companies trying to head off this Do Not Track movement by putting tracking protection features into their browsers?

LLANSOWell, I think what we see is the browser makers are really responding to exactly this kind of consumer awareness that Jim is talking about, that more and more consumers, more and more users are understanding that there is data collection going on that they don't know about, don't understand, don't want to enable. And the browser makers are really responding and saying, OK, we're going to figure out something technical we can put in your browser so that, as you go around the Web, you can, you know, send out your message that you don't want your behavior to be tracked.

NNAMDIIt'd be interesting to know if there's anyone in the audience who knows for sure how to turn on these Do No Track features in their browsers, 800-433-8850. Over here is Frances in McLean, Va. Frances, you're on the air. Go ahead, please.

FRANCESMy question is related to the age and education. You keep speaking of parents need to give permission for their children to go on certain sites. And I have high school students, and all of their textbooks are online. They're constantly online. I want to know how this impacts education. And are they being tracked when they're constantly online at school and at home?

MONTGOMERYThe answer to that is, yes, they are. And I think parents do need to know more about what's going on. And even more importantly, we have called for -- and I know that Jim's group has as well -- safeguards for adolescents, not necessarily the same model where parents have to give their permission in advance of a teen going online but really to provide more information to teenagers about what's being collected from them.

MONTGOMERYWe also know that teens have their own developmental issues and some vulnerabilities. They're influenced by peers. They don't always think ahead about the consequences of the -- of what they do, and they're sometimes impulsive. So they are very, very involved in the social media and a lot of other online sites where they may not be fully aware of what's going on. And we think that marketers have an obligation to them as well.

MONTGOMERYAt the same time, we want a system that enables young people at this age to be able to participate fully and to take advantage of all the wonderful benefits of the Internet, particularly the educational ones. So we need to create some kind of balance there, which is why we're calling for fair marketing and fair information principles for adolescents.

STEYERJust to add there if I could to what Kathy said...

NNAMDIThis is Jim Steyer. Go ahead.

STEYERYeah. I'm sorry about that, Kojo. But that's a really good question 'cause Kathy is right. I mean, you have to look at -- the teens are huge, and there need to be big privacy protections and a lot of awareness efforts directed at teens. And COPPA doesn't do that. But then the thing about the education tracking is different than, say, just a pure commercial tracking that is going on to all of us and, unfortunately, to all of our kids right now 'cause in education, you do want to be able to trace kids, say, if they moved schools.

STEYERSo if, you know, you moved from Bethesda to Potomac or you go to a different school in D.C. or wherever, you need to be -- you do want to be able to track the information and educate yourself, but you need very important privacy protection care. So this is one of the other areas of privacy laws that has to be rewritten and thought through carefully. Arne Duncan, the Secretary of Education, has a chief privacy officer, and he's thoughtful about that.

STEYERBut there are areas where we do want to be -- and this is also true in the health care area where you want to be able to keep patient records, but there are enormous privacy concerns. So what we want to do is craft a really broad privacy policy for our country, particularly if it applies to kids and teens in education. And there will be differences depending upon the purpose of the tracking. I mean, if school wanting to make sure that they can tell how you did in math from one year to another, it has a noble purpose behind it.

STEYERAnd that's very different than McDonald's trying to lure your kid into buying something or to keeping their information so they can target them with constant advertising. So we really do need this fundamental revision of privacy protections in the United States, and we need to have -- that's why I'm so glad we're doing this show, Kojo, because this is a conversation that's going to have to happen.

STEYERAnd we need new Common Sense regulation, but one where the voices of the consumer and the parents and the kids are predominant as opposed to the industry, which has basically run the show for the last decade.

NNAMDIFrances, thank you for your call. And speaking of the industry and the voice of consumer, are they necessarily at odds? We got this email from McGauley (sp?) in Brooke, Va.: "There's a fundamental question behind this debate. What are the rights of businesses versus the rights of individuals? Should one set of rights have priority over the other?" I guess that's what they were talking about in Amsterdam, Kathryn.

NNAMDIAnd whether -- care to comment on that all, Emma? Are those rights necessarily in conflict?

LLANSOWell, we would hope not. I mean, one thing we have to -- that's underlying this whole conversation is the fact that, you know, the advertising that we're talking about, the -- whether it's contextual advertising or behavioral advertising, this is the -- their revenue stream for -- yes, for companies who are collecting a lot of data and making a lot of money. But it's also the revenue stream that helps support all of the free content and services online.

LLANSONow, this is not to say that the fact that you can get a free, you know, free YouTube videos whenever you want justifies a huge amount of data collection -- absolutely not. But we have to understand that there is not -- no reason for the advertising that happens online. There is not necessarily nefarious reasons for advertising that happens online. It's part of the ecosystem that has supported this development of free content and services for all users.

LLANSOSo as we're looking at figuring out ways to protect user rights and give users the ability to, you know, really set their own ground rules with regard to how companies and industry collects their information, we've got to understand the whole ecosystem and understand the kinds of consequences that different laws and regulations are going to have on exactly the kind of content and services and platforms for user speech that we want to preserve.

MONTGOMERYBut it's always going to be a balance. I don't care what industry you're talking about. There is always -- it is always going to be a balance between the rights of industry and the rights of consumers. And we've needed impose regulations in almost every area of enterprise to protect consumers, no question about it. And as to the business model online and this argument about free content, I think we have to look to see what the implications are if we adopt the one-to-one model and we don't create the kinds of protections that need to be in place. It's not either-or, though.

NNAMDIGot an email from Katie, who says, "I haven't heard anyone talk about why 13 is the magic age for it to be OK to set up Facebook accounts or conduct other business on the Internet. Who decided that 13 is adult enough? Why not 16 or 18? Did Facebook make up the 13 rule? I think it is too young, but a parent can't make a case against it if the site makes it legal." What say you, Jim Steyer?

STEYERWell, like, two things, and then Kathy -- since she was so involved in writing COPPA in the first place -- could answer. But I would tell you this, I mean, my recommendation to parents out there -- and, again, remember I run a leading group in this area on this kind of stuff -- is just basically say, I think...

NNAMDIYou only have about a minute left, Jim.

STEYERFacebook is very good for kids -- it's appropriate to my opinion for kids 15 and up because of the social, emotional issues. I actually think that that would be a better age. That said, COPPA was written for different reasons, and Facebook is just following the regimen that was written in 1998 by Kathy. But I would urge parents to think about Facebook accounts for their kids when they're 15, 16 and able to handle the stuff a lot more better -- a lot better than...

NNAMDIWhy 13, Kathryn?

MONTGOMERYWell, 13 was a tradition, certainly, in marketing protections, and it's also considered an age at which young people are entering the teenage years and are a little bit more...

NNAMDIEntering adolescence.

MONTGOMERYYeah. A little bit more mature. But I agree with Jim. You know, maybe for some sites, it should be a little higher. It isn't a magic number...

NNAMDIEmma Llanso, you get the last word.

LLANSOAnd because COPPA, when it was passed -- and today, requires parental consent for collection of kids' information -- the age of 13 was set because, above that, you start infringing on minors' own First Amendment rights. So there was a big fight around the time of COPPA's passage that a 16-, 17-year old should not have to get parental permission before giving out their email address to get information about health or religion or political information.

NNAMDIEmma Llanso is political counsel for the Center for Democracy and Technology. Jim Steyer is founder and CEO of Common Sense Media and author of "Talking Back to Facebook." And Kathryn Montgomery is a professor at American University School of Communication and the author of "Generation Digital: Politics, Commerce, and Childhood in the Age of the Internet." Thank you all for joining us. And thank you all for listening. I'm Kojo Nnamdi.