Parental control company sells data on what kids say

A software product sold to protect children from predators, cyberbullying, and visiting inappropriate Web sites is also collecting information about what the kids are saying, and its publisher is selling that data--in aggregate form--to other companies for marketing purposes.

In an interview, Echometrix CEO Jeffrey Greene said that the company doesn't collect or report the names or any identifying information about the children. "We never, ever, ever can identify who the kid is who is saying it. In fact, we don't have any information about the individual child," he said.

Box shot of Sentry Parental Controls from company Web site

(Credit: Echometrix)

The company's Sentry Parental Control Software, according to Greene, is designed to warn parents if a child is engaged in inappropriate online behavior by analyzing a database of 29,000 words including what he calls "Weblish," slang terms like POS (parent over shoulder) that kids use as short cuts in instant messaging and chat rooms. To do this, said Greene, it's necessary for the company to capture this information so "we can monitor these kids and the conversations they are having and the things they are seeing and all the words that are coming to them and all the words they're sending out, so we can make decisions and identify questionable activities and let mom and dad know about it right now--in real time."

In addition to notifying parents if their kids are doing something questionable, the company also sells summary data based on this information--in the aggregate--to other companies. A press release on its Web site describes a product called Pulse "that reads digital content from multiple sources across the Web, including: instant messages, blogs, social environment communities, forums, and chat rooms." The company says that it delivers the unsolicited raw conversations in real time. It gives marketers immediate, unique information about what teens are saying in their own words."

Greene says that the service can let companies "in real time, find out what the kids are saying about your product and all your competitors' products...I can't tell you who said it, I can only just tell you that a lot of kids said it."

Greene said that the company does provide a disclosure to parents as well as a way for parents to opt out, but the information in its end-user license agreement is written in the typical legalese and is a bit contradictory. In one section, it says "SearchHelp (recently renamed Echometrix) does not read or disclose private communications except to comply with a valid legal process such as a search warrant, to protect the company's rights and property," but in another it says "We have a parent's permission to share the information if the user is a child under age 13. Parents have the option of allowing SearchHelp to collect and use their child's information without consenting to SearchHelp sharing of this information with people and companies who may use this information for their own purposes."

At my request, the company provided a link to a Web page where parents can opt out of the collection process.

Spyware?
David Perry of TrendMicro, which includes parental control tools in some of its security products, said he isn't aware of any other parental control products that capture this type of information. "This is a severe case of what we used to call spyware," he said. Perry worries that even though the software may not collect the names of the children, "those names could be included in some of the chat messages."

Taking Greene at his word, and assuming that the company carefully avoids sending out identifiable information, I still can't shake the creepy feeling that I get about any product that collects any information from children, especially in the name of child protection.

Listen to my interview with Echometrix CEO Jeffrey Greene

Listen now: Download today's podcast

[Electro_Fox]

I think Mr. Greene eats babies for breakfast...

[Police_States_of_America]

totalitarianism4tots

[cordwainer60]

Does Echometrix really have such a short memory? It was only 2 years ago that AOL decided to release 3 months-worth of search keywords for research purposes. They, too, claimed the records had been anonymized and that they contained no information about the individual user.

Of course, it didn't take very long for a whole lot of people to notice that some searchers had typed in personal information such as name, Social Security number, etc., then that each user was assigned a unique key.

Cross-referencing the data with public records and phone books, The New York Times was quickly able to identify one of the searchers by name, and showed how easy it would be to identify others.

Afterwards, a class action suit was filed in U.S. District Court, to wit: "The lawsuit accuses AOL of violating the Electronic Communications Privacy Act and of fraudulent and deceptive business practices, among other claims, and seeks at least $5,000 for every person whose search data was exposed."

Perhaps Mr. Greene should review the case, and run it by his attorneys, since this is obviously, at least to my mind, a similar violation of privacy, with precedent in law. Certainly, if the default is "opt in", as it seems to be, and parents must visit a web site in order to "opt out", Echometrix had better change that, and fast, to make the default "opt out." It has been pretty well established in the last couple of years that any default "opt in" is considered to verge on deceptive practice, especially when companies fail to notify customers clearly and repeatedly of their right to opt out.

Next, parents should run - not walk - to find alternative Parental Control software. Otherwise, they may find their childrens' personal information is findable and usable, not just by a newspaper, but by every pervert out there looking for children to abuse.

As a computer consultant, who is constantly asked for product recommendations for this purpose, I will definitely be passing the word around to boycott Echometrix for the sake of your children's safety.

[larrymagid]

Good point about finding an alternative program. There are plenty good ones available including at Microsoft Family Safety and Norton Online Safety -- both of which are excellent and free.

Larry Magid

[cordwainer60]

Correction: the AOL fiasco was 3 years ago, August 2006

[Jourdy288]

Yet another piece of bloatware, honestly, 29,000 words of "Weblish"? It's gimmicky, fickle, and has far too many variables. It's just as bad as the Parent File Scan.

[Future_Protector]

Read this:

SearchHelp Inc. announced that its Echometrix division has signed an agreement to jointly develop with FOX Broadcasting Company, Inc., wherein they will provide feedback and entertainment industry expertise to customize their unique market sentiment and behavioral analysis product, called the Pulse. The Pulse is due to be released in the first quarter of 2009. 'Echometrix technology is unique in that it understands and analyses digital content in real-time, but more importantly, allows each user to build and customize their own sentiment indices, all from a web-based dashboard. The Company is in talks with other major consumer marketing companies to use the Pulse and the Echometrix technology in an effort to create a set of customizable solutions that could become an industry standard tool for marketing decision makers. Echometrix has currently identified at least 26 consumer product category markets that it plans to pursue, each consisting of more than 1000 marketing decision makers.
Echometrix are also developers of filetering programs designed to protect children from visiting sites deemed inappropriate for their age group. What it does is record the weblogs and chatlogs of the user, supposedly the child and then collate them to provide an advisory to parents to make them active partners in the web filtering activity.

The problem is not all the data collected is relevant to the goal of filtering. So what does the company do with the other data collected? It sells it as ?consumer data?. The gall. Violating privacy rights in the guise of protecting children. May they get gallstones because of this.

[The_Ghost_Rider]

This is one of the most disturbing things I have heard about on the net in a while. I have a lot of problems with this story, but the standout is when Greene says:

"We never, ever, ever can identify who the kid is who is saying it. In fact, we don't have any information about the individual child,"

But of course you do Mr. Greene, you have the registration information from the software itself when a parent installs it thinking they are protecting their child, but really allowing you to peddle it. You also have the IP address, you have to have this because your software, if there is a filtering issue will "let mom and dad know about it right now--in real time."

Not all of us are as gullible as you would want us to believe Mr. Greene.

Like Cordwainer60 said, kids are typing stuff all the time like their number, or address, probably more so if they are lulled into a sense of security because they are not posting it publicly on a message board or Facebook, but on what they think is a private chat with someone they know and trust.

Sounds like Echometrix provides the tools so parents can spy on kids, so Echometrix can spy on everyone. I mean really, how do they distinguish who is using the computer at any given time? What happens when someone buys this stuff to check up on a spouse or roommate, or some other spyware purpose. That is bad enough, but now the nature of those conversations might very well end up in the hands of the highest corporate bidder!

What is really scary is if you Google "Echometrix" on the second page of links there is a complaint page, which if the information there is true, it is extremely disturbing and there is no way in hell I would want these people safeguarding internet surfing of my child, let alone trust them to properly safeguard the information they collect.

Great job Larry on alerting us to what might be the most nefarious Trojan horse to hit the net in a long time! What if anything can we do about this?

[fondy]

One of the disturbing things about this is how a private company can do something like this and it's okay (to many people), but if a govt agency were to do it, the ACLU would have field day. You have to wonder what kind of access the govt gets to customer data after they bail out a company.

[screamapillar]

The irony of a company you have engaged to protect your children, then selling your children's information to empower marketing corporations to prey on them. Do they honestly believe that one of the predators out there on the net isn't the marketers? Do we really want to empower these marketers to better target our children?

Our kids are already obese, diabetics with no sense of the value of money nor social responsibility (yes I'm over generalising but...) - it is at the point where legislatures are seriously considering in many jurisdictions banning certain types of advertising on TV due to the negative and seriously destructive influence on children (eg banning candy ads). How can they (government) and we (parents) possibly compete with such targetted data harvesting? Half of us get these monitoring/protection products to protect our kids FROM the marketers - not to feed them straight to the beast!

Echometrix - you are meant to protect our children, not throw them to the corporate wolves.

[wfrm]

I would say it very much seems that they went into this "Child Protection" business specifically with the more lucrative marketing scheme in mind. It wouldn't surprise me a bit that this was the whole purpose of a very complex system of capturing every word typed on the computer to "warn" parents.