To highlight the increased crime during the holidays, security company McAfee has come up with the "12 Scams of Christmas" ranging from bogus electronic greeting cards that deliver malware instead of cheer to fake charities that steal your money and your identity.
It's especially important to be extra careful this time of year, says McAfee's David Marcus. "The bad guys know people are spending more time online, they're paying more bills online so [the criminals] stand a chance of being a bit more successful this time of year.
In a podcast interview (scroll down to listen), Marcus counted down the 12 scams of Christmas starting with:
- Charitable phishing scams: Marcus warns consumers to be wary of e-mails that appear to be from legitimate charities. Not only will they take your money and deprive charities of needed funds, but they will also steal your credit card information and identity.
- Fake invoices from delivery services: During this period, scammers will send out fake invoices and delivery notifications appearing to come from Federal Express, UPS, the U.S. Postal Service or even the U.S. Customs Service saying that they were unable to deliver a package to your address. They ask you to confirm your address and give them credit card information to pay for delivery.
- Social networking friend requests: Bad guys take advantage of this social time of year by sending out authentic looking friend requests via e-mail. Marcus recommends that you not click on those links but sign into Facebook and other services and look for friend requests from the site itself. Clicking on a link could install malware on your computer or trick you into revealing your password.
- Holiday e-cards: Be careful before clicking on a holiday e-card, especially if it's from a site you haven't heard of. This is a way to deliver malware, pop-ups, and other forms of unwanted advertising. Some fake e-cards will look like they come from Hallmark or other legitimate companies, so pay close attention and make sure it's from someone you know. If you're going to send an e-card, be sure you're dealing with a reputable service lest you risk infecting yourself and your friends.
- Fake "luxury" jewelry: If you see an offer for luxury gifts from companies like Cartier, Gucci, and Tag Heuer at a price that's too good to be true, it probably isn't true. These links could lead you to malware and take your money or merchandise that will probably never arrive (or be fake if it does). Some of these sites, according to McAfee, even display the logos of the Better Business Bureau.
- Practice safe holiday shopping. Make sure your wireless network is secure and be sure you're shopping on sites that are secure. Though it isn't an iron clad guarantee, you should look for the lock icon in the lower right corner of your browser and make sure the Web page starts with https. The "s" stands for "secure."
- Christmas carol lyrics can be dangerous: Bad guys know that people are searching for holiday related sites for music, holiday graphics, and other festive media. During this time, they create fraudulent holiday related sites.
- Job search related scams: With the unemployment rate at 10.2 percent, there are plenty of job seekers looking for work. Beware of online offers for high paying jobs or at-home money making schemes. Some of these sites ask for money up front, which is a good way for criminals not only to steal your "set up fee" but misuse your credit card too. Marcus said that some "get rich quick" sites are all about money laundering, asking you to accept an inbound financial transfer and pay them.
- Auction site fraud: McAfee has observed a rise in fake auction sites during the holidays. Make sure you're actually going to eBay or whatever site you plan to deal with.
- Password stealing scams: Criminals use low-cost tools to uncover passwords, in some cases planting key logger software to record keystrokes. Once they get your passwords, they gain access to bank accounts and credit card accounts and send spam from your e-mail accounts.
- E-mail banking scams: A common type of phishing scam is sending out official looking e-mails that appear to come from your bank. Don't click on any links but type in your bank's Web address manually if you need to access your account.
- Files for ransom: Hackers use malware to gain control of your computer and lock your data files. To access your own data you have to pay them ransom.
Listen to Larry's interview with McAfee's David Marcus
Listen now: Download today's podcast
Google's new SafeSearch page
(Credit: Google)Google has long allowed parents a SafeSearch filtering setting that keeps kids from using the search engine to find inappropriate sites like those with explicit sexual images or text.
The problem was that kids could easily change those settings.
Starting Wednesday, however, the company is allowing parents to lock those settings to make it harder (though not impossible) for kids to bypass the settings.
To change the settings, the parent will have to log into his or her Google account and enter a password. Once the settings have been changed, the Google search engine will change in appearance to indicate that it's locked. The new page will have large balls in the upper right corner so that parents can see from across the room that their kids are on the safe search page.
The settings, which places a cookie on the machine, must be configured for each browser the child uses. If you set them only for Internet Explorer, for example, they won't restrict access from Firefox, Chrome, or other browsers. Also, according to a Google representative, the child can get around the settings by using the private browsing feature that is now built into the latest versions of Firefox, Internet Explorer, and Chrome. So, while this will keep kids from accidentally using Google for inappropriate searches, it will not deter tech-savvy kids who are determined to bypass the filters.
As I've said in other posts, filters are never a foolproof way to keep "tweens" and teenagers from inappropriate content. There are always ways to get around them, including using a different machine or mobile phone. Filters are effective for keeping young children from stumbling onto disturbing Web sites and they can be a deterrent to somewhat older kids who might have a momentary or casual interest in looking at material that their parents wish to block.
With all filters and controls, it's important for parents to think about how you use them to help teach your child to exercise self-control and critical thinking so that, eventually, they can safely use the Web without filters or adult supervision. Also, for very young children, say 5 and under, its remains a good idea to be with the child while he or she is online. Tools like Google's SafeSearch are helpful, but they are no substitute for close parental supervision, especially with young children.
Listen to Larry's interview about Google SafeSearch with Google's Scott Rubin
A story recently surfaced saying malware could plant child porn on innocent people's computers without their knowledge. Just how real is this threat? And how can you keep it from happening to you?
Being accused of possessing child pornography can ruin people's reputations, confront them with overwhelming legal bills and, if convicted, and deprive them of their freedom for years if sentenced to prison time, and perhaps for life, if they're required to register as sex offenders.
That is why, at least in part, a recent case outlined by the Associated Press raised concerns over computer viruses being used to plant child pornography on people's computers. But the innocent have little to fear, according to experts.
The AP story reported about the case of Michael Fiola, a former Massachusetts state employee whose state-owned work computer was found to contain illegal child pornography images. He was fired and charged with possession of child pornography which, had he been convicted, could have landed him in prison for up to five years, according to the AP.
Sexually explicit images of children--who are often being exploited--are not protected by the First Amendment because they may memorialize, celebrate, or encourage sexual crimes against children deemed defenseless victims. Although Fiola avoided a child porn conviction, he reportedly has suffered related indignities, including death threats and friend abandonment. The AP said he and his wife liquidated their savings and spent $250,000 on legal fees.
Ultimately, charges were dropped after Fiola's defense showed that his computer was infected by a virus that was "programmed to visit as many as 40 child porn sites per minute," something that a human couldn't do, even if he or she tried. Other reports about this case indicate that the antivirus software on Fiola's computer was out of date and therefore was not protecting him against malware.
Could it happen to you?
How likely is a case like Fiola's? If viruses are capable of putting illegal content on people's computers, aren't we all at risk of being arrested for serious crimes we never meant to commit? And if it is possible for this to happen, isn't "the virus did it" claim likely to become the mantra of every defense attorney who represents people accused of possessing child pornography?
To help answer these questions, I spoke with security experts, legal scholars, former prosecutors, and Justice Department officials. The consensus? It is indeed possible for malicious software to plant child pornography--or any other type of file, for that matter--on an innocent person's computer, but being possible doesn't mean it's likely. And forensics experts can detect intention.
"It's quite possible for a malware creator to include child pornography as part of the payload on an infected computer," according to Symantec spokeswoman Marian Merritt, but "such payloads are not typical."
Most malware authors, Merritt said, "are motivated by money, and there's no clear indication as to how planting child porn on an unsuspecting person's computer would help generate money for criminals."
One possible motive for remotely using someone else's computer to store child porn is to make it possible to access the contraband without running the risk of it showing up if your PC is seized or searched. Merritt worries that "this could become a possible use for malware, going forward," but Michael Geraghty, executive director of the National Center for Missing & Exploited Children Technology Services Division, said that, while possible, it's not an effective way to store child porn and remain undetected.
"If you put the images on someone else's computer, you might not be able to retrieve them when you want them," Geraghty said. He pointed out that the zombie machine storing the data would have to be turned on and connected for the malware sender to access it. If it weren't online, or the files had been deleted, the files wouldn't be there to retrieve.
Another deterrent, of course, is a potential digital trail between your computer and the one you're using to store it. Although there are ways to evade detection, forensic investigators do have ways to trace Internet Protocol addresses to catch people in the act of uploading and downloading material.
"I've never seen it where child porn was intentionally placed on someone's computer because of a virus," Geraghty said. He has, however, seen cases where "someone was redirected to a site where it could have entered the cache." If someone were to go to a legal adult porn site, it's possible that the browser would "open 100 different windows," including some that could contain child porn. "As a result of that, any images on any of these sites would be cached, and there would be a record that you had been there."
But Geraghty said investigators can tell the difference between someone who deliberately downloaded such images and someone who may have inadvertently downloaded perhaps thousands of images because of a virus or misdirected Web site.
Totality of evidence
"A good forensics expert would try to determine how (the images) got on the computer and who was responsible for putting them there," he said. "That would be determined by looking at the totality of the evidence, not just the fact that there were images there."
Things a good investigator would look into include whether the suspect was sitting at the computer at the time the images were downloaded. Was he using the computer to send e-mail or visit other Web sites at the time? "There is always some type of trail we can follow to determine if the person were likely actively involved in the process of downloading the material," Geraghty said.
Another indicator is the time lapse between image downloads. A virus or Trojan horse is likely to download multiple images at a time, sometimes faster than might be humanly possible to do manually. A person who collects child pornography typically acquires it over a period of time, and a forensic investigation of the computer should reveal that.
Phil Malone, a clinical professor at Harvard Law School and director of its Berkman Center Cyberlaw Clinic, agrees that a good forensic investigator should be able to tell the difference between files placed by a virus and ones deliberately downloaded.
"It's the excuse of the moment for defendants," he said. "Lots of child porn defendants try to blame (images found on their computers) on viruses, but it's almost never true. You can actually figure this out. In the handful of cases that have been problematic, it looks as if everyone moved too quickly. The agency discovered material and immediately jumped to conclusions." Malone added that "good, solid forensics would be able to tell in virtually every case."
Malone agreed with Geraghty, of the National Center for Missing & Exploited Children, that it's fairly common for someone, when viewing adult pornography on a Web site, to inadvertently receive pop-ups that may include images of child porn.
"It's possible to tell if something was opened or saved to a file from the cache," Malone said. Investigators can usually figure out if an image was downloaded intentionally, based on other activity that took place on the computer at the time, he said, adding that it's incumbent on both prosecutors and defense attorneys to launch a thorough investigation that includes analyzing a copy of the hard drive to determine not just which images are stored within, but also how they got there.
Geraghty said it's important to look at other factors. "The computer holds a lot of information about the searches that someone runs. If there were none of those searches and nothing else but some images in the cache, you would question how they got there. You would look for collaborating evidence such as intent to visit the site (and capability) of visiting the site. Did he have knowledge?"
A good investigation will look for exculpatory evidence to see if there are other explanations for the images. That investigation, Geraghty said, should start with making one or more exact copies of the suspect's hard drive and examining those copies to look for evidence of malicious software that could be responsible for the images. Defense attorneys can also gain access to a copy of the drive, but because it may contain illegal child porn images, their experts will probably have to examine the drive at the police station or prosecutor's office; possession of those images--regardless of the reason--is illegal for anyone other than personnel granted immunity.
Burden of proof
"In each case, the prosecution will need to prove (that) the defendant knowingly and intentionally possessed, received, or distributed child pornography," according to Drew Oosterbaan, chief of the Child Exploitation and Obscenity section of the Justice Department. "The proof starts with establishing that the images involved are child pornography and ends with establishing that the person charged is criminally responsible for it. We prove the latter in myriad ways."
Oosterbaan said that when someone is charged with possessing child pornography on his computer, "the computer is, in many ways, a crime scene, and the forensic examination of that computer is critical to meeting the elements of proof in the prosecution." He added that "it's important to remember that in every case, the government carries the burden of proof."
Oosterbaan said he is not aware of any cases in which botnets were used to plant child porn on other people's computers.
A former federal prosecutor now working for a technology company, who requested anonymity, said this may become a bigger issue as we enter the era of cloud computing, in which more and more data is stored on Internet servers instead of hard drives.
"There is no question that perpetrators are going to look for places to hide their criminal activity, including child porn, because they're increasingly aware that if law enforcement comes to their house, they will see the material," the former prosecutor said, adding that companies in the cloud storage business need to be aware that their systems could be used for illegal purposes. "They should reach out to the National Center for Missing & Exploited Children to implement a system to compare uploaded files against hash marks (digital fingerprints) of known child porn images."
As with any other security issue, the best defense is to protect your machine against intrusions. This includes:
- Making sure that your operating system and regularly used software are up-to-date.
- Using good software addressing malware, phishing attacks, and/or spam, and keeping it up to date. Subscriptions to paid programs should be renewed.
- Being cautious about spam and about providing information to sites you navigate to from links within even the most legitimate-appearing e-mails.
Disclosure: I serve without compensation as a board member at the National Center for Missing & Exploited Children, which deals with child porn cases. Still, I don't necessarily agree with all NCMEC policies, nor do I speak on behalf of the organization.
This week nearly 400 Internet safety advocates are expected to attend the third annual Family Online Safety Institute Conference and Exhibition in Washington, D.C. The event, which is expected to draw attendees from 14 countries, is a gathering of Internet safety advocates from industry, nonprofit groups, academia, and government.
FOSI CEO Stephan Balkam
(Credit: FOSI)The theme of this year's conference, "Building a Culture of Responsibility: From Online Safety to Digital Citizenship," reflects a significant change in the thinking of many online safety experts. "Of course we need to teach basic safety skills," said FOSI CEO Stephen Balkam, "but we need to move to the next stage which includes digital citizenship and responsibility."
Speakers at the conference will include Sen. Robert Menendez (D-NJ), author of a bill that would increase federal funding for Internet safety. White House Deputy Technology Officer Andrew McLaughlin (formerly of Google) will be talking about the Obama administration's efforts to increase awareness on Net safety issues. Dr. Tanya Byron, author of a report on the British government's 2008 national policy on child safety online will talk about her country's efforts to dial-down the fear factor and increase awareness on how to empower young people to better manage online risks. Other sessions will focus on the safety needs of "seniors and grandparents," challenges facing young people's use of mobile devices, and psychological issues kids face online.
Attorneys General Patrick Lynch of Rhode Island and Robert McKenna of Washington will speak on how law enforcement is dealing with youth online risk. Nearly all U.S. state attorneys general have expressed concerns about Internet predators, cyberbullying, sexting, and other potential crimes committed against and--in some cases--by children and teens. Last year a coalition of 49 attorneys general created the Internet Safety Technical Task Force which, in January, issued a report saying that children are less vulnerable to predators than had been feared but are more likely to be harmed by peer-to-peer bullying as well as self-destructive online behaviors.
I will also be a speaker as will my ConnectSafely.org co-director and NetFamily News editor Anne Collier. We will be formally releasing our "Online Safety 3.0" paper which calls for moving away from fear-based messages toward an emphasis on media literacy and digital citizenship, including recognizing young people not as "victims" but as stakeholders in positive Internet use. Instead of schools filtering out access to social-networking sites, we believe they should be incorporating social media not only to enhance learning but to promote responsibility. Along with others attending the conference, we will call for expanding the public discussion on Internet safety to include more physicians, mental health professionals, social workers, tech educators, and other experts.
The conference which runs Wednesday and Thursday at the Andrew W. Mellon Auditorium in Washington will also feature an exhibition where companies and nonprofits will show a variety of online safety tools.
TrendMicro last year introduced its cloud computing strategy to deliver security to desktop PCs. Now the security software vendor, according to CEO Eva Chen, is taking cloud security a step further by protecting the cloud itself.
An update to its Deep Security product, introduced Monday, offers protection for the "entire server," including the operating system, network, and applications layers, according to the company.
So is why there a need for yet another layer of server protection. Don't servers already have an enormous amount of protection?
She acknowledged that servers are typically protected by a firewall, an intrusion detection system (IDS), and an intrusion prevention system (IPS). "But now people are doing virtualization," Chen said. "And once you do virtualization, the server can move from one network center to another network center or move from your own data center to a public data center, and therefore the server is not just behind the firewall all the time. It needs to protect itself."
Another issue is the changing nature of servers. In the past, they mostly were used to serve up data. But with cloud computing, applications run on the server and that makes them vulnerable to hackers. "In last two years an enormous amount of Web servers were attacked by cybercriminals. They just insert SQL injections or a malicious link in your site or serve up malicious content from your site," Chen said.
Initially, TrendMicro's product is aimed at the enterprise but, long term the company plans to develop services to support small Web sites and blogs.
As a small site owner, I understand the need. SafeKids.com, which is a WordPress blog I maintain, was attacked a couple of years ago due to a security flaw in a template I was using. The attacker embedded hidden links to sites that offered male enhancement products. I discovered the problem when I was embarrassed by Google Viagra ads appearing on my site. I don't have anything against Viagra, but the ads weren't appropriate for a site that focuses on Internet safety for children. Google, which places ads that are related to the site's content, was fooled into thinking that my site covered male enhancement rather than children's safety. Chen said that TrendMicro is exploring technology that could protect sites like mine by alerting owners to potential problems as soon as they occur.
In a partnership with RSA, the company is also working to protect financial sites against phishing attacks. It has software that looks for phishing sites that mimic legitimate ones and warn the legitimate site owners who can then take action against the impostors.
Listen to Larry's interview with TrendMicro CEO Eva Chen.
Listen now: Download today's podcast
A recent phishing scam resulting in usernames and passwords of Microsoft's Hotmail, Google's Gmail, and possibly accounts of AOL and Yahoo users being posted online is cause for concern for anyone who uses any of those services. Rather than panic, though, there are simple ways to avoid becoming a victim or being further victimized, if your account has already been compromised.
Microsoft and Google said the compromised information likely came as a result of a phishing scam, through which millions of people are sent e-mail (often warnings about a fake security breach), asking them to click on a link to take them to a Web site so that they can enter their correct information.
When phishing attacks first became prevalent, the fake sites were often crude imitations of the real things, but these days, they can look exactly like the legitimate site, typically of a bank, a payment service such as eBay's PayPal, or another financial company. When the user logs in with a username and password, or provides credit card numbers and other confidential data, that information is captured by the e-mail senders, who can use it to impersonate the victims.
In addition to someone being able to read your messages, a risk of having your e-mail account compromised is that many sites will send a lost password to an e-mail address, so if criminals can access your e-mail, they might be able to use it to get passwords from other sites, including financial accounts.
Audio
Podcast
Symantec's Marian Merritt on
how to avoid being a victim.
Download mp3
BBC News is reporting that it has seen lists containing more than 30,000 names and passwords, some of which "appear to be old, unused or fake," but "many--including Gmail and Hotmail addresses--are genuine." To put this into context, Gmail and Hotmail sites had more than 84 million unique visitors in July. Yahoo Mail had more than 156 million unique visitors, according to ComScore.
Here's some advice that can help you avoid becoming a phishing victim.
Change passwords regularly
Even if this particular breach hadn't occurred, many experts recommend that you change your password about every three months. This is as good a time as any to do just that. It's also a good idea to avoid using the same password on multiple sites, but if you're one of the many people who have done that, be sure to change your password elsewhere. Gmail asks users to provide them with an alternate e-mail address, so be sure to change the password for that account as well.
As I pointed out in this post about password security, consider using a password manager like LastPass (free) or RoboForm that can generate and manage strong passwords.
Click cautiously
If you get an e-mail that appears to be from legitimate site with a request that you click on a link to visit the site for any reason, including updating your security information, think before you click. It might be taking you to a rogue site that captures that information for possible identity theft or other crime. It's safer to just type in the URL yourself. Be extremely wary of any requests to provide Social Security numbers or credit card information, unless you're absolutely sure that you're dealing with a legitimate site. When visiting a site, make sure that the URL is that of the organization.
Look for secure sites
If you're asked to provide sensitive information such as a credit card number, be sure that the URL begins with "https" (the "s" stands for "security") and that there is a padlock icon, typically in the lower-right corner of the browser.
Use a phishing filter and good antimalware software
The most recent versions of most browsers, including Microsoft's Internet Explorer and Mozilla's Firefox, help filter phishing sites, as do security suites from McAfee, Symantec, TrendMicro, and other companies. Security software also helps protect you against malicious software that can log your keystrokes, or otherwise jeopardize your privacy and security. Make sure that your security software and your operating system are up-to-date.
Think critically
If something seems too good to be true, it's almost invariably too good to be true. Think about what you're about to do on any site you visit, especially if it's a site you don't already trust. Never use the same password on an unknown site that you use for e-mail, banking, or other sites where security is essential.
The U.S. Department of Homeland Security's National Cyber Alert System has additional tips to help you avoid phishing and other social engineering attacks, and ConnectSafely.org has tips to create an manage strong passwords.
Justice Department's new MySpace Profile
With Obama in the White House, it's no longer unusual for government agencies to communicate via social media services, but today's announcement that the Justice Department is now on MySpace is something of a milestone. For years, MySpace was under intense pressure from law enforcement officials from all levels of government to clean up what some considered to be a breeding ground for dangerous and criminal activity.
The Justice Department's new MySpace profile mostly serves to redirect visitors to the Department's new Justice.gov Web site but also includes an unmoderated forum where users can comment and "interact with the Department in entirely new ways." The Justice Department is also on Twitter, YouTube, and Facebook.
For years, MySpace was perceived as the bad boy of social media, enduring frequent and harsh criticism from law enforcement and policymakers from just about every branch of government. The service was the subject of multiple investigations and accusations that it had become a predators' playground, making it far too easy for would-be sex offenders to prey on teens.
Much of those predator fears weren't grounded in fact, but MySpace's parent company, News Corp., did take action in 2006 by hiring Hemanshu Nigam, who in his earlier career as a federal prosecutor helped send child predators to prison. This week, Nigam was promoted to Senior Vice President of Safety, Security, and Privacy of News Corp.'s Digital Media Group, which oversees all of the company's interactive services. MySpace has also just created a position of public affairs director specifically to improve its reputation in the areas of safety, security, and privacy.
After numerous complaints, press releases, and threatened lawsuits, MySpace in 2007 began using the Sentinel Safe database of registered sex offenders to identify and remove sex offenders from its site and provide their information to law enforcement.
That year the company also reached a settlement with 49 state attorneys general to form the Internet Safety Technical Task Force. That task force's report, which was written under the direction of Harvard law professor John Palfrey, was criticized by some state attorneys general for downplaying predator danger. (Disclosure: I served as a member of that task force as a representative of ConnectSafely.org)
Of course all of this is dwarfed by MySpace's larger problem of dwindling membership as it struggles to compete with Facebook and other social media sites. Today MySpace's problem is less about convincing officials and parents that the site is safe and more about convincing young people and adults to continue to use it.
Disclosure: MySpace and Facebook are two of several companies that provide financial support to the nonprofit Internet safety organization ConnectSafely.org, which I help operate.
WASHINGTON--When the Online Safety and Technology Working Group, established via the Protecting Children in the 21st Century Act, last week held a meeting at the U.S. Department of Commerce to discuss how to best protect kids online, members may not have been expecting to talk so much about offline behavior.
The 29-person panel, which includes representatives of Internet companies, academia, nonprofit organizations, and government agencies appointed in April by U.S. Department of Commerce's National Telecommunications and Information Administration, offered recommendations ranging from self-protection to cyberbullying prevention. The common themes: exhibiting the same self-awareness and outward sensitivity online as you would offline, and proactively counseling youth exhibiting risky offline behavior.
As an appointed representative of SafeKids.com and ConnectSafely.org, and head of the group's Net safety education subcommittee, which ran the meeting, I got a front-row seat. Below is an overview of the discussion.
Working Group reports to Department of Commerce's NTIA
The first set of presenters was a group of public-school students here who gave a frank appraisal on the state of Internet safety education from the front lines. Although members of this student panel were quite familiar with incidences of cyberbullying and sexting (students sharing naked pictures of themselves), none had any horror stories to report, and all seemed to understand the basics for staying safe and maintaining their privacy on social-networking sites.
My favorite comment came from a middle-school student who said, "The only person who can protect you on the Internet is you." Based on what the adult presenters later said, she was quite right.
The next presenter, Stephen Balkam of the Family Online Safety Institute, outlined some of the safety messages social-media and Internet companies are offering, including site-specific advice and tools, as well as and supporting nonprofits that provide safety advice. "Millions (of dollars) are being spent," Balkam said, "but more can be done."
Nancy Willard of the Center for Safe and Responsible Internet Use talked about the current state of Internet safety education, telling the group that much of today's school-based messages continue to reinforce the discredited notion that kids are in serious danger from adult predators.
Willard pointed out that sexual exploitation resulting from contact by someone a young person knows only through the Internet is extremely rare, especially compared to the far more likely peer-to-peer problems such as cyberbullying. She hopes to see federal funding for Department of Education-administered prevention programs that include educators, health professionals, and risk prevention experts, along with law enforcement.
Much of school-based Internet safety education to date has been funded by the Justice Department, which tends to view the world in terms of preventing and solving crimes rather than dealing with risky (yet not necessarily criminal) behavior. Willard said law enforcement needs to continue to be involved, but not as the sole voice in the discussion.
Jessica Gonzalez of the National Hispanic Media Coalition talked about the online component of hate speech, especially as it pertains to Latinos caught in an immigration debate. While Gonzalez welcomes a spirited debate on immigration issues, she warned about hate crimes against Latinos--including citizens and legal residents--as well as Web sites that may encourage such crimes.
Gonzalez's comments were followed by a discussion that included contributions from Steven Sheinberg of the Anti-Defamation League (a leader in advocacy against hate speech), Whitney Meagher of the National PTA, and Judi Westberg Warren of Web Wise Kids. All agreed that Internet safety must include teaching respect for oneself, one's peers, and the broader community. Whether dealing with ethnicity, sexual preference or anything else, they concluded that there is a real connection between hate speech and cyberbullying.
Mike Donlin of Seattle Public Schools described his district's cyberbullying program, which trains students on techniques to protect themselves and their fellow students from bullying and harassment. Consistent with other experts, Donlin said online bullying is typically associated with offline bullying. Problems that start in school often migrate online, and it's not uncommon for the bullies and victims to know each other in the real world.
Patti Agatston, a risk prevention expert from Georgia's Cobb County schools, talked about the need for safety messages tailored to a young person's specific risk profile. Drawing on health care messaging, she pointed out that all kids need what she called "primary prevention": general messages about how they can stay safe, treat each other respectfully, and protect their reputations.
Kids with somewhat higher-risk profiles, who may have less parental involvement or exhibit early problem behaviors, need "secondary prevention," Agatston said, such as adolescent therapists and other professionals to help them deal with addictive behaviors involving Internet use, pornography, sexual risk taking, or offline high-risk activities, including substance abuse, self mutilation, eating disorders, or gang activity.
These higher-risk youth, Agatston said, can benefit from "prevention programs that often involve mentoring, decision-making skills, goal setting, and peer education." As she pointed out, kids who take risks online typically also take risks in their offline lives; the problem is less about technology and more about youth behavior.
Another speaker, Alan Simpson of Common Sense Media, told the group that digital citizenship and media literacy are essential components to online safety. How kids treat themselves and others, as well as their ability to critically evaluate what they see and do online and offline, can have an enormous impact on their personal safety and the safety of those with whom they interact.
Finally, University of Southern California media professor Henry Jenkins wrapped up the day with a look at how young people use social media and how, over time, online communities can have self-regulating and protective effects on their members.
Jenkins, who has studied online gaming, fan sites, and other areas where young people interact, noted that while cyberbullying is a serious problem, people in these communities will often self-regulate by isolating and criticizing those who exhibit antisocial behavior.
This post is an adaptation of one that first appeared on Larry Magid's SafeKids.com.
In some ways RealNetwork's Rhapsody service competes with Apple's iTunes, but Apple has approved the music streaming app for use on the iPhone and iPod Touch.
The app is free, but users will pay $14.99 a month for the service after a free seven day trial.
Real Vice President Bill Hankes described the service and said that, even though it competes with Apple to some extent, the two companies were able to reach what he considers to be a mutually beneficial agreement.
Listen now: Download today's podcast
A software product sold to protect children from predators, cyberbullying, and visiting inappropriate Web sites is also collecting information about what the kids are saying, and its publisher is selling that data--in aggregate form--to other companies for marketing purposes.
In an interview, Echometrix CEO Jeffrey Greene said that the company doesn't collect or report the names or any identifying information about the children. "We never, ever, ever can identify who the kid is who is saying it. In fact, we don't have any information about the individual child," he said.
Box shot of Sentry Parental Controls from company Web site
(Credit: Echometrix)The company's Sentry Parental Control Software, according to Greene, is designed to warn parents if a child is engaged in inappropriate online behavior by analyzing a database of 29,000 words including what he calls "Weblish," slang terms like POS (parent over shoulder) that kids use as short cuts in instant messaging and chat rooms. To do this, said Greene, it's necessary for the company to capture this information so "we can monitor these kids and the conversations they are having and the things they are seeing and all the words that are coming to them and all the words they're sending out, so we can make decisions and identify questionable activities and let mom and dad know about it right now--in real time."
In addition to notifying parents if their kids are doing something questionable, the company also sells summary data based on this information--in the aggregate--to other companies. A press release on its Web site describes a product called Pulse "that reads digital content from multiple sources across the Web, including: instant messages, blogs, social environment communities, forums, and chat rooms." The company says that it delivers the unsolicited raw conversations in real time. It gives marketers immediate, unique information about what teens are saying in their own words."
Greene says that the service can let companies "in real time, find out what the kids are saying about your product and all your competitors' products...I can't tell you who said it, I can only just tell you that a lot of kids said it."
Greene said that the company does provide a disclosure to parents as well as a way for parents to opt out, but the information in its end-user license agreement is written in the typical legalese and is a bit contradictory. In one section, it says "SearchHelp (recently renamed Echometrix) does not read or disclose private communications except to comply with a valid legal process such as a search warrant, to protect the company's rights and property," but in another it says "We have a parent's permission to share the information if the user is a child under age 13. Parents have the option of allowing SearchHelp to collect and use their child's information without consenting to SearchHelp sharing of this information with people and companies who may use this information for their own purposes."
At my request, the company provided a link to a Web page where parents can opt out of the collection process.
Spyware?
David Perry of TrendMicro, which includes parental control tools in some of its security products, said he isn't aware of any other parental control products that capture this type of information. "This is a severe case of what we used to call spyware," he said. Perry worries that even though the software may not collect the names of the children, "those names could be included in some of the chat messages."
Taking Greene at his word, and assuming that the company carefully avoids sending out identifiable information, I still can't shake the creepy feeling that I get about any product that collects any information from children, especially in the name of child protection.
Listen to my interview with Echometrix CEO Jeffrey Greene
Listen now: Download today's podcast
