Child's play
And the doll played...well, it didn't play Waltzing Matilda but some pop song whose name I don't remember.
The story goes like this. Faced with modern interactive talking dolls - Hello Barbie, My Friend Cayla, I-Que, the Norwegian Consumer Council decided to run some tests. These are, if you remember, the people who last year spent 32 hours doing a public reading of all the terms and conditions that apply to an average iPhone.
The NCC's eventual report, #Toyfail (PDF), focused on three sets of issues: privacy, security, and marketing. The privacy issues have been thoroughly covered elsewhere (PDF). The security stuff was why the doll was playing pop songs: apparently, any time you start up Cayla anyone who happens to be nearby with a Bluetooth connection can pair-bond with it and make it do tricks. This is the little issue that got the doll banned in Germany under that country's law against disguised spy devices. Product safety standards, Myrstad concluded with remarkable sense, need to include security.
But the real focus of this side event to last week's Transatlantic Consumer Dialogue forum - is marketing to children. The US's Children's Online Privacy Protection Act (COPPA, 2000), limits the kinds of data internet companies can collect and exploit about children under 13. The law is well known, even outside the US: it's why so many sites ask new users to verify they're past that watershed.
But, as the event's organizer, Kathryn Montgomery, pointed out, limiting data collection on the under-13s still leaves a vast unregulated internet wasteland that is increasingly being filled with abusive practices. Federal Communications Commission rules limit what TV advertising aimed at children can do; none stop the parents of (for example) YouTube child star EvanTubeHD from making half-hour videos showing him playing with toys that marketers have supplied.
YouTube stars are invisible to most people over 40 until they do something dumb enough to get themselves into the news. But the site has come a long way in the ten years since Google bought it to a chorus of analysts complaining it was a massive money-loser. As Montgomery and some of the other speakers made plain, where millions of eyeballs are watching marketers soon follow. People now make real money from the site.
This discussion was taking place in between the two votes - Senate and House - that overturned the FCC's privacy rules limiting what ISPs can do with customer data. The FCC's broadly welcomed rules hadn't come into force yet, and now, thanks to the new Republican Congress, they never will; the bill they passed not only overturns them but prohibits the FCC from creating new ones that are substantially similar. The upshot, as EFF and many others are pointing out, is that US ISPs are now free to sell browsing histories, snoop generally, and open up vast security sinkholes. The US and EU (for now, still including the UK) are increasingly diverging with respect to privacy, and it's hard to see the Privacy Shield agreement surviving this presidential administration. Take a look, for example, at EFF's list of five creepy things American ISPs will now be allowed to do.
An allied issue is the fact that in most US areas there is only one or at most two consumer ISPs. There ought in theory to be room for competition from an outfit that offers privacy...but in most places there isn't one, a situation that, Susan Crawford writes, is likely to get worse.
Taken together, the upshot is that American consumers are essentially being extorted: if they want the internet they must give up their data. Their one option is the data equivalent of ad blockers: a VPN to a foreign country that will allow them to bypass whatever intrusion systems the ISPs install.
This all led to: we need to think longitudinally. Despite COPPA, the potential exists for children's data to be retained until they age out of legal cover. This adds another dimension to the tracking schools do already. Today's kids will reach adulthood already thoroughly profiled and studied in detail by myriad actors - not least prospectively including criminals. What is that motto - attributed to the Jesuits? "Give me a child until he is seven, and I will give you the man"...or "he is mine for life". Marketers understand this.
In Europe, Andrea Glorioso reminded, the incoming general data protection regulation will prohibit that sort of store-and-reuse. One hopes; but there may yet be a level of abstraction for exploiting this type of data that is very hard to audit or control.
For a long time, I thought the most important risk of school surveillance would be teaching a generation that being tracked was normal. Now, as "things start to think", as the physicist Neil Gershenfeld put it years ago, the broader issue may be a pervasive and fundamental level of deception as the world pretends to adjust itself to what the companies that own the devices around you think you want. The combination of robotics, copious data collection with few regulations, and untrammelled marketing could team up to produce a world in which there are no common physical realities, let alone facts. We've moved from Orwell to Kafka, as someone said at TACD last week; what's next is pure Philip K. Dick.
Illustrations: Illustrations: Finn Myrstad, Kathryn Montgomery, and their friend Cayla; Hello Barbie.
Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.