Dr. Serge Egelman Testifies at Hearing for Senate Subcommittee on Consumer Protection, Product Safety, and Data Security

Dr. Serge EgelmanOn May 18, 2021 at 10:00 am, the Senate Subcommittee on Consumer Protection, Product Safety, and Data Security held a hearing, “Protecting Kids Online: Internet Privacy and Manipulative Marketing”. ICSI’s Director of Usable Privacy and Security, Dr. Serge Egelman, testified at the hearing along with Professor Angela Campbell and Baroness Beeban Kidron.

Dr. Egelman's Testimony

Dr. Egelman testified about his research on apps for children, particularly in the Android landscape, and the COPPA violations that his team discovered in the course of their research. “We used our tools to test 5,855 Android apps that were directed to children and found that more than half appeared to be violating COPPA,” Dr. Egelman wrote in his written statement. 40% of the apps failed to use TLS to secure data. “What this means is that for users of these apps, their personal information is accessible to any  eavesdroppers. This may include anyone sharing the same WiF iconnection, as well as Internet service providers and other organizations. In an extreme case, this could enable someone to identify a specific child within a specific area, based on the insecure transmissions emanating from that child's device.”

Inaccuracies resulting from the current safe harbor program also contributed to potential leaks of data. “In the course of my group’s research, we identified 237 Android apps that gave outward appearances of having been certified as COPPA-compliant by these programs. Yet, when we examined their behaviors, we observed that 24 (10%) collected location data and/or contact information without verifiable parental consent, while 77 (32%) transmitted personal information without taking “reasonable” security precautions (e.g., using TLS encryption). We concluded that apps certified by these programs were just as likely to comply with COPPA as apps not certified by them.”

Read Dr. Egelman’s full written testimony here: https://www.commerce.senate.gov/services/files/0DC78E9D-88B2-4D54-8F4A-AE7B4C7D0EF6

Watch the recording of the hearing here: https://www.commerce.senate.gov/2021/5/protecting-kids-online-internet-privacy-and-manipulative-marketing