Commentary by Mark Wahl, CISA
Organizing principles for identity systems:
Attribute semantics are what you make of them, except when prohibited by law (20070723)
In 2006 the US Federal Trade Commission (FTC) observed that, when interacting with the xanga.com social networking/blogging web site to create a new account, someone could tick a "I am at least 13 years old" checkbox on the first page of the account creation form, and then in subsequent pages of the form, enter a month and year in a 'date of birth' form field that indicated they were under 13, and the web site would let them continue to create an account. Web sites in the US which collect data from children under 13 are subject to the US law Children's Online Privacy Protection Act.
The FTC complaint led to a million dollar settlement in September 2006 by Xanga.com, and a press release from Xanga.com CEO John Hiler describing the problem stated
"We found that an array of Xanga users created profiles with "birth dates" other than their actual day of birth when establishing their weblog. For example, pet bloggers registered with their pet's birthday, engaged bloggers registered with their wedding date, and religious bloggers registered with their "born again" date."