ENISA warns about data-profiling risks to tech-savvy children

The European Network and Information Security Agency (ENISA) has issued recommendations to law enforcement agencies, European Union member states, civil society groups, as well as parents and educators on how to mitigate risks faced by children online.

The agency has identified cyberbullying and online grooming, which refers to gaining the confidence of minors with the intent of sexual abuse, as some of the top online risks to underage children and warned that data mining and profiling can facilitate these forms of abuse.

To provide context for its recommendations ENISA created a fictitious scenario centered around a 13-year-old girl named Kristie who has a very active social presence online and maintains a secondary profile where she presents herself as an adult by lying about her age and occupation.

This is increasingly common behavior for tech-savvy children. According to a recent study performed in the US, a large number of parents actually help their children evade age restriction controls on social media websites because they believe that such online services can further their educations, enable family communication and enhance their social interactions.

In ENISA's scenario, an attacker uses data mining and profiling techniques to build an online identity for himself that matches Kristie's interests so he can earn her trust. The young girl ends up starting an online relationship with a boy who she believes to be 16, but is actually a 35-year-old sexual predator.

Unfortunately, there are many cases where data profiling is used by online attackers for the selection of victims. Back in September, 32-year-old Luis Mijangos of Santa Ana, California, was sentenced to six years in prison for charges related to sextortion - extortion involving sexually explicit photos and videos.

According to the US Federal Bureau of Investigation, which investigated the case for two years, Mijangos had over 200 female victims, many of them underage girls, which he targeted through social networking websites. He impersonated their friends and family members to trick them into installing malware on their computers. This allowed him to intercept their private communications and hijack their webcams.

A 23-year-old man from Citrus Heights, California, named George Samuel Bronk pleaded guilty in January to hacking into the email accounts of dozens of women by using information they posted online. He searched the compromised accounts for intimate photos and used them to harass his victims.

ENISA said that its report is intended to complement existent national and international child protection initiatives with non-technical recommendations. The agency's suggestions range from EU member states strengthening law enforcement agencies and statistical data collection efforts regarding cases of information misuse, to launching more frequent online campaigns regarding the prevention of cyberabuse, and trying to close the knowledge gap between adults and teenagers when it comes to computer use and online issues.

ENISA recommended that teenagers use specialised security settings online and that applications that handle teenager data be assessed for their impact on privacy. It also wants mechanisms that allow the deactivation of online components to be made available in mobile apps and current age-oriented access controls to be enhanced.