 Well, good afternoon. My name is Kate Shroth. I'm the executive director of I Could Be. Nathaniel Calhoun, who is our director of education, is joining me as well. I would like to ask if we could all kind of take off our commercial products hats and help invite you to join us in an educational mentoring program. We are a non-profit organization and we provide online mentoring to low-income students all across the US and in Africa. We basically have been around since 2000. We have served about over 10,000 students in this space and are happy to say so. So just to give you an idea of who we serve, our students are attending either failing schools or schools that are truly struggling. These are low-income communities. We have to make some assumptions about the students that we serve. One is that they probably don't have a computer at home, so there's no parental supervision. They access all of their work with us through their schools and then can also access us at any time at any other computer outside of school. But we're assuming parents are not watching, so we have built in some safety features to ensure that. The second premise is, so the program works where adults from all over the US can come in and volunteer as mentors. They work one-on-one with students and then they also work collaboratively in our whole community. So we have to be very careful about bringing this population together and we can never ever ever allow the adults and children to meet up outside of our site. We are a small nonprofit. We do a lot with very little, but we cannot let that happen. So our website is designed to prevent anything like that from ever happening. So I'm going to let Nathaniel tell you a little bit about our filter that helps us control the community inside. Okay, thanks, Kate. This morning, Rich Blumenthal said that anonymity has its place in a world of full disclosure. And we've been thinking about our organization as that place since we started because the idea was as soon as an adult mentor, an adult mentor who's volunteering succeeds in communicating his email address to one of our students, we've lost track of that relationship and anything can happen and we're responsible for it. Similarly, if he gives out a second life identity, a home phone number, who he is and ever quest, we have to stay on top of as many different types of virtual and physical identity as there are to keep them from making that real connection. Because once that connection is made, all of the adults, both in the school system and at our nonprofit, have lost the ability to make sure that that relationship stays on point, stays focused around career mentoring, about college opportunities, about life skills. So we've developed a filter, the primary purpose of which is to take all of the information that has been fully disclosed, which happens when users register, and Kate's going to speak to you about what it means to join as an adult, how we verify who you are and how we make sure that our students are students. That comes after this. The idea is once you're in and we're sure who you are, we have to make sure that you don't even accidentally slip up and sign off as, you know, Kim Summers. If you're Kim Summers, you can't say the word Summers. I can. I can say I like Summers. That's fine, right? The filter adapts to know what identifies me. Because when I sign in, I give it lots and lots of information and we check it out. And it prevents me. It helps me to remember to keep that stuff out of my chatting and out of my interactions with young people. So when I say it helps me to do that, what I really mean is there's a filter that's adapted to me as a user that catches me when I slip up and it sends that to one of our program staff who read it. Then those program staff, if they see that it's actually identifying information, they'll call you or email you if you're a mentor or they'll contact your teacher if you're a student. And they'll say, hey, remember this. If it happens again, we'll probably say, hey, we're going to ask you to leave, right? You're deliberately trying to make a connection that this whole system is built to avoid, right? So when we get to some of the statistics later, you'll see that our filter overall is catching potentially identifying information. It catches profanity too. I mean, that's maybe 15% of what it does. But its whole purpose is to keep everybody in the environment that we are custodians of and that we've accepted accountability for in front of principals, in front of parents, and in front of school teachers. That's our whole mission. So here's the next slide for Kate. So for people to enter our community, we have a partner with Trufina, which we are very happy to have started this year. Trufina, for all adults coming in, they register on our site. They seamlessly get over to Trufina and our identity verified criminal background check, sex offender background check. That comes through very quickly back to us and we can approve or not approve based on their backgrounds. And then as far as our students are concerned, currently we are finding all students through their schools and through their classrooms. Programmatically, this works very well for us having the teacher supervising the classroom. But we also haven't found a great solution for identifying individual children, which we've heard a lot about today. But we are working with Trufina now to potentially develop a solution to work where we could identify individual children through their parents potentially a birth certificate and having some proof through their parents Trufina account. Okay, and there's been two standing questions, it seems. One of them is about keeping data. So we've been giving and I think we'll continue to give the potentially stupid answer that we're keeping it forever. And one of the reasons that we've given, one of the anecdotes that's always kind of had our back on that, is one of our mentors, we were contacted, was it by a police department, a detective. And he was saying one of the people that served as a mentor with your organization has now been booked on sex offender charges, right? Which is potentially horrifying. But we went back and were able to look at every instance of communication between this person and the mentee and turn that information over. And the mentors know this, they know we're monitoring them, they accept it, they know we're keeping it. And be able to say, look, nothing inappropriate happened, nothing was even caught by the filters. So this was a potentially dangerous area that we can be fully accountable for and just expose it to you. The other one is about the problems that we face and it's pretty much that technology outruns us. We're not willing to make the compromises that social networking sites make. So we can't do a lot of the really exciting flashy 2.0 things and our users complain about it. Why can't we chat synchronously? Why can't we do this? Because we don't have good filtering for that yet. We can't actually stay on top of it. So technology outruns us, we look slow, but we're able to hold on to this one standard. And for eight years and, you know, several thousand users, it's worked. And the last thing I'll say is that we are currently, we've just launched an effort to move to I Could Be version 2 and have a team together from individuals representing Microsoft, Pixar Animation, the Kinsey & Company. We've got business strategists, academics, creative people to help us figure out how we can move to the 2.0 field and ensure that the safety continues. And just as a final point on the issue of being contacted by a police department, our registration process worked, our background check process worked. This was the first time this person had ever been arrested. It happened three years after he was a mentor with us. But for us to be able to go back and retrieve all those records and give those to the authorities as needed, you know, proved that our systems work and they work well. Thank you very much. I appreciate it. Give it to Ann. And is there someone from the Berkman staff who could just go up there and please ask somebody to not be talking so loudly? Ann Collier. Really just to comment, this is interesting because you're the, I think, the first organization today to be speaking to the true risk population as identified by the Crimes Against Children Research Center. And there's a lot to be learned about that population in terms of various kinds of risks online. So thank you. Was there a question on the end or that was just a compliment? Just a comment. All right. Very well. Teresa. You probably already know this, but I'm Teresa Palores from Polytechnic University. But you never know, Teresa, someone could just have logged in remotely to see I could be and they wouldn't have known that it was you. Well, I do want to echo the previous comment. I really commend what you're doing. I think it's a wonderful thing. The question that I have is what would be the possibility that some other organization could use just the filtering component that you're using or the filtering service to augment various communications that they might want to sponsor? I hope that that is possible. And as we build this next version of the website, our initial thoughts are is that the foundation will be our security system, which could then be potentially productized. And we do have our programmer here with us. So if anybody wants to talk more specifically with him about the limitations involved, he's here today and tomorrow. Great. We'll go, honey, and then Art, back here. I'd just like to echo the compliments. I think this is fantastic. And you seem to have sort of addressed a lot of issues at various points of technology. I'm wondering about the scale issue. I mean, you have a fair amount of users, but not of the scale, of course, of MySpace and Facebook. But do you envision that this is scalable to a larger and where are the limits of that? Yeah, there are no limits are there. We fully expect to bring this to scale. We've been analyzing a lot of data to see how that's going to work. And it looks very, very possible. We've got some good finance guys behind us who are helping us run the numbers and it feels really good. The interesting thing is as we start to serve more and more students, the filter is not holding us back. Having a staff person to have to review those filtered messages, that is not going to hold us back. I think these numbers kind of demonstrate that. So, yeah, we are fully expecting that in the next two to three years we'll serve about 10,000 students. And in the next five to 10 years we'd like to get up to about 10,000 students a year and just go from there. Art and then John Morse. Yeah, Art Olinski from Wired Safety. And my question maybe a little bit further is it has to do with my name. If, you know, as you use with summer, since my name is Art, would I have to change my name in order to work for you so that I could speak? Or without getting messages from your folks about sharing information? Well, if I tried to give the answer our programmer would give, I'd get messed up in speaking about proprietary algorithms. But the examples he always gives are, you know, two letter last names, he and you and names like this, that he has spent tens of countless hours working to fix that problem. And generally I think what happens is during the first couple days of your interaction, we'd notice that there was a problem and then reconfigure your account. I think that's accurate. Thank you. Thanks, Art. John Morse. So how much confidence do you have in your success rate when you're dealing with a population that half of the population generally speaking wants to follow your rules, at least most of the people want to follow your rules, opposed to dealing with populations where no one has any interest in your rules, no one has any incentive to comply with your rules. In fact, they want to circumvent your rules. Do you have any sense as to how your systems would work in that kind of environment? I mean, I believe that if you come into this system with the goal that you wish to circumvent the filter and you strongly want to communicate to a child your contact information, you will probably succeed in doing that. We are deploying in the next version, probably sometime during this school year, a function that enables every user to flag to the administration an email that makes them feel uncomfortable or where they think that there's a breach of rules, which would mean you'd need somebody that wanted the rules to be broken and who wanted to break them to circumstantially communicate, should keep it down a little more. But you can outsmart it. We just have the checks and balances at the beginning to make sure that there's people with their eyes on you. One more question from Jim. A question. Clarify for me, the validation of those who are, let's say, mentors, that's done by other sources, background checks and that sort of thing? Yeah, we outsource that to Trufina, who conducts all that, and it's fully integrated with our registration process, and we just get this instantaneous feedback loop. And then we work with them to determine at what level of a criminal history is acceptable or not acceptable. So if there's a misdemeanor somewhere, we might allow that through, but it all just works seamlessly at this point. Okay, and add on to that. So then young people, the mentor young people, their age is established through the school, is that correct? Correct. Additionally, it's a little bit better than that, because it's not the school and some kind of part of the administration. We generally work with one classroom teacher who's pretty psyched about the program, and that one classroom teacher's class. So these are people that she's dealing with or he's dealing with every week. You guys willing to take one more from Larry Magen? Sure. Great, thanks. First of all, I want to add my congratulations on what you're doing. Thank you. I don't have an actual number for you, but I can tell you it's very, very low. It's very low. It's surprisingly low. We do a lot of communicating up front before people register about exactly what the process is going to be, and that every word is filtered, and Big Brother is watching very closely up front. So I don't know if that's making the bad guys go away, but we have turned people down. Don't get me wrong. But it's certainly not 10% or 5% even of our total population. Great. I could be. Thank you so much. Thanks. All right. We've made it to the end of the day. Thanks, everyone, for continuing attention. I'm sorry to Phil Hallenbaker, who's a wonderful speaker that he's got this last slot of the day, but I think you've still got the attention of the group here. Also in the full disclosure mode, as with Ben verified, Phil's proposal came in after the deadline, so we didn't get quite the same full tab review, but in looking at it, we all agreed that it was in the category of something else that we should hear from, not so much an existing verisign product as a concept and something that we might look towards. So, Phil Hallenbaker, thanks for being with us. Thank you very much. What I want to today talk to, I'm with verisign. Verisign's in the identity business, but what I want to talk to you about today is not so much a product that verisign might produce or will produce, but something that the identity industry as a whole has been working on and something that may enable the tag to think about this problem in broader terms and be a bit more ambitious in the types of solutions that they may propose. Extended validation is not just a product from verisign. It's a product that is now available from many CAs throughout the world. I don't know the exact number of CAs that are currently active, but the CA Browser Forum, which is the forum that we've set up to establish these standards, has 30 CA members and currently three browser members. CAs for those who may be... Oh, Certificate Authority. How many people here have been to PayPal or Bank of America recently and you've noticed a big green bar when you do a secure transaction? The technology behind that is extended validation and that is designed to establish that the site that you are dealing with is accountable and that the identity has been verified by a CA that is audited and applies a set of criteria that are standardized minimum criteria that every CA that's part of the program applies so that you can be assured of the identity of the website that you're visiting and more importantly that you're visiting an accountable website. Verisign has issued tens of thousands of these certificates and it's... I believe it's important for this project not just because it's identity but because you've got a set of criteria there that represent a state-of-the-art understanding of how to authenticate parties on the internet, the legal issues, the liability issues and it's not just confined to the United States or English common law. We deal with many, many jurisdictions around the world and the reason why we need 30 CA members is because we need input from multiple jurisdictions. So how might we take that extended validation criteria and apply it to the problem of authenticating proof of minor status so proving that the children is below a certain age rather than above a certain age? So one way that you might put this together the child goes to an open ID provider on the internet any provider, open market competitive they obtain an open ID credential that can employ any strong authentication technique could be one of our tokens, could be a competitor's token this is also an open standard as well. The child then goes to their school and says I want to have my online credential that I can use at multiple websites I want to have that accredited to prove that I'm a minor and they go to the school website they authenticate to the school website and we go through a process that they end up with a piece of paper that's got a barcode on it and they get their parents a sign saying they can have this credential they take it into the school, the school scans the barcode the credential is issued. So we've got the situation now where the child can authenticate online the school has authenticated the child to make the system secure we now have to have a mechanism for authenticating schools this is where we might reuse some of the extended validation criteria so the CAA, the Certification Authority will be in the business of credentialing the schools it looks like my slides of and then the other point is that the CAA the Certificate Authority they are then in turn audited each year by WebTrust which is an organization of auditors including some big name firms like Pricewaterhouse so we've got the 360 degree accountability the child has got this credential so they're authenticated and can be held accountable online they've got the accreditation from the school the school is authenticated the school is accountable if they mess up the CAA is accountable to the auditor so how it works in practice extended validation sets out a set of detailed auditable criteria for issue of these digital certificates and they're designed to allow any organization whether it be a business or a government entity to be authenticated or an international body to be authenticated in a repeatable, auditable fashion what we would need to do to make this applicable to authentication of the schools is we need to take the EV criteria and add in riders to have the additional thing of them being a school and that they've agreed to operate within certain parameters necessary for validating the minor status the CA browse a forum criteria the SSL criteria are not directly applicable they're probably the SSL criteria plus additional ones but the minimum that you're going to need to have is you're going to need to know that a business a school of that name exists you need to know that the application comes from that school and you've got to know that the person that is making the application has the authority to make that so how might we take these criteria and apply them to authenticating minor status well one thing that we could do would be to create something that looks like CA browse a forum a second thing that we could do would be to take this as a requirement and say we want to have an authentication criteria for schools and go to the CA browse a forum and ask them to add it to their work list from what I'm hearing today I'm tending more towards the first rather than the second now the reason for that is that in order to change the internet you need a lot of momentum the internet is a big place these days it's got a billion users when I started using the web we had a hundred users you could change the web specs in a morning that's how the refer a field got in there with one hour fewer than some people think I wrote that part of the spec today to change the internet it's hard we would need to have a lot of momentum behind a proposal we would need to have the attorney generals on board we would need to have the companies that are in the business already are providing this minor age validation on board they've got the relationships with the schools we need to have the CA's involved as well we need to have the auditors involved I think that this would probably end up being a proposal that would end up being bigger than the CA browser forum so I suspect that we'd be wanting to produce something new rather than reuse just the old so questions oh and here's my email address if you want to see a longer version of the same proposal you can buy my book dot crime manifesto available from Amazon thank you so thank you for expanding our horizons at the end of the day and if I might just ask the first question and then put it out to the crowd for a few to end the day but you've listened to a large number of different proposals you've given us now in some ways the most technical of the presentations is it your sense that what you're talking about is a roll up of a series of other things that are happening that the pieces are there it's really just a matter of a community will coming forward and going through a standards process or otherwise or is this something where it is quite a new direction instead of an extension of the direction we've been going to date well thank you throughout the day people would be mentioning some parts of this proposal like open ID has come up multiple times some folk would be mentioning information cards some parts of that federated identity infrastructure definitely we would need to reuse as is other parts of them in any one of these proposals you have the technical infrastructure and then you have the social infrastructure and the social infrastructure is vastly more important than the technical if you have a business you have a web start up whatever you have a bunch of code that you've already written it's much easier to change that code than to change your position in the business ecology it is much easier to write code than to make connections social connections business connections with the type of people that we need to roll something like this out where I think and I think that's looking at this morning we had a lot of proposals where we were saying okay here's age verification based on the information that's already there to roll out something like this I don't see that that is delete all and replace I see that as you've got that technology there already you've got that infrastructure how do we put in harder data more trustworthy data to support that existing set of relying parties great, thanks questions for Phillip Bill Bill Godera from News Corporation your system requires some degree of in school proofing and in school validation we've heard a lot about that today and it seems to be a popular topic on the social reform side that you were just talking about for you or for anyone else on the school in person proofing issue what do we do for the kid who cheats the kid who goes online without the credential that's been earned at school or received through school what's the penalty well if they're going to be getting one of the assumptions that you have to come up with here is the relying parties the communities that they're going to visit club pangolin or whatever what criteria are they going to have for their gate what I'm talking about here is proof of minus status that doesn't say anything about proof of adult status all I'm talking about here is a mechanism that allows us to set up a gate around a a community that's going to be kids only or kids and adults who are clearly identified as adults it's not a filtering solution it's not a filtering proposal and I wouldn't make that and I don't think it would be necessary to have a group there are perfectly good filtering proposals that are provided as a point solution by a single vendor we don't need to have community action to make one of those possible to establish solid verification of minus status that is something that we would need to have community action and more than one party taking action we need the schools we need the technology of providers we need the relying parties all involved so that's three sets of parties as a minimum to make something possible filtering you can do it with one you just need the parent and download the software and then I'll bring it to Sahara thanks so let's get back to that scale question I think as you so nicely put it the internet is big I think was the quote or something like that and so this is an important point scaling up these solutions to the scale and scope of this thing we call the net and all social networking because we are using these paradigms we've heard a lot of them here today from tobacco and alcohol sales to PayPal to even filtering solutions but in every one of those situations we are not talking about every single user every single home every single kid but it sounds to me like if we want this system to work and many of the others we've heard here today we need to talk about this on a scale of unprecedented I mean just every kid every school district and so the question that Bill Gadara just asked is just scratching the surface not just kids cheat on how many years it takes to get up to the scale every single rural school that I went to in the middle of a cornfield in the sticks of Indiana before they had this or do those kids not get to go on and I'm sorry I don't want to blab but you get the point do you want to come to a question Adam or why don't you respond I think what you're getting to hear is you've got to design for deployment and I've been thinking about this a lot because my main job is trying to work out ways of stopping internet financial crime and again we've got to change the internet infrastructure build more accountability into it and that means that you've got to change a lot of parts of the internet at one of the things you've got to think about is what's going to be the killer application for pulling out this authentication scheme and it isn't necessarily going to be child protection before you've got to the critical mass on child protection you have to have a value that a school can realize that is there and praise them a benefit when it is only that school and none other on the net that is participating now there are a couple of areas where I think that are promising one is that online communities of children they are diverse and they cross across the whole net but also many of those communities of children they're centered on their schools so being able to authenticate the kids from your school or from your school district is a value of itself the other area that I would look to is online content provision we're going to be seeing over the next we're just starting to see a revolution in computer aided learning we're starting to see educational tools educational content instead of being delivered as a textbook it's going to be delivered as an internet download and instead of them being static problem sets the problem sets are going to be dynamic instead of the curriculum being tailored to the average kid it's going to be tailored to the specific kid that type of content is going to need a business model to roll out and they're going to be able to need to be able to sell the content to the school and to the school district so that the kids can use the stuff at home so that talks to the need for content access and site license let's take a few more questions Sahara please tell us who you are Sahara Bern from Cornell University do you comply with this idea that the schools would get paid for the ID the process of providing this service to authentications first of all I guess that's just a yes or no and then I have a follow-up I would expect the business model would be that the school district would pay now how you just set up the business model as a whole but in general I don't I don't like the business model of it being a PTA fundraiser that was a no what do you got I guess then for anyone who does this is actually from my father who's a superintendent of schools in California when I told him this at lunch I called and he said how much and then he said if it's a dollar a kid that's about $700 for one school and then every year after that if it's saturated only $60 a year per school and I don't really know how it could be much more than a dollar a kid that they would get paid so that was just one question financially how that would work for a school but if you don't think that that's the business model well I don't want to mention prices particularly since there's no product yet however if you look at the prices for extended validation certificates they're in that I don't think I definitely don't think that we're talking about here of an enterprise PKI solution at half a million dollars in installation no no that's not great Katherine Marr, UNICEF I stepped out of the room for a minute so I hope I didn't miss the answer to this question but by registration through the schools you're assuming a functional and coherent school system one of the things that we look at at UNICEF all the time is how do we educate children across the digital divide this system doesn't seem to take into account for that in fact it would seem to exacerbate a problem by preventing or precluding these children from registering through an approved system and therefore further hindering their access to that sort of information or this vibrant online community actually I had to compress it to get it into the five minutes in terms of the security of the system all that you would need to do is to have an organization which in the content context of that particular country could be trusted to provide accurate and accountable authentication of the children so in many parts of the world yes UNICEF would be I mean UNICEF already has an extended validation certificate I believe yeah in some parts of the world the churches would probably be the place that you'd go through in this part of New England I suspect that you probably wouldn't be going through the churches but you would have to tailor it to the individual cultural requirements but the overall thing needs to be you need to have the accountability to the party that's issuing that credential to the child thank you and Kevin thank you for coming from UNICEF and I know you've done great work in this area and look to extend it together so we actually have to be literally out of this room at five physically our bodies have to be out of this room it's a firm promise so I'm going to have one last question from Ann Collier then I have a couple of little logistical points but Ann you get the last question of the day wow and I apologize to all those who are lining up you can ask Phillip later just a quick one have you run this by the national school boards association or any of the national level you know superintendents principals organizations like that I've not run it past any of the organizations I've run it past individuals from the organizations alright what's been the reaction if you get if you talk to the principal in charge of the actual school that is clearly too low in the they're interested in their budget and where it's going to be going if you're talking to the folk that's much easier you talk to the politicians congress whatever it's a very easy sell I mean in America throwing money at this type of problem is not a difficult sell for a politician what about would you have to sell or lobby for a new law that requires such school nationwide compliance I don't think that you would need to lobby for a law and that would probably be counterproductive because I mean in all the way the internet works is you throw an idea out there that you think is good and then you hope that somebody is going to trump it with something better alright well please join me and thank you Phillip Hellenbaker thank you