DALE HUFFORD

Research & Thought Leadership

Understanding Security Within Social Media in Relation to Adolescent Use

A Master’s thesis examining COPPA compliance, digital footprints, biometric risks in schools, adolescent psychology, and a decade of regulatory change — updated in 2026 with new data on sextortion, AI-generated CSAM, mental health evidence, and global policy responses.

Institution: Regis University
Program: M.S. in Information Assurance
Author: Dale Hufford
Original: 2015  ·  Updated Edition: 2026
⬇ Download Presentation (PDF)
⬇ Full Thesis

Presentation Overview
01

The Problem & BackgroundWhy adolescent social media safety matters
02

Literature ReviewPrivacy, footprints, child safety & 2026 threats
03

Research MethodologyQualitative approach, data sources
04

Data & AnalysisInternet usage patterns, psychological influence
05

Discussion & Conclusions7 key findings
06

2026 UpdatesRegulatory timeline, new threats, AI policy

Key Statistics · 2026 Data

The Numbers Behind the Research

Data points drawn from the updated 2026 edition, incorporating Pew Research Center, Surgeon General Advisory, and platform disclosures.

95%
of teens have at least one social media account
Pew Research Center, 2024

48%
of teens say social media negatively affects peers
Pew Research Center, 2025

higher anxiety & depression risk at 3+ hrs/day on social media
U.S. Surgeon General, 2023

35%
of teens online “almost constantly” — up from 24% in 2015
Pew Research Center, 2025

Research Structure

Eight Chapters · Original & 2026 Updates

The original 2015 thesis covered five chapters. The 2026 edition adds three update chapters responding to a decade of regulatory change, new exploitation threats, and AI developments.

01

Original · 2015

The Problem & Background
Children aged 6–12 use social media despite COPPA’s 13+ age restriction. Culture and socioeconomics shape privacy control usage. Digital footprints created in childhood have lifelong consequences.
↑ Updated: COPPA Rule amended April 2025

02

Original · 2015

Literature Review: Digital Footprints & Privacy
Every online action creates a permanent, traceable record that becomes platform intellectual property. IoT devices compound data collection. Litigation record from Facebook Beacon through Cambridge Analytica.
↑ Updated: 42-state AG lawsuit vs. Meta (2023)

03

Original · 2015

Literature Review: Biometrics in Education
Fingerprint and biometric systems in schools — efficiency benefits vs. serious risks. Biometric databases are hackable and fingerprints, unlike passwords, can never be changed once compromised.

04

Original · 2015

Research Methodology & Data Analysis
Qualitative desk-based research using secondary sources. McAfee Digital Deception Study, Pew Research, Edison Research. Focus age group: 8–17, median target 13. No live subjects studied.
↑ Updated: 2025 data shows teens avg. 3–5 hrs/day

05

Original · 2015

Discussion & Conclusions
Seven core findings — including COPPA’s passive enforcement burden, platform financial conflicts, and parental involvement as the single most consistently protective factor identified.

06

2026 Update

The Regulatory Landscape: 2015–2026
A decade of change: GDPR, COPPA enforcement, the Facebook Papers, Surgeon General advisory, 42-state AG lawsuit, COPPA rule amendment, Australia’s world-first under-16 ban, and the KOSPA bill.

07

2026 Update

New Exploitation Threats: Sextortion & AI-CSAM
Both were absent from the 2015 research landscape. Now among the fastest-growing areas of child exploitation — with 64× increase in AI-CSAM reports and 1 in 5 teens reporting sextortion experience.

08

2026 Update

AI Companions & Global Policy Response
AI companion apps cultivate emotional dependency in minors with zero regulatory oversight — the next COPPA gap. Plus: Australia’s under-16 ban and the global legislative wave it has triggered.

Core Findings

Seven Key Conclusions

From the original 2015 thesis — conclusions that remain as relevant, or more so, in 2026.

1

Privacy protection strategies are unevenly distributed — culture, background, and experience shape usage of privacy controls.

2

Facebook’s financial interests conflict directly with meaningful child safety enforcement under COPPA.

3

Biometric data collection in schools presents serious unintended consequences despite perceived safety benefits.

4

Children’s digital footprints are permanent — a social media post from childhood can cost a career decades later.

5

Parental investment and active involvement is the single most consistently protective factor identified across all data.

6

COPPA is passive — it places the burden of proof on end users rather than on platforms, making enforcement largely reactive.

7

Data posted online is no longer the user’s property — it becomes the intellectual property of the platform immediately upon posting.

“Until there are laws that can effectively protect children — not passive laws such as COPPA — there will always be a concern.”
— Dale Hufford, 2015  ·  Validated by Australia’s 2025 national ban and the KOSPA bill

Regulatory History

A Decade of Change: 2015 → 2026

From COPPA as the lone federal protection to a global wave of legislation directly validating the thesis’s central critique of passive regulation.

2015
Original Thesis
COPPA still the primary federal protection. Facebook dominant. Minimal teen mental health research.

2018
GDPR & Enforcement
EU GDPR effective. TikTok fined $5.7M for COPPA violations. TikTok launches globally.

2021
Facebook Papers
WSJ leaks: Instagram knew about teen mental health harms. Cambridge Analytica — $5B FTC fine.

2023
Watershed Enforcement
U.S. Surgeon General warning. 42 AGs sue Meta. FTC proposes ban on monetizing youth data.

2025
COPPA Amended
FTC COPPA Rule effective June 2025. 28+ states enact school phone bans. AI-CSAM reports surge 64×.

New 2026

2026
Australia & Global Wave
Australia enacts world-first under-16 social media ban. TAKE IT DOWN Act signed. KOSPA awaiting House vote.

2026 Research Update

New Exploitation Threats

Two categories of threat that were entirely absent from the 2015 research landscape — now among the fastest-growing areas of child exploitation online.

Sextortion Epidemic — Financial & Coercive
1 in 5
teens report experiencing sextortion (Thorn, 2025)
20+
teen suicides linked to sextortion (FBI, 2021–2023)
70%
surge in financial sextortion reports H1 2024→2025
81%
occurs entirely online via social media & gaming
TAKE IT DOWN Act (May 2025) requires 48-hour removal of non-consensual intimate images. 1 in 7 sextortion victims driven to self-harm; 28% for LGBTQ+ youth.

AI-Generated CSAM — Explosive Growth
64×
increase in AI-CSAM reports to NCMEC (H1 2024→H1 2025)
45
U.S. states enacted AI-CSAM laws — most in 2024–25
1 in 8
teens know someone targeted with an AI deepfake image
Dec 2025
ENFORCE Act unanimously passed Senate — extends CSAM law to AI
Both threats validate the thesis’s warning that platform financial incentives actively conflict with child safety — now extended to AI-generated exploitation at scale.

2026 Update

AI Companions: The Next Regulatory Gap

Why AI Companions Are Different
COPAA was designed around data collection, not emotional manipulation. AI companion platforms sit in a complete regulatory vacuum — no age verification, no parental consent, no safeguards — while actively cultivating emotional dependency in minors.
  • Designed to maximize emotional bond through flattery, affirmation, and simulated attachment
  • No age verification, no parental consent, no content limits for minors
  • Available 24/7 — capable of romantic roleplay and crisis conversations without safeguards
  • Sewell Setzer III, 14 (FL, Feb 2024): suicide after months of Character.AI use
  • FTC formal inquiry into AI chatbot risks to minors opened Sept 2025
  • CA SB 243 (eff. 2026): first state law requiring AI disclosure & crisis protocols

Global Policy Response

Australia’s World-First Under-16 Ban

Online Safety Amendment Act 2024
Effective December 10, 2025. Under-16s banned from Instagram, TikTok, Facebook, Snapchat, and X. Fines up to AUD $50M for non-compliance.
  • France, UK, Germany, Italy, Spain considering similar bans
  • EU Digital Services Act (2024): prohibits profiling-based ads to minors
  • KOSPA passed U.S. Senate 91-3 — awaiting House vote (early 2026)
  • 28+ states enacted K-12 phone/social media restrictions by early 2026
  • California Phone-Free Schools Act signed Sept 2024
The thesis’s core critique — that passive laws place the burden on users rather than platforms — has become the operating premise of a new global legislative wave.

Access the Full Research

Read the Full Research

The 2026 updated edition incorporates a decade of regulatory shifts, new enforcement actions, emerging AI risks, and the latest mental health evidence — making it as relevant today as when first written in 2015.

⬇ Download Presentation (PDF)
⬇ Full Thesis

Hufford, D. (2015, updated 2026). Understanding Security Within Social Media in Relation to Adolescent Use. M.S. in Information Assurance. Regis University.