I think this is just poorly written, or written to fit all use cases. There is a lot behind little league, and it’s not obvious until you get into it.
I was on a little league board. In my state, we had pretty strict background check requirements, and those providers were the “trusted partners” that were given sensitive information. Now, little league volunteers are mandated reporters in New York, so the government gets information for training enrollment.
The school enrollment information was used for eligibility... the eligibility requirement was to live or go to school in the territory. It frequently came up for kids in private school outside the zone or kids in shared custody arrangements. There are many edge cases, especially with shared custody, foster or arrangements where “easy” forms of required information just isn’t available for various reasons. Most “nuclear” families provided a birth certificate and any letter from a utility, bank or tax bill.
Age is very important for leveling kids appropriately and keeping them safe, which is why birth certificates are required — parents are insane and go to extreme lengths (I personally encountered forged documents, parents who delayed entry into kindergarten to age 6, bogus documents from siblings or cousins, etc) to try to let older kids play in younger levels. It’s a hazard for an 11 year old to pitch or hit against 8 year olds. Little League is used as a way for folks to get kids into elite travel teams, etc.
Marketing stuff was totally different and may vary by league. We wanted all communications to our folks to go through and be approved by us. “Bob the plumber” could hand out flyers, get an ad or have a blurb in an email campaign. The big companies (currently GM, Gatorade, Honda in my region) just push materials down and use contests to get personal data.
> I think this is just poorly written, or written to fit all use cases.
You're almost certainly right, but I still think for legal documents this kind of argument needs to die. I'm really, really sick of being asked to be OK with agreements that give organizations significant, unnecessary levels of power simply because they say they won't misuse it. What are the consequences in place if Little League decides to misuse this data? This agreement removes any accountability or oversight from Little League's data handling.
Frankly, it's magical thinking. In the real world, organizations do corrupt things sometimes. Organizations accidentally leak data, they have bad actors, they get into conflicts and decide to stop operating in good faith. We shouldn't give those organizations blank checks to do so.
This kind of fuzzy "trust us" agreement is fine for something casual that parents are putting together, but it's not fine when it's an organization of this size. Because I guarantee that in the event of a scandal, if a Little League was ever sharing personal information with advertisers, this contract would get trotted out during the lawsuit to argue that the defendants couldn't sue. I don't believe for a second that a Little League wouldn't look at the letter of the contract in that situation rather than the "spirit" of the contract.
So even in situations where an org isn't actively trying to take advantage of you, it's harmful for contracts to have this kind of language. Often this language is genuinely only put in because some lawyer somewhere recommended it, often nobody is trying to take advantage of anyone. But even so, legal documents are not gentleperson's agreements, and we shouldn't treat them that way, we should treat them seriously.
It's OK for you to acknowledge that the agreement probably doesn't have malicious intent. It's not OK for someone to argue that not having malicious intent makes the agreement acceptable.
> It's OK for you to acknowledge that the agreement probably doesn't have malicious intent. It's not OK for someone to argue that not having malicious intent makes the agreement acceptable.
Indeed. And attorneys and "template documents" are the biggest culprit here. Every legal person gets a thrill writing the most evil one-sided legal document then pushes it to the company which uses it since "it comes from legal". 99% of the people just sign it since "legal" doesn't agree to changes.
I've had multiple companies/people utterly confused as to how I wouldn't sign their one-sided "standard" agreement contract.
> Age is very important for leveling kids appropriately and keeping them safe, which is why birth certificates are required — parents are insane and go to extreme lengths (I personally encountered forged documents, parents who delayed entry into kindergarten to age 6, bogus documents from siblings or cousins, etc) to try to let older kids play in younger levels.
This being HN, I figure I can make this criticism and be understood even if it breaks the rules here:
Either Little League operates on a human web of trust-- where parents show the documents to a human like you, who then signs-off on the age/residency verification, on up the chain as the Linux Kernel devs work; or, Little League requires a sophisticated digital system for accepting and verifying the documents with lots of personally identifying information in them. If it's the latter, fine-- but then that system is subject to the same scrutiny that Signal, Clubhouse, Experion, and every other digital system out there.
With that in mind, Little League's privacy policy as written is a dangerous pile of horseshit, and your rank speculation that they're probably not leveraging it the way the rest of data miners would isn't helping.
So while this is pretty accurate I think the last part could be said more nicely.
I get why you’re upset / impassioned, I am too about this in general, but I believe the person you are replying to was acting in good faith and giving a perspective most of us here do not have.
From a more pragmatic perspective this behavior discourages others, both directly and indirectly, from contributing in the future for fear of saying something wrong or incorrectly. Of course there is a balance.
If OP knows the inner workings of Little League well enough to claim that the ToS is a case of overly-broad boilerplate, OP can message someone relevant in the org to tell them to change it so it isn't as dangerous.
That doesn't address the broader problem of whether the data really is kept safe. But it at least raises the cost to someone who is considering (or already has considered) mining that data.
I have a difficult time believing that an org with a non-negligible number of participants willing to risk harm to 8 year-olds for the benefit of their 11 year-old would have zero participants willing to leverage an overly-broad ToS for personal gain.
It's typical self-righteous tech elitest drivel. What's not wrong with it? About the only thing missing is a reference to how anyone with two braincells uses Brave browser and buys bitcoin.
On issues of information privacy, I think that most people here are likely to be informed enough to form opinions that they can back with reasoning, as was done here. And the facts are that the policy that Little League has does not have to be in place.
>> Is it so hard to set up a game between your kids and others?
Yes. Yes, it is actually reasonably hard to coordinate 18+ kids and thier familes (thats the minimum size for two baseball teams), have an experienced adult coach them, and hire a referee (if that is judged to be necessary), coordinate field usage, advocate for local governments to set aside sports and play space and protect existing space from development.
Now are many American youth sports leagues a bit nuts about the competitive or developmental aspects? Absolutely, and baseball is one of the worst. I really want a checkbox that says "do you want your kids to play in the major leagues some day" so I can not check that and hang out with other parents just there for fun. But coordinating sports and recreation (and ensuring space and facilities for sports and recreation exist in the first place) is not a trivial exercise and is why most local governments have an entire department set aside for it. Parks and Recreation may be a funny and absurd series, but in real life those people do real work that has real benefits.
> Yes. Yes, it is actually reasonably hard to coordinate 18+ kids and thier familes (thats the minimum size for two baseball teams), have an experienced adult coach them, and hire a referee (if that is judged to be necessary), coordinate field usage, advocate for local governments to set aside sports and play space and protect existing space from development.
How did people coordinate this before the invention of all these digital communication devices that we now find our selves so desperately dependent on like we're stuck in The Matrix?
I think you might be referring to a time when kids could play unsupervised and before independence-building play was replaced with wall-to-wall no-trespassing signs and overseen by a system that makes sure each minor transgression is forever leveraged into multiple, life-harming punishments.
Sports leagues have been a thing for generations, so it's worth noting that the answer to "What did you do before all this digital stuff" isn't "kids just did their own thing" -- they still organized leagues.
Pen and paper, the way most organizing was done before the digital age. You went to a community center, signed your kids up. Can you imagine organizing 18 kids without all these devices? Little League has been around since 1939, the need for a coordinating organization isn't a recent change.
And that’s pretty much how it’s done in the LL my kid played in a few years ago. Parents show up to a local pizza place during a registration day. They bring the filled out paper enrollment form, the kid tries on some jerseys for size, and then pay the fee. Congrats, Johnny (or Jane) is signed up for LL.
I read in a history book that human beings managed to coordinate entire empires that stretched across continents with out digital electronics.
Facetiousness aside, I'm flabbergasted that I'm reading people on HN defend these kinds of abhorrent data collection and retention polices and using the difficulties of coordinating 18 people as an excuse for them.
It's like some cyber stockholm syndrome where people feel the need to make justifications for the behaviour of malevolent entities that they have wilfully shared their data with. The requests are so unbelievably intrusive that they remind me of the Ivy League nude posture photos[1]
I give it 6-24 months before we're reading a story here about a mass data leak from Little League or something equivalent like Boy Scouts of America or whatever.
To be clear, I’m not defending the collection of the data; that’s stupid, and is a good example why there should legislative minimum fines for data breaches and bond requirements to process certain types of data, as well as standardized privacy policies and regulation
However, the comment I was responding to was regarding the need to have any coordination at all. It’s good and right that these organizations exist, they just don’t need to collect PII as described in the article.
> I read in a history book that human beings managed to coordinate entire empires that stretched across continents with out digital electronics.
You asked specifically for little leagues. The across continents coordination is done by a.) delegating rulership to local warlords b.) keeping military power strong enough to keep those you those in check. It had massive limitation in terms of what it could achieve and has zero to do with organizing of competitions for kids.
Plus, the central power would not bother to micromanage little teams. It is our culture that finds little leagues important, not theirs.
You absolutely can find recreational leagues that are less rigorous - although for safety reasons they'll still tend to be particular about ages. Baseball is a relatively dangerous sport if there's a massive imbalance. It's important that pitch speed, bat speed, reaction times, and overall mass scale up smoothly and roughly uniformly.
The reason why it's so formalized beyond that is that travel ball at 11-12 years old is the beginning of the pipeline to the pros. There are millions of dollars of signing bonuses waiting just a few years down the line, but you don't get drafted unless you're a high school star, and you don't get to play for the high school varsity team unless you're getting the coaching from the top-tier youth leagues.
> you don't get to play for the high school varsity team unless you're getting the coaching from the top-tier youth leagues
This is pretty much the case. By age 12 or so, the local kids who have skill and interest have been identified. They are shunted out of the parks and rec leagues into travel teams and they play together up to high school. Of course there are still tryouts but if you're a freshman and unknown to the coaches, you have to be either a move-in who has been playing travel ball elsewhere, or one of the rare naturals at pitching or hitting to really get noticed at that point.
Why not cover the safety aspect with simple height and or weight ranges like boxing etc? That seems like it would work better and is much easier to check.
Yeah, weight classes in kids' sports are a terrible idea.
The only exception is in individual combat sports (wrestling or judo, for instance). In those cases, not only is it a safety issue, but the 'penalty' for failing to make weight is just that you have to compete in the next weight class up, not that you or your team are ejected from the competition.
European rowers (and I include British people here) are kind of shocked that the US has lightweight categories at high-school level. I suppose, though, that if people are chasing lucrative scholarships to college lightweight teams that might be an incentive...
* I suppose, though, that if people are chasing lucrative scholarships to college lightweight teams that might be an incentive...*
Scholarships for men's rowing largely don't exist. There are a few schools with full varsity programs, but not many.
Women's rowing, as a scholarship activity, is a largely new thing - there was a massive increase in women's rowing in the 1990s in order to comply with federal regulations. The men's football (American, not soccer) team has 85 scholarships available - rowing is an easy way to add 20+ women's scholarships.
As for lightweights in high school, I was one. If there was no lightweight program, I likely would have stuck to XC running. No way I could compete against the typical 180lb+ heavyweight at 140lbs.
> Why not just get kids together to play baseball?
You can, if everyone trusts everyone involved, and you just want some casual fun. But beyond that...
Some of the developmental/training issues have been mentioned, as well as some allusion to safety. Also related is liability; do it enough and there are going to be injuries, some of them serious. And if you haven't planned for this, it's quite easy for someone to unexpectedly end up responsible for a huge unexpected liability.
Let's be honest. Safety and liability issue is a convenient excuse and in reality, a small part of the reason.
The developmental aspect is the real reason. When you're talking about the 7/8/9 grades, the point of Little League is to get the attention of scouts for professional organizations and colleges. When you introduce millions in signing bonuses to an 18 year old or athletic scholarships, you're begging for adults to poison the well. Little League has a history of cheaters and the organization, at best, is frequently overwhelmed in dealing with them.
Little League is a very US institution, but even in places with socialized healthcare there are non-medical costs of injuries and potential liability attached to them, and anyway, while universal coverage is common outside of the US, many nations acheive it without socialized medicine.
The national league organizations do a lot of good things. I would say that most importantly they have standardized coaching education, e.g. what should kids be learning at each age level. Then locally you have clubs and leagues that operate to schedule games and do all the legwork of reserving time on fields for games and practices, raising funds to pay for it, handling communication with parents, etc.
Sure if you just want to just show up at the park on Saturday afternoon to see who else is there and hit the ball around, you can do that. Without some structure and organization, it will never go beyond that.
> It’s a hazard for an 11 year old to pitch or hit against 8 year olds.
Heh, I played Little League in a very small town back in 1968-69. In order to have enough teams, the league was 9, 10, 11 and 12 year olds. You had 12 year old almost men firing blazing fast balls at little 9 year old kids. Tough league.
I have a funny Little League story. My 12 year old year, I was on the worst team in the league. It was a 16 game season and we were 3 and 12. Our last game was with the undefeated team. Somehow, we played the best game of our careers and beat the undefeated team. My Mom just happened to be at the game and as was the custom, bought soda pops for all the members of the winning team (at 10 cents a bottle, a $1.50 cash outlay). She comes over to me all puzzled and asks "why are all the kids on the other team crying?". I explained how we ruined their undefeated season and she bought them all soda pops too.
I personally think you're right: it was written overly broadly and allows for things that Little League would never do in practice. I think they're a good organization and didn't mean any evil when they set this up.
That said, the end result is a pretty bad combination of things. It's a little annoying but not the end of the world when I start getting spam for batting cages after registration. It would be a whole different animal if I started getting ads for medicines based on the medical records I had uploaded to register. (Hypothetically speaking, of course; I'd never upload anything that sensitive, and I don't think Little League would ever actually do that.)
Interestingly they never asked for proof of age. I think that happens in person with the coaches, but I haven't thought about this since about a year ago and didn't really pay attention to remember exactly how that worked.
- if you need it, limit the scope to only the needed use cases
- if your request is overly broad & is written in a fashion that requires me to sound like I’m signing away my privacy, I gonna think you have bad intentions and that makes me not trust you
The problem with this "they don't intend to use this overly-broad power in that way" line of thinking is that, even if you could be completely assured that it is true, there is no telling who will come into power in the future. You don't leave a gun laying around in the open.
The privacy policy could easily be that PII will only be used where required by law.
We run in circles avoiding saying that the organization should just do what is required to serve the people it was formed to serve, it's really something.
Yes thanks to Larry Nassir and Jerry Sandusky every volunteer parent on every youth sports club is seen as a potential pedophile. Mandatory background checks, mandatory training on bullying, harassment, hazing, physical abuse, emotional abuse, sexual abuse, and sexual misconduct is now required. It has really made it much more difficult for leagues to get volunteers because though many parents want to help, most don't want to have to submit to this level of scrutiny and demands on their time.
It’s much more widespread than just those two cases. I know that the Scottish FA recently issued a report into historic abuse and it seems a few clubs had problems over the years. I imagine that this is not something limited to these few clubs in this one small country, and that it’s happened this way over the world.
I understand that some of the stuff required for this person to get their kid involved in Little League seemed over the top, but let’s not downplay the risks of involving adult coaches and volunteers without checks or turn a blind eye to what has happened in the past.
Is it really that bad? From what I remember, in Canada my vulnerable sector check was as simple as going to a location, showing my drivers license and giving basic contact info, and waiting a few minutes while they query a few databases. I’m told it gets slightly more complicated if you share a name and birthday with somebody convicted of a serious crime, but that’s the exception rather than the rule.
The background check is pretty much that -- it's online and quick, but you have to submit Driver's License #, SS#, DOB, everything that makes people nervous online. And in my experience, the form was a classic ASP page that looked like it had been developed in 1998. I didn't try any SQL injection tricks or anything, but it didn't inspire confidence. In sum, it's not so much the background check itself I object to, it's the wondering about the third parties that get the information.
Then there's the hours of online "Safe Sport" training, every year, plus you become a "mandatory reporter" for any kind of abuse, neglect, etc. and that also makes people nervous. So it's just more reasons for people to decline to help.
For baseball, you'd have to do a whole lot more than that. Most top baseball prospects don't go to college at all - they get signed straight out of high school. Kids are getting signed for millions of dollars at age 17 or 18, and baseball is more a skill than a sport. The stakes are ridiculously high: it's a life-changing amount of money, there are only a few spots available (compared to the number of kids who play baseball), and the skill ceiling is basically nonexistent.
Worse, it's a pipelined thing. If you're not already one of the best kids in your area by the time you get to high school, you won't get any playing time, so you won't get scouted. If you aren't one of the best kids in your area by the time you get to travel-ball age, you won't get any playing time, so you won't get the experience to be able to make the high school team. If you don't get on (or fall off of) the fast track, you have absolutely no shot.
Undrafted free agents sometimes make it to the NFL, and walk-ons at the college level aren't unheard of. You can learn basketball up to an NBA level relatively late, so long as you're one of the incredibly few people with the genetics to make that an option. But baseball is so dependent on ingrained muscle-memory and top coaching that you absolutely cannot start playing baseball at a high level late and hope to compete. And as long as there's money in it at the end of the pipe, there will be competition at the beginning of the pipe.
It used to be considered acceptable to find young boys with good voices and castrate them so their voices would never change.
At some point, society decided that we weren't going to do that any more, even though it meant that the "castrato" parts in operas could no longer be properly sung (there was near-universal agreement that the purity and power of a castrato's voice could not be matched by anything else).
Now, we're not castrating these kids, but we are sending a lot of them into adulthood with physical problems (fucked-up joints, e.g.) and a socially-impoverished childhood.
Maybe accepting a slightly-lower baseline level of professional baseball skill would be a reasonable tradeoff to avoid that?
Edit: the same holds true for gymnastics, tennis, etc., of course -- any sport that requires that level of dedication from a young child. I don't mean to drag baseball in specific.
> It used to be considered acceptable to find young boys with good voices and castrate them so their voices would never change.
> At some point, society decided that we weren't going to do that any more, even though it meant that the "castrato" parts in operas could no longer be properly sung
Well, castrating kids to preserve their high voices is out, but castrating kids is very much back in.
I never give out birth certificates for my kids. Birth certificates are foundational documents for identity theft with a lot of personal information organized on one page.
I don't want my kids birth certs sitting on some random server.
Instead when necessary I use copies of their passports or school documents.
Whatever it might "just" be, these are the rights they claim. If it was "just" something benign, they could claim those rights. That's what you make legal write those documents for (and if you don't have one to write those documents, you shouldn't be making them at all).
The fact that they have claimed them and still have them means they feel like they might use those rights. That makes it evil.
You’ve just written an excellent foundation for a privacy policy. It clearly explains most of what data you need and what you’ll use it for - that’s exactly the fundamentals of a good privacy policy. Add some stuff on where/how you store and secure it, when you delete it, and who to contact to update/delete info or complain, and you’re 99% done.
I think it’s lazy and bad form to ask for extremely broad catch-all consents to personal data usage, which basically become meaningless as a result. Those remind me of a famous “meme-ified” scene from Parks and Recreation where Ron shows a homemade ‘permit’ to an inspector that says: “I can do whatever I want. /s/ Ron.”
At least in the EU there’s the GDPR mandating that consent be specific and freely given. If only data collecting organisations would stop focussing so much on the cookie consent nag screens and take their compliance with the rest of the GDPR equally serious...
To cut to the crux of it, the extensive document requirements are almost certainly due exclusively to child protection requirements that are not obvious to the rest of us as we’re not aware of the safeguards in place in the background. Cool. I’d be concerned if they weren’t taking those matters seriously.
How hard is it though to make it clear:
(1) how this information will be handled
(2) how it will be stored/secured
(3) when it will be deleted
.. separately from your sharing of data terms. They almost certainly have no intention of sharing that information with marketers or sponsors - it would be quite easy to make that clear.
I also think we’ll see handlers take privacy a lot more seriously now that the understanding of GDPR is trickling through these systems.
Sensitive data is still treated as a juicy little bonus for marketing departments instead of the radioactive plutonium that it is.
I was on a little league board. In my state, we had pretty strict background check requirements, and those providers were the “trusted partners” that were given sensitive information. Now, little league volunteers are mandated reporters in New York, so the government gets information for training enrollment.
The school enrollment information was used for eligibility... the eligibility requirement was to live or go to school in the territory. It frequently came up for kids in private school outside the zone or kids in shared custody arrangements. There are many edge cases, especially with shared custody, foster or arrangements where “easy” forms of required information just isn’t available for various reasons. Most “nuclear” families provided a birth certificate and any letter from a utility, bank or tax bill.
Age is very important for leveling kids appropriately and keeping them safe, which is why birth certificates are required — parents are insane and go to extreme lengths (I personally encountered forged documents, parents who delayed entry into kindergarten to age 6, bogus documents from siblings or cousins, etc) to try to let older kids play in younger levels. It’s a hazard for an 11 year old to pitch or hit against 8 year olds. Little League is used as a way for folks to get kids into elite travel teams, etc.
Marketing stuff was totally different and may vary by league. We wanted all communications to our folks to go through and be approved by us. “Bob the plumber” could hand out flyers, get an ad or have a blurb in an email campaign. The big companies (currently GM, Gatorade, Honda in my region) just push materials down and use contests to get personal data.