After selling Girl Scout cookies the old-fashioned way since she was five, Rebecka Hicks, 16, is taking her first leap into the world of online sales.
Pretty soon, Rebecka will put up her photo, perhaps a video of her making a sales pitch, on a personal Web site. She'll send out eCards to reach a wider range of customers than she ever has before. And while the overall design for her sales site will come from the Girl Scouts, what goes online is basically up to her. The organization won't review the content, saying that such projects should stay between parents and their kids.
The move by the Girl Scouts this week to allow its troopers to sell cookies online has been met with mixed emotions by parents, officials within the organization and privacy advocates who raised concerns about exposing so many girls, as young as 13, to the potential for cyber-bullying, online predators and other dangers of the Web. Some say the idea is long overdue: How can you teach entrepreneurship to a generation of young women without developing their online skills? But others are worried about encouraging so many children -- there are 2.3 million Girls Scouts in the country -- to court friends, coworkers of parents, acquaintances, and other consumers through Web sites that have little organizational supervision.
It's a big step for the Girl Scouts -- and for the Hicks family. Rebecka said she's already excited to sell her wares to relatives who live far away and to allow customers to pay with credit cards instead of cash. "I definitely think this will go forward in a positive way," she said.
The risks aren't lost on Hicks' mom. "I have concerns, but I feel as though they've put good measurements in place," said Krista Hicks, who lives in Mechanicsville, Va. Plus, she added, it doesn't do any good to fight the inevitable. "They do live in that world and this gives them more education and chances for thought about what the dangers that are out there."
Some are more hesitant about the push online. The Girl Scouts Council of the Nation's Capital -- the country's largest chapter with 90,000 members in the D.C. area -- said it isn't participating in the "Digital Cookie" program yet, in part due to safety concerns.
Lidia Soto-Harmon, chief executive of the D.C. Girl Scouts' council, agreed the girls need to embrace technology, but said safety is still her first concern. The group's troopers will be allowed to set up credit card payments, but not personal Web sites.
"We are known for being a traditional council," Soto-Harmon said. "We're making sure, to your point about security issues, that we're protecting the data on the girls, and what the girls are collecting."
The Scouts say that they have put in a number of measures to protect the girls from online predators, and have been working on this program for at least five years. A Girl Scouts spokesman said that only a girl's first name will be part of her custom site -- similar to a seller's page on eBay. Her last name, location and other identifying information won't be listed by default. The organization also made sure that all customer and scout data is encrypted. Girls won't be required to set up Web sites, but those who do will have to take a pledge for online safety, plus lessons on issues such as cyberbullying and dealing with strangers online.
But some online safety and security experts said not every family will understand the risks. Plus, it’s not easy for parents to monitor everything their kids are doing online.
"Thankfully these girls probably have some confidence and mindfulness about them as comes with being in scouts," said Garth Bruen, a Boston-based investigator-- himself an Eagle Scout -- who researches Internet crime. "Nevertheless they are children, and anytime you open one door someone will try to exploit it and find some way into a kid's mind, it's a game the predators know how to play well." He said that scouts should be particularly wary of large orders that come with requests for extended communication.
There's also the threat of hackers who often view non-profit organizations as prime targets, said Akli Adjaoute, chief executive of the San Francisco-based security firm Brighterion. Compared to banks and mega-retailers -- whose systems have been compromised in recent years -- criminals assume that non-profits "have no resources and no heavy investment on security," Adjaoute said. "And they're right."
The girls or their parents won't have to combat cyber-security threats, the Scouts said. The cookie bakeries will be providing the infrastructure for the Web sites and will be responsible for protecting them against major cyber attacks.
Ultimately, the Girl Scouts said it is relying on parents to be the last line of defense against other kinds of threats online. That's why parental education is paramount, said Jeffrey Chester, executive director of the Center for Digital Democracy. Some may not think twice about letting their kids send links to their Web sites far and wide, or upload videos that show off their schools, homes or neighborhoods as part of a sales pitch. And in the intense competition to increase sales, some youths might let their location or full name slip.
"First, some parents would need to earn a privacy badge themselves," he said. "But you can't treat teens like little adults in terms of their privacy, especially when they're being encouraged to sell no matter what."
The key for parents is to keep talking to their scouts about online dangers, said Stephen Balkam of the Family Online Safety Institute. Balkam said that he applauds the Girl Scouts for modernizing their cookie sales, but that parents and caregivers have to stay in close communication with them to keep them safe.
"This is not a one-off 'the birds and the bees' conversation," he said. "It's an opportunity for parents and kids to explore, share and celebrate sales -- but parents should stay close."