« Game Research Grid | Main | Joho says: MMORPGs are BORING! »

Oct 16, 2003



It's a great topic. The potential for personal data trails in MMOGs go well beyond anything we have IRL. I believe that some of the current crop of VWs keep histories of *everything* that ever transpired in the game. {I assume some do not.} In addition, most VWs facilitate data queries on nearby avatars. In MUDs, "look" gives you some data, and in current MMOs, right-clicking on an avatar usually serves the same function. And then you have the filtering and group search issues.

Be interested to hear what other people say. Tal should probably be following the new blog by Tom Coates -- I just added it to the blogroll. Looks like he'll be digging up some helpful ideas...


And I'm sure Nick has some relevant data from EQ.


A number of deserters were arrested by military police at PCbaang whrere MMORPG being serviced.

And I was also told a story that a runaway boy are located by his mom with the help of gameing company.

{the company inform his mom the location of PCbaang where his son logged in, deliberately circumfuse items around the his avatar so that she can make it there in time}


Unggi --

You never cease to amaze me with these stories.

So you're saying the military police somehow got the subscriber identities and log-on locations from the game company? I assume they would need to use a subpoena proccess? (I'm thinking I need a crash-course in Korean law to understand the context of some of the context...)

And with the mother/son -- you're saying the game company fed the son freebies to keep him at the baang?

Relatedly -- anyone aware of a Korean/English dynamic Web translator a la AltaVista's Babelfish?


Privacy from whom? There's three, perhaps four different categories here:

1) Other players. Especially in PvP game, details about a character may be considered sensitive by the players, as far as exposure to others. In non-PvP games, they are still going to be touchy about it. And they're always going to want communications to be at least as secure as email or IM clients (so another player who isn't party to the conversations doesn't se them unless shown them by someone who was). For the most part, players get whatever level of privacy they ask for this scope, it's easier than fielding complaints.

2) The game operator and their CS staff. You've got no privacy from them as it stands now. Although no-one logs everything about everybody, they potentially can (and sometimes will, for example if they're investigating a possible exploiter or a harrassment complaint). Any privacy players have here is the result of inadequate storage space, logging tools, and manpower for monitoring. This almost certainly needs to stay that way, it's impossible to operate a service when you can't know what's being done with it.

3) Outside interests. Right now I don't think any online game operator is sharing significant amounts of data with outsiders. The resistance to doing so tends to be high, even in the case of academics. Probably some marketing related information has been shared, the Themis group has probably gotten somewhat more detailed information.

4) The government. As far as I know, no governmental agency has yet tried to extract any information from an online game operator about the activities of their players. What "due process" will mean in that case is far beyond my capabilities, Greg and Dan could probably make a much better guess.



Well, this is a coming issue too. I have gotten "privacy expert" tacked onto my resume recently (I write a monthly report for VA on happenings in privacy mostly in the medical field, but they like to know about the issue generally too.)

Dave's breakdown is a good start, as far as it goes. All game companies should have a stated privacy policy. It's not that information shouldn't ever be shared with parties who have use for it (beyond marketing uses, that tends to be a hotbutton with many privacy-sensitive people0, it's that the conditions on how it will be shared, and what protections will be in place once it's passed to another party, need to be specified.

An example of the current state of this is HIPAA and Graham-Leach-Bliley (the former is on health information, the latter on financial). The latter might bear special scrutiny, as a template, in light of our "virtual currencies." If property rights DO evolve towards more property rights for players, virtual currencies (and account information concerning their holders) might slide towards coverage under existing privacy laws.

As far as sharing information with outside research agencies goes, the best way is to first de-personalize it. Anything that could be used to identify a certain individual can be cut out. The researchers are mostly interested in statisics, not specifics. Where the latter is the case a special contract could be put in place binding the researcher to the same policy as the game company with regards to privacy.

All this can and should be spelled out in privacy policies published where players can find it.

Then, of course, these policies must be enforced to protect the company from suits.

Dealing with the government (in this country) is pretty easy (as long as you can afford a lawyer). Make them provide the proper documentation before releasing anything to them. Contrary to the views being bandied about by media outlets, government officials are on pretty short leashes. They don't always know it, but a decent laywer does, and will help keep the ignorant, or overly pushy, ones in line. Once they provide the documentation, give them the minimum that requires. Giving more opens you up to suits again.

Work with a strict minimum necessary rule. Exercise due diligence.

The privacy statement should also make clear that the company is not responsible for personal information players share with others in game. Anything they say in game is effectively public. While the company should strive to make purportedly "private" in game communication private, nothing of a personal nature said can or will be guaranteed to remain private by the company. Of course, the company should have firm policies in place (as mentioned above) not to reveal any personal information about players without their express consent.

As far as (4) goes, let's not forget the history of board games... The treasury Dept did get their wrist slapped for that one though.


I'd like to add that ensuring privacy policies are upheld is easier said than done.

Data bases allow VW, MMOG (and other community spaces) to link all kinds of personally identifiable information with behavior information. It's tantalizing to people such as marketers to learn that people from a particular zip code tend to play elves. It's of interest to police that a particular user who listed his age as 43 that he engages in private conversations only with other players who are listed as under 15.

The choices a company makes about the privacy of their users will affect how they structure their information links in the database. If a company chooses to not link account information with avatar logs, then either the database reflects this or security both in limited access and training for people who have access to the database.

There are large numbers of people who have access to the personal data of players: developers, CS staff, hosting facilities. At each point where there is a person who has access, the security of private data can be compromised. It's not necessarily maliciousness, but ignorance, that can undermine the best written privacy policy. Some well meaning developer with access to data pulls up information for a well-meaning customer service agent and that information can be released publicly.

If I understand the current way it works (for organizations other than health and financial), privacy policies are contracts made by the company. Even if the violation of the contract is accidental, the company can be held liable. This might not be important in the case of Player A figuring out game information about Player B, but the stakes could rise in predatory or harassing behavior that was assisted by the release of the info.


Speaking for health organizations, they have regular training of their employees on privacy issues, have periodic outside checkups of their effectiveness at following policy, and require their employees to sign a "contract" of their own to abide by privacy policy. Now that HIPAA is law, that is. I get paid to be one of the outside checkeruppers.

None of this is something government has to mandate. Companies can do this on their own. If they did, government wouldn't force them to as a lasat resort.

But in general business it's probably going to take some lawsuits, large settlements, or government to put sensible policy in place.

Oddly, I'm not at all, personally, one who elevates privacy into the category of "life, liberty and pursuit of happiness." But it's a desireable thing if it doesn't cost me other, more important things. The privacy of information as it pertains to my financial accounts is more sensitive to me than that of my medical history. You want to know I had my tonsils out when I was seven, you're welcome to that knowledge. You want to know my checking account number, I get a bit nervous.

Scott, the problem is most company privacy policies aren't comprehensive. They cover certain aspects, not others. It's hard to enforce rules if they aren't well-defined. They may cover outward-facing aspects, as do many published privacy policies, but often they ignore the inward-facing ones you mention. In some cases companies may feel that as organizations they need to know the relationship between avatars and individual humans. That's acceptable. What isn't is that they don't have a defined policy in place that says which individuals inside the organization can access that information, what they can do with it, or not, and what the penalties are if they expose any in a way not sanctioned.

In many environments it's not a major issue. It may not be in game companies, frankly. But were financial information to leak resulting in damage to individuals and it be shown that the company who held that information did not employ "best practices" (and thus be judged as negligent), the punitive rewards might prove crushing.

Good privacy policy, and good efforts at showing compliance, are just another insurance policy that companies can (and often should) "buy" to protect themselves and their shareholders. Not doing so can result in angry shareholders that replace management too...

And, of course, privacy rests firmly on security, which is still too often a nodded at example of vaporware.


Dan S. wrote:

"As far as (4) goes, let's not forget the history of board games... The treasury Dept did get their wrist slapped for that one though."

I'm afraid I did forget, and whatever you're alluding to sounds intriguing. Can you fill in the blanks?


I'm scratching my head over the name of the game company... I'll have too look it up. Getting old and all that.

Darn, looks like that books is on permaloan too.

Let's see, Austin game company, I think. They did Car Wars. Had a game about computer hacking, Hacker Wars or something. Treasury Department thought it was a hacker bulletin board due to all the chatter on the company BBS about the game, so they raided and impounded all kinds of stuff. Thing sat in the courts for a while, then Treasury was told they screwed up, slapped on the wrist, told to return the computers (long obsolete, by this point), etc.

Steven Levy has a chapter in "Hackers" on it. That's the missing book I mention.

Steve Jackson Games! (Have to come at these things sideways. If I sneak up on them sometimes I remember the names...)

So, while this wasn't an online game, per se, it was analogous in the sense that it's what evolved (collectively) into online games not too much later.


As for the tensions between marketing and privacy (and for that matter between marketing and civil liberties in general), I would say the world to watch is There.

Bruce Boston can probably give a more up-to-date report on this, but when I talked to There management early this year, one of the things they were most excited about was the prospect of selling their world to corporate partners as a sort of hi-rez fantasy marketing lab -- in which Nike or Levi's, say, could release virtual prototypes and, using There's meticulous back-end database, track consumer response at levels of detail difficult to attain in the real world. Presumably only aggregate information would be revealed, but in the long run marketing pressures might be expected to whittle the definition of "aggregate" down as close to "personal" as possible.

A related tension in There is between marketing and speech rights. Nike, for instance, has a little shop in There, located very centrally by special arrangement with There, Inc. So what if I, as an individual citizen, post a sign in front of that store protesting Nike's business practices? There doesn't as a rule censor political speech, but would its commitment to its marketing partners in this case trump its commitment to free speech?

Finally there is tension between marketing and intellectual property rights. There's EULA may have changed, but last I checked the user cedes to There, Inc., all IP rights to any design uploaded to There (t-shirts, buggy skins, whatever). Corporate partners, though, play by different rules: a Nike swoosh inserted into There's world remains, now and forever, property of Nike. Meaning that in There, not only are corporations virtual persons in the traditional legal sense, but they're virtual persons with more rights than, uh, actual virtual persons.

Looming behind all these tensions, of course, is the basic, defining problem of virtual-world governance: How to ensure fairness for all participants when only one of them, whose interests may or may not coincide with the others', has his finger on the on/off switch?

LambdaMOO, famously, took things as far as they could go in the direction of eliminating the power of the switch-holder before it finally ran up against the impossibility of the project.

And if any v-world takes things as far as they can go in the opposite direction, I suspect it'll be There.


Hi Julian,

I think you are correct in maybe suggesting that There will not only have to address these questions once, but over and over again over the upcoming years. I think this is the same challenge that most media companies face, from the NY Times to my local cable company, there are rules and market protocols that must be followed to keep consumers coming back.

As far as privacy goes, our product is very consumer centric, Nike, Levi’s and others may be marketing partners, but I highly doubt that they will never pay the bills. The way our business plan is set-up this revenue is just icing on the cake, and without the consumer we’ll be out of business in no time flat.

Nike or Levi's do get special privileges, which a few members do complain about, but many other members seem to enjoy. As well as the shops that both companies have, Nike just came out with a couple of pairs of running shoes that allow you to run faster than any other shoes. Levi’s has been using a high-resolution graphics for their Jeans, something we currently wouldn’t allow a member to submit for their own clothing. In the end, we do have to think through a number of issues all the time and make sure that in the end more members are happy with the decision than upset.

In the case of the shops, they are in a ‘no-drop’ zone so someone couldn’t put a sign directly in front of the Nike shop or any other of the shops in that area. At the same time, I think when members are paying 8k-12k Therebucks for a sign (US$4-6), they expect a fairly high level of freedom to speak their mind at that price.

In the case of member submitted items, the basic language is as follows:
‘You hereby grant to Company a perpetual, irrevocable, royalty free, worldwide license to use, publicly display, distribute, modify and otherwise fully exploit any Content that you submit to Company for any purpose necessary or relating to the Company's services.’
There is also plenty of additional language that is written by our lawyers, but I think our main concern is that we can use the submitted items within the virtual world and in the real world to promote our product.

“How to ensure fairness for all participants when only one of them, whose interests may or may not coincide with the others', has his finger on the on/off switch?”

There is very unique in that members not only get to vote with their feet, but also with their wallets. You can bet that any small change that upsets the public quickly shows up in my economic reports, and that puts members very much in control of the progressive development of almost anything that has or may be developed.

Even inside the company, we are all very excited to see what sort of systems unfold in the future as we continue to discuss these issues with our members on a day-to-day basis.


The case is the one about Steve Jackson Games, and it's documented pretty exhaustively in Bruce Sterling's "The Hacker Crackdown," which is available for free download on the Net.


The Steve Jackson Games case was seminal, and a nice simple retrospective is provided by the EFF at http://www.eff.org/effector/HTML/effect13.02.html

Since then things have changed significantly, and the ECPA and Wiretap Acts change the Federal governmental access (and some other parties) access to privately collected communications. The ECPA is particularly significant in this context, since the exchanges between avatar-typists will probably fit within the definition of stored communications which are heavily regulated by the ECPA.

And then there are Federal obligations on the sectorial bases outlined by Dan Scheltema (HIPAA for health data, GLB for financial data -- almost certainly neither will apply to the majority of VWs) . Layered on this you have the individual state obligations.

Of course privacy regulation is jurisdictionally specific, and (virtual) life in Europe is very different. The EC Directive proscribes the collection, manipulation, and transmission of personally identifying information of citizens/subjects of EU member states. This may give US providers and advantage over their European counterparts, but it might equally provide a compelling reason to play on European shards. Time will tell.

My (untutored) sense is that VW developers have mostly ignored the implications of privacy law. But they won't be able to for long..


First I want to thank you all for taking interest in my project.

Also, I want you all to perhaps think of the following scenario: The “gods” do not share the information with others – nor do they try and connect the virtual identities to the real ones. Nevertheless, they still can gain from their omnipresence and constant surveillance of the virtual identities. Here are some ideas:
(1) The “gods” provide specially tailored ads to every player (Adaboy strikes back?) – thus taking the practices of DoubleClick to another level. Here we have to think what the possible detriments are: providing advertisers with greater powers of persuasion? Being put in a “virtual Skinner box”? Having others decide for you what you should consume?

(2) The “gods” use the information they collect and data mining analysis (data mining is a personal favorite of mine, and the main theme in my dissertation) to provide different goods to different players at different prices. These goods could be game related (different playing plans) or non-game related.

What do you think? Am I too pessimistic here? I was wondering if you think the commercial entities will have the ability to muscle their way into the virtual worlds - perhaps by providing 2 pricing schemes for every game - one that will be "ad free" and the other with ads. Since it is clear that we all have a myopia problem when it comes to privacy rights - such a strategy should be fruitful for commercial entities.


Greg --

>>So you're saying the military police somehow got the subscriber identities and log-on locations from the game company? I assume they would need to use a subpoena proccess?

: Ofcouse, our korean information security act bans the leaking of personal information in general, so the police need a kind of subpoena to get some one's ID.

While, the locative information like IP adress
doesn't fall under the law. therefore, the police often ask the gaming company for the IP adress the suspect last logged on.

>> And with the mother/son -- you're saying the game company fed the son freebies to keep him at the baang?

: Right, I am told directly from a gaming company staff. Although, that case is exceptional...


Unggi --

As always -- thanks!

That's interesting that an IP address isn't covered by your act... While I've done some work in comparatively law, mostly I've focused on Eastern Europe and Soviet systems. I know next to nothing about Korea.

Dan and I really ought to pay a visit some day. :-)


Following up on Greg's comment: Unggi, when is a good time for me to come to Seoul to see you? Seriously, I'll send you an email message to follow up (assuming your email address is real). You're living in the most amazing place in the virtual worlds, and we seriously need to follow up on all your amazing revelations.

The comments to this entry are closed.