Explaining Myself Through Mini Metro: Making Lots of Connections

I’ve always been a fan of the minimalist art style. As an art style and a category of interior design, it gets a lot of adjectives like “clean,” “crisp,” “pure,” “uncluttered,” and “bright.” I’d have to agree that Mini Metro is a game with a minimalist art style. But the aesthetic isn’t the only thing that appeals to me. The game mechanic is about connecting: making a metro system that is as efficient as possible as a city places ever-increasing demands on the network.

I love the concept of connection. I love to connect ideas and words, and I have spent most of my life studying and forming such connections. Careful, structured explanations of connection and disconnection are at the heart of the practices of both philosophy and law. Like most humans, I also cherish my close connections with others. At every level, and in every sense, connection thrills and amazes me.
Mini Metro is a game that is a design model for making connections— So it’s fitting that I use it as a model to connect the areas of law in which I am interested.

The railway network itself is the telecommunications infrastructure. The people that travel on the network are the entertainment content of the digital age: text, pictures, audio, movies, games—almost all of it subject to copyright law. The signage around train stations tells people about the places: it helps people make choices based on comparative information. I admit this is the biggest stretch in the analogy, but I’m comparing that to trademarks because of the informative function that aims to dispel confusion. And of course, there are safety concerns around all public transportation. Cybersecurity, by and large, is the safety structure for the internet: it is the area of law that tries to get everyone to navigate the system without tragic injury. And just as trains are regulated, this digital structure enjoys some oversight by the FCC (in the form of general regulatory rules) and FTC (in the form of consumer protection enforcement).

One of my favourite moments in Mini Metro is when a station appears on a line I have already built. I don’t really know if this is just the RNG-gods smiling down upon me, or if there is a definite structure and these moments are signs that I have designed optimally. In the effort to connect law and technology, sometimes a new device or idea appears that can force a re-drawing of the legal lines. Part of me wants to think that a law can be created with the future in sight, but the speed and direction of technological developments are so amazing that I don’t know if policy design can do better than hope for luck.

Mini Metro can be used to explain how my areas of interest relate to one another. It can also explain why I love these things, too. In the abstract, the game is about making it possible for people to go places. It is about how large-scale design decisions affect humble individuals. Technology and law are connected to each other—and both are connected to individual lives and to society, generally. The magic of connection is that it makes each individual node matter to the other nodes with which it connects. A single idea, or law, or device, or person—nothing is all that interesting, meaningful, or exciting until it is connected to other things in the world. Then both the connector and the connected affect and transform one another as they interact. In this way, the relationship between law and technology is like a relationship between people. Whether they are friends or enemies, they will shape each other because they are connected.

 

I never said I was super good at the game. But it's still fun.

Just trying to help the Parisians get through the day.

Advertisements

Keep Data Secret, Keep Data Safe.

Privacy and Security are two different words, so it is reasonable to ask if there is a difference between “Data privacy” and “Data Security.” The terms seem to be used interchangeably a lot, but I think there is a difference that affects how we think about the issues and that guides how we approach solutions to protecting information.

The standard industry analysis is that Data Security is “confidentiality, integrity, and availability,” while Data Privacy is about the “appropriate use” of the data (I think this is better understood as asking “are only the right people seeing the data?”).

If you’ve seen the movie (and you should have), you remember this moment:

When Gandalf leaves Frodo with the One Ring, he admonishes him: “Keep it Secret. Keep it Safe.” Is this one instruction, or two? Are safety and security of a thing the same thing, or two different dimensions of protection?

  1. Secrecy as Privacy.

One of the most interesting discussions I had in law school began with a professor asking “What good is Privacy?” Some academics and jurists, like Judge Posner, have challenged privacy as inefficient; it is the right of criminals to hide their activities and avoid detection or evade conviction by concealing evidence. Advocates of this position assert that non-criminals do not need privacy, while privacy greatly advances the efforts of criminals.

However, privacy is also how we keep information away from criminals. In the digital world, information is everything, so keeping information away from criminals prevents harm. While non-criminals might not fear other non-criminals accessing financial information, certainly they would not want criminals to have the tools to access their bank accounts.

Privacy is an element of security, but it is not the same thing as security. One of the best ways to keep a secret is for people to not know you have a secret; people don’t rob vaults they don’t know exist. However, you wouldn’t leave your valuables unguarded and rely solely on the hope that no one ever finds out about them. Security is always a prudent consideration. (Though there might be interesting strategic choices in minimizing security to maximize secrecy…)

  1. Safety as Security.

I thought it was a little odd that the US government considers “integrity” one of three prongs of data security. “Confidentiality” makes sense (see the point on secrecy), and “availability” is an often over-looked part of security. Your money would be very safe if you shot your life savings into space, but that’s the kind of security plan we might call “not thought through to step two.” But why would the reliability and accuracy of the data be part of the security of the data? We don’t evaluate the security of a bank value on the basis of whether the currency it protects is undermined by inflation or monetary policy decisions.

I think this prong shows one of the dissimilarities between physical security and cybersecurity. We are rarely concerned about the sabotage of physical things we protect, just as we are not often concerned about physical objects being copied (as data can be copied). Data is subject to minor alterations that can corrupt it to render it unreadable or unsafe to use. In some cases, the fact of the data being shared might render the data less valuable (particularly for military intelligence).

  1. So, Gandalf has a pretty good privacy policy. By keeping a Ring secret, it is easier to keep safe; by recognizing the difference between safety and secrecy, he is able to give Frodo a more robust policy to guard the fate of Middle Earth.

Of course, if Gollum yelps out “SHIRE! BAGGINS!” the data will be compromised and new measures and methods will become necessary… But “The Fellowship of Data Protection” is a blog post for another day.

Child[ren] of Light [in Fiber Optic Cables]: Battling the Monster of Data Vulnerability

I. Like so many other gamers, I usually have some complaints about a game- some buggy feature in the UI, some design choice that manages to annoy me throughout the entire game, repetitive  music that grates on my nerves, etc. It doesn’t mean the game is bad, but just that I see some room for improvement. I don’t know how I would improve Child of Light. It has a wonderful story, beautiful art, fun and interesting combat, characters I can care about, and not much else. I think that was one of the strongest points of the game—its leanness. The developers did not burden the game with extra fluff; they edified the game down to what was essential, and worked to make that as excellent as they could. The only thing that I didn’t love about the game was that I had to play it through Uplay (after buying and installing it through Steam). The absurdity and frustration of one game distribution platform directing me to another game distribution platform occupied my mind as I played the opening levels of Child of Light. As I played a coming-of-age tale about a loss of innocence and the fight to defend oneself and loved ones in a hostile world, I saw the obvious comparison to the coming-of-age of cyberspace, and the fight to defend data and identity in a hostile world. The first point I thought of was how efforts to protect against piracy are often misguided, but I then thought about data protection more generally.

II. The young protagonist, Aurora, grows through her battles in a dangerous world. Coming-of-age stories are about the loss of protection and the discovery of vulnerability in a dangerous and unforgiving world. The internet has had its own coming-of-age progress. It is grown from a nascent state of limited, careful users who protected and cared for it to being used by billions of people every day, with billions of dollars spent maintaining and attempting to control or harness it in one way or another. From businesses who use the internet to conduct business, to businesses whose business is conducting internet through cables and wireless transmissions, to government agencies to anarchist hackers, everyone wants to govern the data of the internet.

III. So, in response to the rising threat of hackers and errors, passwords and encryption became ubiquitous. But despite putting a deadbolt on the door, the data frequently seeps through cracks at the hinges or under a window left slightly ajar. Think about the ways our “data” escapes our control:

– Large-scale Database hacks (PlayStation Network, HomeDepot, Target, AT&T, Steam, etc.)

– Private, small hacks (phishing scams, ATM card readers, discarded paper mail, keylogging)

– Third party purchases of data.

-We carelessly or inadvertently publish our own data without realizing it, or thinking about the consequences.

We don’t hear about a lot of people losing their data because of weak personal  passwords. In the 80s and 90s (and sometimes beyond), most films that depicted some kind of cybersecurity breach showed someone sneaking into a researched area and guessing (or using a previously obtained) a password.  I have a constant background fear for my data, but not because I think someone might guess one of my passwords. It’s because my data is already out there, entrusted to dozens of companies.

IV. In Child of Light, combat allows for either physical or magical attacks. Each character has corresponding defensive stats for each kind of attack: physical resistance and magical resistance (nothing new for the RPG genre); high physical resistances do nothing to protect against magical attacks. In the same way, my setting an extremely strong, 28-character login for my laptop does not protect my credit card information from getting stolen from the servers of Steam or AT&T or AcmeCorp. (Hopefully, their hash functions do!)

As we come of age, we learn to lock doors to houses and cars, and exercise basic, sound judgment about safety in public. People need to become educated about cybersecurity. Everyone, from the most average consumer purchasing on Amazon, to network and IT administrators of large corporations and government offices, needs to think about what the real threats are and what measures are helpful and productive in protecting data. Given the way data has been compromised in the last two years, I am inclined to think that monthly password changes with the usual set of enormously restrictive requirements is not always the best or most pertinent protection.