I. Like so many other gamers, I usually have some complaints about a game- some buggy feature in the UI, some design choice that manages to annoy me throughout the entire game, repetitive music that grates on my nerves, etc. It doesn’t mean the game is bad, but just that I see some room for improvement. I don’t know how I would improve Child of Light. It has a wonderful story, beautiful art, fun and interesting combat, characters I can care about, and not much else. I think that was one of the strongest points of the game—its leanness. The developers did not burden the game with extra fluff; they edified the game down to what was essential, and worked to make that as excellent as they could. The only thing that I didn’t love about the game was that I had to play it through Uplay (after buying and installing it through Steam). The absurdity and frustration of one game distribution platform directing me to another game distribution platform occupied my mind as I played the opening levels of Child of Light. As I played a coming-of-age tale about a loss of innocence and the fight to defend oneself and loved ones in a hostile world, I saw the obvious comparison to the coming-of-age of cyberspace, and the fight to defend data and identity in a hostile world. The first point I thought of was how efforts to protect against piracy are often misguided, but I then thought about data protection more generally.
II. The young protagonist, Aurora, grows through her battles in a dangerous world. Coming-of-age stories are about the loss of protection and the discovery of vulnerability in a dangerous and unforgiving world. The internet has had its own coming-of-age progress. It is grown from a nascent state of limited, careful users who protected and cared for it to being used by billions of people every day, with billions of dollars spent maintaining and attempting to control or harness it in one way or another. From businesses who use the internet to conduct business, to businesses whose business is conducting internet through cables and wireless transmissions, to government agencies to anarchist hackers, everyone wants to govern the data of the internet.
III. So, in response to the rising threat of hackers and errors, passwords and encryption became ubiquitous. But despite putting a deadbolt on the door, the data frequently seeps through cracks at the hinges or under a window left slightly ajar. Think about the ways our “data” escapes our control:
– Large-scale Database hacks (PlayStation Network, HomeDepot, Target, AT&T, Steam, etc.)
– Private, small hacks (phishing scams, ATM card readers, discarded paper mail, keylogging)
– Third party purchases of data.
-We carelessly or inadvertently publish our own data without realizing it, or thinking about the consequences.
We don’t hear about a lot of people losing their data because of weak personal passwords. In the 80s and 90s (and sometimes beyond), most films that depicted some kind of cybersecurity breach showed someone sneaking into a researched area and guessing (or using a previously obtained) a password. I have a constant background fear for my data, but not because I think someone might guess one of my passwords. It’s because my data is already out there, entrusted to dozens of companies.
IV. In Child of Light, combat allows for either physical or magical attacks. Each character has corresponding defensive stats for each kind of attack: physical resistance and magical resistance (nothing new for the RPG genre); high physical resistances do nothing to protect against magical attacks. In the same way, my setting an extremely strong, 28-character login for my laptop does not protect my credit card information from getting stolen from the servers of Steam or AT&T or AcmeCorp. (Hopefully, their hash functions do!)
As we come of age, we learn to lock doors to houses and cars, and exercise basic, sound judgment about safety in public. People need to become educated about cybersecurity. Everyone, from the most average consumer purchasing on Amazon, to network and IT administrators of large corporations and government offices, needs to think about what the real threats are and what measures are helpful and productive in protecting data. Given the way data has been compromised in the last two years, I am inclined to think that monthly password changes with the usual set of enormously restrictive requirements is not always the best or most pertinent protection.