The Race for Data: Consumer Privacy in a Red Shell

Mario Kart hasn’t outsold the standard Mario formula, but it has been the most successful adaptation of the characters. The lack of multiplayer wasn’t a big deal for games on the original 80’s Nintendo Entertainment System; just running to the right and jumping on boxes was good enough. As demand for multiplayer games grew, Mario Kart proved to be one of Nintendo’s best ideas. Racing games don’t need a lot of explanation, and getting to steer your favorite characters to the finish line made for hours of fun for family game night, birthday parties, and college dorms. Nintendo also made their fun additions to their racing game easy to understand: banana peels make your opponents lose control and crash, mushrooms provide a speed boost to help you catch up (especially useful after a crash), and getting hit by a turtle shell the size of your cart is never good. The weaponized shells come in a few colors, but the red shell was particularly powerful because it follows its targets movements, making it nearly impossible to dodge.

So, when the minds of marketing, data science, and software development came together to create a way to track gameplay data and correlate it to advertising for each unique player, a popular video game weapon that followed a target seemed like a good fit for the name of the product. Maybe a representative from customer relations or ethics would have raised a concern about naming a product after something aggressive and destructive. That kind of name raises a red flag for some people—and  it raises two red flags if it also shares the name with a known malicious virus. Unfortunately, it fell to the players to explain that secretly targeting customers to collect data is an unpopular choice.

 

Red Shell Discovered

Earlier this year, a few Steam users discovered a tracking program hidden inside some game software. The tracking program was called Red Shell. I have not found any indication that users were informed (at least explicitly) of the presence of this tracking software within the games that consumers purchased, downloaded, and installed. The stated purpose of Red Shell is to track user data that can be matched with marketing data to optimize marketing strategies. Despite the fact that the data collected from a user is called a “fingerprint,” developer Innervate is on record as believing that the clandestine program that does not allow opt-in (or even opt-out) decisions is GDPR compliant because it does not collect personally identifying information- just a broad mass of data associated with a user.

Software companies got a different kind of marketing feedback as outraged customers spoke out on forums and social media, attacked games with negative reviews, and called for boycotts against the offending games. I did not find any evidence that Red Shell is harmful or pernicious in any way, and most users seem to agree with that assessment. But actual, or even potential, harm does not seem to be the problem. Rather, the issue seems to be that the customers feel betrayed, deceived, and… well… played.

 

Lessons from the Wreckage

In Mario Kart, red shells cause your opponents to crash. In June of this year, the program Red Shell caused player trust to crash. Red Shell may be GDPR compliant, but the scandal now serves as an example of why mere technical compliance is not always enough.

I think Red Shell would have enjoyed reasonable success if players were given the choice to opt-in. Other companies use clear, voluntary methods to collect data from users—from surveys to system scans. I understand the appeal of “having all of the data,” and the appeal of letting computers do the bulk of the gathering and processing automatically. The efficiency and scale would be hard to match – computers often outperform humans in efficiency, speed, and scale. But computers don’t understand the values of trust, preferences, and autonomy.

Innervate lost sight of the real, ultimate reason for gathering player data in the first place: improve a developer’s bottom line through a better understanding of the player. By failing to connect empathy with the notion of “understanding,” they overlooked what they were losing in exchange for the increased efficiency and scale of their product. The effort to understand brand loyalty undermined the trust and loyalty to the brand. Data that is properly collected and carefully understood in the right context can be a powerful tool for better products and better service. But taking a shortcut around your goals to try to achieve them is just driving faster with no sense of direction.

 

Red Shell Takeaways:

ALWAYS remember that data is not an end in itself- think about WHY you want data.

Other things matter besides the data you think you need- consider the competing values.

Consider ways to get data that don’t interfere with other goals. Consider ways to get to your goals that don’t rely on the data you are chasing.

Don’t lose sight of your larger goals/objectives during your search for data; don’t let your race for data undermine your quest for success.

 

 

 

 

Advertisements

Capitol Records, LLC v. ReDigi, Inc.: No Re-Selling Digital Material

While this case will probably never be considered a landmark case in copyright law, it typifies, for me, the kinds of new issues that arise in IP law as the world changes. It seems that an online store (“ReDigi”) attempted to sell used digital material (e.g., iTunes purchases that the purchaser no longer wanted to hear or see). A judge in the Southern District of New York ruled (last week) that this particular store, ReDigi, was a “clearinghouse for copyright infringement.”

I recently wrote about digital property, mostly with Steam’s store and service in mind. The upshot was that I worry about how much money I can invest into things I don’t “own” (in the sense that we are used to). Let me explain this further: most of the time, when we buy digital property, we actually buy a license to use the property, not the property itself. This is why it is coherent to courts to treat a physical object so differently from a digital one- the legal relationship the “owner” has with each is in a completely different category. This is what raises concerns for me- that my legal relationship with my digital property is different from my ownership over my physical property. Much of my concern is related to my assertion that more and more of our “property” will be digital in the future. As our property interests migrate to a digital world, it is deeply troubling to think that we would have a weaker grasp on our interests in the future.

Of course, the marketplace itself (independent of legal conceptions of ownership or license-ship) determines a great deal of this. After all, it is up to the record companies, development studios and distribution services to choose how to write their Terms of Use agreements. If these decision-makers become convinced that it is in their better economic interest to give a type of ownership that allows resale (and other aspects of physical property ownership) rather than the weaker licensing that many currently sell, the law need not budge on the issue of digital copyright. At least in theory, the law only identifies the correct situation, sorts it into the appropriate category, and applies the prescribed consequences. (The extent to which that is true is a subject of enormous debate, as you can imagine.) If the marketplace writes its contracts of sale in a way amicable to notions of property ownership for a world of digital property, the law need only enforce the appropriate contracts.

There is another sort of law, besides the law of the courthouse and the law of the marketplace, that bears on this subject. That is the law of the programing language itself. Part of the reason ReDigi  was decided to be infringement was that the transfer of the digital property was really a movement of a copy, not of the file itself. More abstractly, the issue the court takes with digital ownership is that digital objects do not behave like physical objects, especially for the reasons we suppose we have based our laws of ownership upon. Yet digital objects only behave in accordance with the programing language that describes them and the actions we may perform upon them. We have control over the digital landscape in which these objects exist, and we can decide (at least to a very large degree) how they behave and how we can (and cannot) interact with them.

In summary, I posit that changes in the marketplace and in programing standard practices can help consumers have more satisfying legal relationships with their digital property. The fact that these changes are available makes it all the less likely that the law will step in and protect consumers in this area (until or unless the abuse becomes excessively wanton).

Note 1: The structure of this approach, with a law of courthouse, marketplace, and programing code, is adopted from Lawrence Lessig’s “Code and Other Laws of Cyberspace” and “Code 2.0”

Note 2: The ReDigi ruling came out last week, but I was swamped with some time-consuming law school assignments and so couldn’t write this analysis sooner.

Ownership of Digital Material: I own it, so why don’t I have it?

This topic has been well-addressed by a lot of games journalists. The 4th-to-last panel in this comic summarizes the perspectives of many: http://www.escapistmagazine.com/articles/view/comics/critical-miss/8674-God-Emperor-of-Steam-Epilogue

Usually, we think owning something is having something. Even for claims to IP, which isn’t tangible, we have a unique and specific claim to the use of something. With some games, I seem to have a claim to use the software, but only at the discretion and convenience of the service; if the service is not functioning for some reason, I cannot play the game. I also cannot transfer the claim to play the game, as I could in the olden days of 2001 when we bought video games in physical format. One might argue that even buying a book was never an absolute claim over the book’s intellectual property. A copyright means that a bundle of rights are reserved for the author/artist/publisher/developer/creator/whoever owns them, and as such are off-limits to everyone else. Yet there is something different here: I could always resell my single copy of the book after I finished enjoying it. I cannot pass on the joy of a used copy of some games managed by certain species of DRM (or at least, with nowhere near the ease one might expect).

It seems that 99% of arguments about rights to own physical vs. digital objects are centered around the right to republish and redistribute (in one way or another). With only circumstantial evidence, I speculate that the overwhelming impetus behind software developers’ decisions to use digital rights management procedures and mechanisms is to curtail the economically harmful practices of the reproduction of their works.

While some may argue the business practices of EA and Blizzard are not economically sustainable, my question is about the legal sustainability of DRM: “Do practices like ‘always-online DRM’ violate fundamental legal principles of ownership?” While they seem to violate some ethical and cultural notions of ownership, they do seem legally permissible.

One of the early lessons in first year contracts in law school is that you can contract out of, or around, almost anything. If you sign (or click accept) a contract that says you agree to limited circumstances of ownership, there isn’t much of a case that you are entitled to more than your contract permits. For example, Steam’s EULA reads: “All… ownership rights … to the Software and any and all copies thereof, are owned by Valve US and/or its or its affiliates’ licensors.” (Section 2, paragraph E: Ownership). Valve owns the software; we humble peons are merely licensed to play with their toys when Steam feels ok with it.

Illegal contracts are not recognized by courts, but consent to not sell a legal videogame is not an illegal contract because neither the subject matter nor the nature of the contract violates the law. So long as the publisher includes some kind of contractual agreement that you acknowledge and accept the DRM restrictions placed on your game, it seems entirely unlikely that there is any legal recourse available to fight these restrictions.

So let’s hope these practices prove economically unfeasible very, very quickly.