EA's 'Invasion of Privacy' Policy

Justus writes "Gamers with Jobs has posted an article covering EA's privacy policy for Xbox Live users. In a nutshell, by using an EA game over Xbox Live, you are automatically creating an 'EA Online' account and granting Electronic Arts the ability to collect your name, address, and credit card information, as well as a variety of demographic information about how you use their products. Not only that, they explicitly say that they may tie these demographics to your personal information — no anonymous aggregation here! When Gamers with Jobs asked EA and Microsoft about these issues, they were met with stony silence, a fact they attribute to the pending release of the new Madden game next week. Without an official comment from the companies involved, it certainly looks like EA has the most invasive privacy policy they could come up with."

It's stories like this one...

...that should make it to the front page, to enable the really important stuff to spread more quickly - it's more than about time to let the big corps know we're giving up neither on our privacy, nor our freedom.

Vote with your wallet - do _not_ buy products that fuck with your inalienable rights so badly.

Re:It's stories like this one...

How can it be an "inalienable right" if it's being taken away from you?

Inalienable does not mean it can't be taken away from you, it means it is inherent; an inalienable right is a right which is absolute, not one which is granted. I could shoot you in the face with a gun, for example, removing your inalienable right to life. It's quite a fluffy concept, one that has kept philosophers happy for quite a while. As always Wikipedia has more coverage [wikipedia.org].

Re:It's stories like this one...

I could shoot you in the face with a gun, for example, removing your inalienable right to life.

You think you can take ALL of us Mr. Vice President?

Re:It's stories like this one...

What are you fucking talking about! He's rational and calm as can be for someone who's life is about to be threatened by having his privacy and rights raped right off a fucking cliff. It's the end of civilization! The sky is falling, the sky is falling the sky is...oh wait...

Deep breath...valium...exhale...

Yeah, vote with your wallet but don't act like it's the end of the world. :)

Re:It's stories like this one...

Hear, hear!

You know, slashdot has so many readers, we ought to form a PAC for /. style issues, you know fixing IP law (can you name a movie in the public domain?), protecting privacy, withdrawing from WIPO, dismembering the DMCA, etc. Kinda like the EFF, but for convincing Congress to protect our personal information, our computers, our rights, etc. Everybody donates $20 bucks, and before you know it, we've got a couple million dollars to lobby with. You know, if freaking PETA can do it, I think the slashdot community can do it, and if we did, I bet Congress would pay attention.

Re:It's stories like this one...

Well, on a somewhat less expensive solution, you could just write your congressman / woman yourself. While everything I've ever sent to the oval office has gone into the trash, I actually did get a response back from my House rep the other day. Most people think about it as a great idea, few people actually do it. But if it's any incentive, the fewer people that do something the more weight granted to those that do. For example, when you vote, if only half the eligible voters turn out, your opinion counts for two. In the example of writing to your congressman, if only 1 per 1000 do it, your opinion counts for a 1000 people. If this post encourages 1000 people to write to Congress, I've essentially just persuaded a million people. That's real change.

If everyone that read this actually wrote a letter to congress (write to your rep, not just to congress as a whole) seeking stronger privacy laws, with a simple but well framed arguement why it's important to us, you would see real change. But we've got to make it an issue, because they are receiving letters every day about the war(s), about immigration, about the minimum wage increase. If you don't let them know it's important to you, even a strong advocate of privacy will have a hard time moving legislation through the commitees and floor. A PAC might buy us a representative or two in Congress, but it won't be enough to get people looking at the importance of the issue.

If you don't know how to get ahold of your rep, or for lack of political participation can't figure out who your rep is, visit here : www.congress.org

But be careful! I've read through their privacy policy, and it, much like EA's, is pretty invasive, including the option to sell your personal information. Still, you can use their site to figure out who you want to contact, and take matters to your own hands from there.

Best wishes /.ers,
Mike

Re:It's stories like this one...

You're absolutely right about encouraging people not to deal with companies like this if they really care that much about the issue. Bottom line is, most people don't.

It's insightful to remember the Scott McNealy [wikiquote.org] quote: "You have zero privacy. Get over it."

Easy solution

Dont buy their games

Re:Easy solution

Except educating the general public on privacy isn't an easy reason as to why they shouldn't play the latest version of Madden. There needs to be a pointed attack on EA by the media and lobbying firms for movements like this. Simply "boycot" solutions are non-solutions. Madden is probably one of the best selling games in the United States, and while I find it deplorable that an online service would take advantage of consumer confidence to literally spy on them in means for more invasive than any New York Times article about Bush. Certainly, it's a sad day for privacy as the leaders of the industry use their mass appeal to break the resistance of the people more interested in protecting the historical wall of online privacy than playing video games.

Re:Easy solution

I bet no amount of white hat education will help. What we need is a nice black-hat break-in, stealing all the collected data from EA and publishing it somewhere online. Users would learn it sucks, and EA would learn privacy violation lawsuits are costly.

Re:Easy solution

Unfortunately, that probably won't help the cause. The media will conveniently forget that that information should never have been collected in the first place, and spin it as "evil hackers steal identities", not as "company commits egregious invasion of privacy". (If you do want to steal someone's identity, BTW, you can do worse than look here [google.co.uk] for inspiration.)

As always, the best way to protect yourself is to lie through your teeth when asked for personal information and never, ever be even vaguely consistent across different requests. For instance, if you pretended to be an Albanian nun to get a NYT login, pretend to be a Portuguese sausage-maker with hobbies of sword-fighting and watch repair to get an IMDB login -- but don't mention anything ecclesiastical or Albanian.

EA's policies now public...

Glad to see they now treat their consumers like they treat their employees.

Re:EA's policies now public...

Quit

Are you sure you want to quit?

Yes

I am sorry, you have not yet completed 18 hour units of playtime, you must continue playing for another 16 hours to enable the Quit command.

Should be fully expaned on the frontpage

This article should be fully expanded on the frontpage. Why? Because it's obiously exactly what EA and MS do not want. And therefore it should be done. Just out of spite.

Looking forward to...

Looking forward to the industry that springs up when someone finds out that in the games, you can farm for other players' personal information along with weapons and magic-items.

Surprised?

Is there a single slashdotter who is in any way surprised by this? Is there anyone so naive as to believe that private companies are the best guardians of your privacy? Even the most rapid laissez faire capitalist would hesitate before declaring your valuable data safe from explotation at the hands of the private sector.

Your data is worth money. Marketers are willing to buy it. Hence, companies will be willing and eager to sell it. They don't care. They're private companies, beholden to no one except their shareholders.

If you would like to give your explicit approval to this buy buying such a game, or tacit approval by buying any other EA game, then do so. That is your right. Just don't complain when your playing habits are vomited all over the net like so many AOL search results.

NO PRIVACY EXPRESSED OR IMPLIED

Wonder when they start broadcasting "live shows" from users' webcams.

Most invasive?

Most invasive? Hyperpolize much?

Here is the privacy policy from the Safeway Club Card [safeway.com]:

SAFEWAY CLUB CARD CUSTOMER
AGREEMENT STATEMENT
We respect your privacy. Safeway does not sell or lease personally identifying information (i.e., your name, address, telephone number, and bank and credit card account numbers) to non-affiliated companies or entities. We do record information regarding the purchases made with your Safeway Club Card to help us provide you with special offers and other information. Safeway also may use this information to provide you with personally tailored coupons, offers or other information that may be provided to Safeway by other companies.

Funny, too, that TFA picked EA's policy and didn't look at any other game company. Not to mention the fact that EA is gathering information that you provide. Sound like the kind of stupid EA bashing you would get from an astroturfing competitor.

Re:Most invasive?

Not to mention the fact that EA is gathering information that you provide.

Not quite. EA is gathering information that you provide TO MICROSOFT, not to EA. Sure, you could argue that one should have read the privacy policie and all other documentation, but you know what? Who's going to go to EA's website and read that before buying a game, if at all? No, it's not the company's duty to make sure you read all the documentation, but I do believe they make that stuff longer and more difficult to read, both in terms of wording and tiny fonts that some people may have trouble with, than it needs to be to try to dissuade people from reading it which is wrong imo. My first line might make you think I'm only blaming EA in this, but just to be clear, I believe both companies are in the wrong.

Re:Most invasive?

I don't know how that safeway card works (I'm assuming that they are the super-market you are refering to...) but if it is like the tesco club cards then they are taking your data, which is tied to your name and address, but only about things which directly concern them (ie. items they have sold to you and not credit card info) AND they actually pay you for it.

Tesco gives you 1p in the £1 of all you spend with them for the data which they are taking. Some people would think that this isn't worth it, so you can just not have one and still use their products and buy from them.

It seems with EA you have to do this or not use a product which you have paid for, which is a bit bad

Taking A Big Risk

EA is certainly taking a big risk of future lawsuits with this so called privacy policy. For one thing, no one in their right mind should seek access to a customer's credit card info without a direct need for it, and the direct unambiguous consent of the customer. Why take on the risk that a breach of EA's customer database could expose the credit card info of millions of customers if you don't have to? If I'm EA, it makes more sense to let Microsoft assume that risk in Xbox Live. Not only that, the EA policy as stated may even be in violation of the privacy laws of some jurisdictions. For my part, I won't be touching any online EA games until this issue is addressed and resolved.

Unfortunate, but it is the way the cookie crumbles

Unfortunately this is the way of the world. The only way to receive discounts without paying for some sort of membership these days is agree to loose some of your privacy. Look at the company that offers the most popular FREE products in the world: GOOGLE. Don't get me wrong, I love their products to death; however everything I search is stored somewhere to bring me a more "personalized" product. It is like the Safeway "TOS" above, they are not going to give out your information or purchase data, however they will use the data they record to give you a more personalized experience. With the above being said, is it really a bad thing? You receive more free products and/or discounts for products you usually use/buy. I agree that it is a trade off; but after four years of military service I have no privacy so I really don't care.

What's the problem?

I can't see what's the problem here. If you don't like what they do, don't use their products.
You wouldn't buy a product that says "Insecure!" on the box, would you?

  -- dbg

Re:What's the problem?

You wouldn't buy a product that says "Insecure!" on the box, would you?

Not unless the box contained a 16 year old nymphomaniac with a thing for middle-aged men...

One more point for Nintendo...

I live in Buenos Aires, Argentina. I have a DS and I play online a lot. It is easy for me to find and open and unsecured hotspot in this city and when I play Mario Kart or Metroid, I dont have to input and username, password or credit card information. Online playing it's completely anonymous, fast and free, yet astounding fun.
Why can't EA learn from Nintendo?

More info on http://www.nintendowifi.com/customersupport/Suppor tHome.jsp [nintendowifi.com]

Being pedantic the assumption may be wrong.

The policy states that MS will hand over the XBox Live account information, without stating what is in those account details. It could just be a username, or geographic details, or more. The details about acquiring credit card information is in a seperate paragraph, which includes the provisios "will vary depending upon the activity and may include".

Whilst it makes sense for an ea.com account created when purchasing an on-line game to have the credit card information the policy, as I read it, doesn't really say "they are granting themselves the authority to retrieve your private credit card information and much more from Microsoft in the process." that gamerswithjobs think it does.

But hey, nothing like hyperbole to get hits!

Not surprising...

I found some very odd little registry setting installed on my computer, thought it was a worm or something, but when I looked in it, it had a list of all EA titles on my computer. The worst was that when I installed the CoD expansion pack, it tried to phone home w/o even telling me, it just went ahead and opened up a dial-up connection running as Network Service. To me, that sounds like they infiltrated my computer. Games should not (and most do not) require administrator rights to install, but EA games do. If a game requires admin rights, that's a red flag. If only CoD2 wasn't so freaking good...

This, to me, is spyware, and customer data collection needs to be conspicuously disclosed (not buried in an EULA*), and it needs to be opt-in only, by law.

* The most infuriating part is that I read the EULA for CoD/CoD2, and I didn't see anything about them collecting my data and sending it home. They didn't disclose it at all.

Re:Not surprising...

The only problem with your description is that Call of Duty games [callofduty.com] are not published by EA; they're published by Activision [activision.com]. So maybe you should be griping about them and not EA.

Uh oh

This means they're going to know I root for the Arizona Cardinals. My reputation will be ruined!

Here. If you don't like it do something.

Section 5 of the FTC Act [ftc.gov]

The Commission has also used its unfairness authority to challenge information practices that cause substantial consumer injury.

Heres an information practice that could cause substantial consumer injury. EA is collecting my address, phone number, birth date, name, credit card information - usually the only other piece of information you need to charge the card is the three digit number at the back of the card. Some websites don't even require that. If you win a prize you also get to give them your SSN!!!

Do you trust your security to a three digit number? Do you trust a giant company to not have any disgruntled employees with access to the database? And a paper and pencil to circumvent the copy restrictions on the data (if they have that even). I trust EA to publish (mostly crappy sports) games and thats all. None of the other information they collect is necessary to run EA online. The very fact that they are collecting data they do not need makes me actively distrust them. This entire implictly agreeing to hand your data over smells fishy.

See that "File a complaint" [ftc.gov] link on the top of the FTC webpage. Ten minutes. Slashdot the damn thing - I'm sure the FTC will take notice. At very least they should be able to contact Microsoft and EA and be able to change what data is collected. Seriously the best way to deal with a stupid bunch of corporate lawyers is have a government agency snarl at them.

here's the problem

madden players != slashdot readers

If you don't want to give credit card info to...

EA or M$, give it to Wal-mart [walmart.com]. You can buy and Xbox Live card...with cash...pretty much anywhere.

Guess what, /. might do it too...

I mean any site that big must be collecting statistics, e-mail addresses and what nots, and in the case of /.: opinions.

All that has a monetary value. Does /. sell that info? I honestly don't know, but it could be. Would it be THAT surprising?

As for MS and EA, i never put my credit card info in my console. XBOX Live is a great service, but i'm not about to provide my credit card account to the world on it.

Just buy a card at your local retailer and input the code in your console. That's all that's required.

BIG deal?

What's the big deal anyway? Microsoft and Electronics Arts have never done anything evil before, why shouldn't we trust them implicitly now?