VWs as Panopticon

 Posted by (Visited 6699 times)  Game talk  Tagged with:
Mar 222009
 

Josh Fairfield on privacy in virtual worlds — a must read.

  6 Responses to “VWs as Panopticon”

  1. Meh…. kinda surprised that this is what passes for publishable material at Yale these days.

    I think the main problem with this piece is that it assumes that virtual worlds are some kind of public/open space in the same way that, say, a municipal city is. And while the two may look similar on the surface (public streets and plazas and meeting areas, private ‘houses’ and ‘rooms’ and etc), I think that using one as an analogy for the other is a bit off, at least when we’re talking about what is and is not a reasonable expectation of privacy.

    From my perspective, virtual worlds are more similar to, say, a Disneyland – a place that is constructed to be a facsimile (and maybe an incredibly accurate one at that!) of a traditional real world place, but one that is owned entirely by a private corporation, and at which we act as guests when we visit, and therefore we act without any expectation of privacy outside of, say, the restrooms.

    When I log on to Second Life, or Metaplace, or World of Warcraft, or whatever virtual world or playground you think of, I have the reasonable expectation (especially when almost everything is happening server-side) that nothing is actually private from the server admins. The very architecture of most virtual worlds – in my mind, at least – makes any presumption of privacy a fallacious one – the server *must* (if only for a short time) store what is going on, what I’m saying, where I am, etc, so that I can interact with others. If I say or do anything that I shouldn’t, I’m not thinking that I’m safe because I’m doing it secretly or in private (what is secret or private from the machine that facilitates what you’re doing?); I’m instead relying on the idea that there’s too much going on for someone to be monitoring exactly what I’m doing right then, or that anyone will really care about what little thing I’m doing. In this, the concept of the panopticon is definitely relevant, inasmuch as it has failed (the panopticon doesn’t allow one guard to constantly watch all prisoners, as the article seems to suggest; it gives him the ability to watch any one prisoner at any point in time, with the hope being that prisoners will behave because of the *chance* that they might be seen misbehaving).

    I think that when we are talking in legal terms, which I would expect we would be when looking at the Yale Law Journal, it would be more conducive to talk about what those who own virtual worlds are and are not required to hand over to government agencies when asked. I don’t have any more of an expectation of privacy (at least from the system running a VW) when I’m in my house in Second Life than walking around some big public lot; and I think this is reasonable as well. The question that seems more important, I think, is whether I have any reasonable expectation of privacy inasmuch as it’s none of the government’s business whether or not I’m playing in a virtual world to begin with.

  2. @charles: If you have a safety deposit box at a local bank, are you expecting privacy when in the vault in the sense that any camera view is not publishable?

    A reasonable expectation of privacy might not be freedom from surveillance but freedom from use of surveilled data outside of the contracted service within which the surveillance is performed as part of the terms and conditions of the contract.

  3. Sorry, Charles, that’s just plain not true. Disneyland can’t record your conversations with the people next to you and store them and then access them whenever they want. Yet VWs effectively do exactly that with no regulation. The issue isn’t that you’re being monitored, it’s that you’re being logged and that those logs have no real legal restrictions on their access. And that’s why the paper talks about privacy with regard to logging and the disemination thereof, and not with regard to the system monitoring you.

    And there absolutely is an implied level of privacy when you /tell someone; you’re using a system that rather explicitly exists to prevent other people from being able to read what you’re saying to that person. It seems pretty obvious to me that this should be just as protected as a phone conversation, which also requires transmission through a service provider in a similarly abusable fashion. But there are laws against the phone provider listening in on your phone calls, and none whatsoever about the VW provider listening in on your /tells. They’re not functionally different on a conceptual level, they shouldn’t be treated differently by law either.

    Removing access to all of these things in no way impacts the service either. In no way are logs of your chats or activities required to make things run properly.

  4. In no way are logs of your chats or activities required to make things run properly.

    I’d argue that they need those chats to stop people from griefing according to the Terms of service.

  5. I have read only the summary but, in my opinion, privacy whether it is inside a virtual or the real world can only be an expectation. And that laws come in to guarantee (to a certain extent) this expectation is something that you would expect/want.

    The only big differences between both worlds are
    * in a virtual world someone can record noiselessly (which can also be expressed as recording is cheaper)
    * the host company is a privileged recording actor

    I would agree though that privacy is more expected in real world than virtual world for lots of people. (And that people might behave differently due to that.) But for me it’s only a consequence of the law restricting recording and the recording technologies being expensive for the real world.

    My biggest question would be more : is there a reasonable way to introduce a regulation (through laws) in virtual worlds? We already have issues with the real world regulations. Can you just imagine regulating worlds that could pop up everyday with different characteristics?

    I am not saying that virtual worlds should not be regulated but that between saying that they should be and actually doing it, there is a huge step to make.

  6. @len: I agree with your safety-deposit box point, which I attempted to somewhat address at the end of my original post (whether or not it should be any business of the government to know that I’m in a VW in the first place, and by this I also would include the ‘actions’ that I do while in it as well). I’ve got no problem with my bank keeping recordings and logs of who is accessing its vault (in fact, I think this is a good thing since it makes identification of anyone who would rob it easier), though I don’t really want anyone but the bank to have access to those logs. I wish I had been a bit more clear on my point there, but you’re right to point that out, definitely.

    @Eolirin: any analogy is going to be a bit crude, and my Disneyland analogy was no exception. That said, the article explicitly made its own analogy to a private residence and a public street corner, which I think is far more off base than my own analogy. The very medium through which we experience virtual worlds, and which allows virtual worlds to exist in the first place, would seem to dictate that you really have no more of an expectation of privacy in ‘private house’ with only your buddy there than you would a public room in which you and a buddy are the only ones present. The actual interaction may appear different on our computer monitors, but it’s actually taking place off in whatever server is hosting the VW in the first place. Maybe your conversation is 2 sectors over in a hard-drive, but that’s getting into extreme minutiae that I don’t think is that important to the main point.

    Is there an expectation of privacy when you /tell someone? To the extent that you expect it to go only to the person you /tell, sure. But again, the medium of communication here (through a VW hosted on a 3rd party server) means we’re talking a different classification of communication from calling someone on the phone, or even having a direct peer-to-peer connection between two computers. These things may not be different on a conceptual level, as you say, but they ARE different on a technical and functional level. Since the standard for privacy that we’re dealing with is what constitutes a ‘reasonable expectation’ of it, I think that these differences are important, because to me what is and is not reasonable depends in part on the architecture of the system I’m using in the first place. In any case, I think that it is far from being a cut-and-dry issue.

    In general, I agree with you that the use and dissemination of logs could use (indeed, perhaps even needs) some overarching framework that itself could help us determine what is and is not a reasonable expectation of privacy. Lacking that framework, however, and recognizing that the architecture of the system that runs most VWs requires it to know what you are doing in it at all time (and knowing that most keep logs of that), my expectations of privacy are considerably lower than than they are when I’m on the phone, or meeting with someone in person in the real world.

Sorry, the comment form is closed at this time.