Online gamers fume over information gathering BY DAVID L. WILSON Mercury News Staff Writer A computer gaming company's admission that it had copied personal information from consumers' computers via the Internet has set off howls of outrage and panic among users and civil libertarians. Experts say the incident underscores the ease with which information stored on a home computer can be vacuumed up by anyone connected to the same computer by a network. Blizzard Entertainment officials said that, under rare circumstances, the company's computers would surreptitiously reach out to take personal information from computers running the company's Starcraft game, chiefly the users' names and e-mail addresses. The company says the information was gathered to resolve a specific technical problem during a seven day period this month, was not saved, and the company has no plans to do anything like this in the future. Privacy advocates say they are appalled, but not surprised. While many gamers are enraged, a few approve of the technique, which they say was probably developed primarily to nab pirates who illegally copied the Starcraft software. Some gamers simply could not believe the news. Told of the situation by a Mercury News reporter, John R. Osmon, a business analyst with Dell Computer Corp. in Austin, let out a stunned, ``No way.'' Asked how he felt, he said, ``Violated. This is the worst invasion of privacy I can imagine.'' Blizzard, for its part, says it meant no harm, and only used the information to contact users to help them solve the problem. ``If in an effort to resolve technical support issues, we upset some of our customers, that clearly wasn't our intent, and we apologize for that,'' said Susan Wooley, the Irvine company's public relations manager. While the type of data collected was not especially sensitive, the incident illustrates how easy it is for outsiders to rummage through information stored on a computer connected to a network. These days, home computers often contain data about finances, medical treatment, and family issues, facts that in the wrong hands could destroy marriages, careers, and even lives. Many users fail to recognize how easily someone can collect such information through programs designed to probe the files of a connected machine. Encryption technologies, which can make data appear as gibberish to an outsider, could help with the problem. But U.S. restrictions on the export of powerful encryption technologies have crippled the encryption market worldwide and made it impossible for computer and software vendors to agree on a universal standard; such software must be purchased separately by most consumers. Starcraft is a realtime strategy game set in outer space and played on desktop computers. Like many of today's games, it offers players the option of going head to head against opponents via a computer network. Many play on informal gaming networks. But a popular way for users to play is via Blizzard's Web site, Battle.net. It was at this site that the company programmed its computers to retrieve information from some gamers, after a few users had problms logging into the system. As does much of the software shipped today, Starcraft comes with ``CD Key,'' a unique alphanumeric sequence that marks the user's copies as original. If two copies of a CD Key are in use, one of them is invalid. Shortly after Starcraft showed up on store shelves March 31, some users complained that they were getting error messages about their keys from Battle.net, to the effect that someone else was already using that key. Blizzard technicians weren't exactly sure what was going on, according to Wooley. ``We didn't know if we had some kind of manufacturing problem, or if there was something else,'' such as users of illegally copied games logging in to play, she said. So for seven days, whenever anybody had trouble logging on to Battle.net, the company scooped up information from various ``registries'' in the Windows 95 operating system. In addition to identifying information in Windows itself -- most users dutifully type in their name and corporate affiliation upon installation when the software asks for it -- Blizzard quizzed the e-mail functions of a user's Web browsing software, like Netscape Communications Corp.'s Communicator or Microsoft Corp.'s Internet Explorer. Such information identifies the user and provides an e-mail address. Wooley insists that the system was not set up to detect or deter piracy, but to discover exactly why people were having the problem, and to give the company a way to immediately contact users who were having difficulties. ``We viewed it as a technical support issue,'' she said. The data showed that, while piracy was indeed part of the problem, completely innocent users could also get hung up if someone had simply purchased a CD, played with it, and returned it to a store, where it got a fresh coat of shrink wrap and was resold to an unsuspecting consumer. The controversy has clouded the future of what was expected to be one of the best selling titles of the year. Blizzard has already shipped 600,000 copies of the game to U.S. stores, and another 400,000 to other countries. In the first week of April, Blizzard says it was best selling piece of software on the planet. Many gamers say they were shocked when they heard the news about the information gathering. ``This seems very Big Brotherish,'' said Kelly McCollum, a gamer in Washington, D.C. ``I'm really surprised that they would do something like that. They have such a good reputation.'' Most seemed pleased that the company had apologized. ``Well, that's good at least,'' said Mikael Klasson, a Swedish programmer, during an interview via the Internet. ``Although they shouldn't have done it in the first place. I really don't think there's an excuse for it.'' Similar incidents have arisen in recent years, with some computer ``shareware'' informing its creators via the Internet if a user never pays for it. Microsoft was savaged when users discovered that very early versions Windows 95 sent portions of the registry to company computers to aid in diagnostics. But this latest incident may be the most widespread of its type by a mainstream company ever discovered. Some critics say it was the implementation of the policy that's troublesome. ``Let's assume that the only information transmitted is just essential to solve this problem. The sin is in not disclosing this up front to users.'' said Robert Ellis Smith, publisher of Privacy Journal, a monthly newsletter on technology and its impact on peoples' privacy. ``The remedy is full disclosure.'' But others warned that the brave new world on the horizon will be riddled with such hazards. ``I think this is going to serve as a warning to a lot of people who have sensitive material on the computer, because it's really open to invasion by a lot of possible players,'' said Barry Steinhardt, president of the Electronic Frontier Foundation. ``Many people overestimate the amount of privacy they have on a computer. In some ways, this kind of trespass is extraordinary, but the truth is, we should not be surprised.''
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:07:45 PDT