August 4, 2016
Photo credit: Danny Choo
Pokémons are running amok in the digital world and children and adults alike are running amok in the real world trying to catch them: since its release in July 2016, the augmented-reality mobile game Pokémon GO has taken the world by storm. The unprecedented popularity of the game and player experiences have raised safety and privacy concerns however, leading many to question whether or not policymakers should now regulate augmented-reality games such as Pokémon GO.
Pokémon GO is a free-to-play, location-based game in which the player aims to catch, battle and train virtual creatures called Pokémon which are superimposed on the player’s physical environment through GPS technology and device cameras. The game was released to overwhelming success, having taken over other popular apps such as Twitter, Tinder and Snap Chat in daily usage, and adding billions of dollars in stock value to its parent company Nintendo. This very mania for the game has led, however, to daily reports of frenzied players having run-ins with the law and sustaining injuries-and even death-in the course of play. This, and the fact that augmented-reality games have now become a reality suggest possible long-term policy implications of the phenomenon, and the potential need for regulation.
The issues raised by Pokémon GO can be broadly categorized into concerns about safety and privacy. Safety concerns arise through the game’s usage, and include the countless stories of players injuring themselves and others through distracted walking or driving, of armed robbers luring players to secluded spots, and of a registered sex offender playing the game with a child. This raises an interesting question: is a digital platform responsible for accidents or injuries caused to users through distracted, irresponsible or unethical use? It is difficult to argue yes. Moreover, in this particular case, the game’s developer, Niantic Inc., has absolved itself of liability on this head by committing users to safe and responsible play in its Terms of Service.
However, even if game developers cannot– and perhaps should not–be held responsible for user behavior, there are still steps that they can take to ensure public safety. Niantic already has in place stringent registration steps for children. It can take other measures, however, to prevent the targeting of not only children but also adults, such as by monitoring more closely, for example, the locations players are lured to, which it has so far failed to do.
The privacy concerns raised by the game arise chiefly due to its location-based nature. First, Pokémon GO, like other augmented-reality games, calls for a reconceptualization of the relationship between physical and digital space. In the game, certain real-world locations are designated ‘Pokéstops’ and ‘gyms’, which see a digital proliferation of Pokémons, thereby attracting hordes of players. Usually, these ‘gyms’ are created at public spaces, but there have been cases where the location of a ‘gym’ turns out to be a private property. This raises another interesting policy question: do you own the digital as well as the physical space within the parameters of your private property? Moreover, do game developers have a right to place digital overlays wherever they wish, even in private spaces? Although Niantic explicitly discourages people from trespassing on private property, it may be argued that the creation of certain ‘gyms’ nevertheless indicates possible negligence in determining the game’s locations.
The question becomes even more interesting in the case of public or government-owned property. Does Niantic have a responsibility, either in the name of privacy or public safety, to prevent its users from trespassing onto restricted spaces such as nuclear or power plants, as some have been caught doing? What about places of national security? In these cases, the government-as-owner may be able to enforce certain ‘rules of conduct’, but what about other public spaces where it is not? The Holocaust Memorial Museum and the Arlington Cemetery in Washington D.C., for instance, issued statements that while it may be legal to catch Pokémons on their premises, it is in poor taste, and could only request visitors to refrain from playing at these locations. In a show of support, some lawmakers have urged Niantic to disable the game at these and other sensitive locations. In a post-Pokémon GO world, is there then need to develop policies to regulate digital as well as physical space? It would seem that there is, since the game’s developers have responded to the pressure and have agreed to work on a way to enable real-world locations to opt-out of the game should they wish to.
Second, the game raises the more obvious privacy concern of data security. Niantic has been noted to request detailed personal information, including full access to users’ Google accounts, raising questions about the safety of this information in third-party hands and how it may be used, and especially, abused. Already, security experts are warning about Pokémon GO being targeted by cyber thieves.
The concern becomes even more poignant when the geo-spatial information that the game collects from its millions of users is factored in. The game requires that the player turn on the camera and GPS functions on her device, thus acquiring the potential ability to record every step the user takes and everything she sees and hears. Issues about bystander privacy, free expression and intellectual property rights aside, the staggering amount of personal and location data thus collected raises not unjustified concerns about its safe and ethical use, storage and sharing. Has Niantic taken sufficient steps to safeguard this data? What happens in the event of a data breach? The possible scenarios are worrisome enough, with implications for national security and opportunities for espionage, to make countries like Russia and Egypt, and the CIA in the U.S. issue security warnings. Here at least, regulation and strict policy guidelines for game developers become not only prudent but also necessary.
On the flip side, there is a case to be made against regulating augmented-reality applications like Pokémon GO. The proponents of this view will argue that this technology is still new, still innovating, and its potential will only be stifled by premature regulation. They will point to the many beneficial applications of this technology, such as assisting individuals with disabilities by replacing a missing sense, hands-free instruction and training, and real-time language translation. Supporters of Pokémon GO will point to the health, enjoyment and socialization benefits of walking around and catching Pokémons. They will point to how businesses are profiting; by turning their premises into Pokéstops, they attract both Pokémons and customers. And they will point to the absence of rigorous evidence currently available on the need for, and potential effects of, regulation.
It is this last point that should give policymakers particular pause. Policies are most effective when they are evidence-based, and for a technology still in its nascent stages of development, about which there is very little evidence available, it is perhaps premature to regulate just yet. However, this is not to say that policymakers and legislators should not start collecting the necessary evidence. Policy and law tend to be reactive, rather than proactive, and policy development is a long and slow process. Augmented-reality games like Pokémon GO are already raising questions and issues to which law and policy do not yet have convincing answers. I recommend that policymakers and legislators begin a multi-stakeholder dialogue with the developers and users of this technology about its desired, and potentially undesirable, consequences, and how to regulate the latter. In the mean time, perhaps we should let the Pokémons, and, for the most part, the players, run free.
Author : Politheor