Re: Long arm of law reaches into World of Warcraft

I think the debate centers around the subpoena and if it was a legal request, or if the cop just sent a nice letter. I'm guessing that it was a legal request, but as Thorn pointed out, out of state subpoenas don't have to be followed. If it's refused, then it can be escalated further which means more lawyers, time and costs for everyone.

In this case, the cops were after a guy, they figured out that Blizz would know something about where hes connecting from and that could be useful in tracking the guy down. As was pointed out, the checks and balances were followed and it was not an overly broad request and it was done in a formal law enforcement capacity.

I don't think many people here would find this over reaching to find the guy. It's a trail of breadcrumbs made out of boulders for #$%#$ sake. What I don't think anyone likes is when law enforcement shows up at an office or asks over the phone for some info without a warrant or subpoena and companies just roll over and hand it over. There's been many companies who have gone to bad and have said, just as my mailbox does, "Come back with a warrant" and the cops never do because it was a fishing expedition to begin with. There are also lots of companies who will turn over customer data at the drop of a hat to keep certain people happy *cough*China*cough* and markets available.

Just my $0.02 CAN and as a WoW player

Re: Long arm of law reaches into World of Warcraft

Sort of.

I think Thorn believes, (Please correct me if I am wrong, for I do not wish to put words in your mouth) that since the government may come back anyway with an in-state subpoena that it is in the company's best interest to just hand over the information. This is because it will use less resources than dealing with it later.

I believe, that it is in the company's best interest to make the government exhaust all resources before giving out customer information. First, because it takes less resources to not respond than to put the packet of information together. Second, because the security of the user data is their ethical responsibility.

Excellent. I like to see when someone can have an intellectual debate. Often on the Internet, it's only trolling and flame wars.

I love the EFF, they have a pretty good RSS feed. Here is a recent article about a bogus subpoena that was fought by the ISP. It was on the HNN Newscast earlier this year also.

http://www.eff.org/deeplinks/2009/11...bogus-subpoena


I disagree. I think it's pretty improper etiquette to use an onion router for large bandwidth things like WOW.

Re: Long arm of law reaches into World of Warcraft

Not to say this can't and doesn't happen sometime, but it's is more the fantasy of TV writers than a reality.

Again, more often than not, this is pure fiction. In my past career, I've been very friendly in the past with record keepers inside companies. Even being on good terms with those people, and even knowing the existence of records, (e.g. phone records for a listed name), those people have said to me, something along the lines of "Sure, I'll have [the requested information] sitting right here on my desk, ready to be picked up. Be sure to bring the subpoena so I can release it."

Believe me, the cops and the companies both know the legalities, and how and why the CYA game is played.

Well, use of resources is certainly one element, but the other is "presence" and where a company like Blizzard actually does business. In most cases, if the company does any business within a given jurisdiction, that makes them responsible to respond to the laws of that jurisdiction. That makes a company like Blizzard that execute business in multiple states responsible, both legally and ethically, to any police agency in any state where they do business.

They do have to respond in some way, even if they politely decline based on a lack of jurisdiction; to just ignore a subpoena can result a contempt of court charge.

As to your points, it often is in best interest of the company to comply quickly, because the information is something they can't withhold under current law, and to spend resources fighting something they know they have to give up in the end anyway would be a waste of money. Any other actions makes the actions of the board fiscally irresponsible. A company isn't there to protect civil liberties, they are there to make money for the stockholders. As to ethically holding the information, that clearly depends on what things are spelled out in the Terms of Service to the customer. And most TOS's clearly state they will give up and all information to a lawful subpoena.

Ah, the EFF.

I have very mixed feelings about the EFF, in the same way I do about some Federal agencies, like the TSA. Good idea, but they often fail their ideals in the application. While the EFF is based on the premise of protecting people of an overreaching government, they seem to often lose sight of their purpose, and their information is more misleading than the very overreaching government they are supposedly holding at bay. Ultimately, I don't trust them much either. Here's another thread, where I remarked about the EFF and how they went about doing something, and how what they claimed wasn't exactly true: https://forum.defcon.org/showthread.php?t=10339

Well, it may be improper etiquette, if you really concerned about someone tracing you, you probably should not be playing WOW or other online games. Especially in light of this case.

Re: Long arm of law reaches into World of Warcraft

I disagree entirely with this statement. A company's responsibility is not to its stockholders. A company's responsibility is to its stakeholders. This is very different from stockholders. Stockholders are only one small part of the stakeholders in a company. Blizzard's stakeholders include employees, suppliers, customers, the local community, and the environment.

The american auto industry saw huge losses because the Japanese were using quality techniques from Joseph Juran and Philip Crosby. Social responsibility has now been found by researchers to be just like quality. Failures in social responsibility have proven to affect the bottom line. For example, IKEA lost a huge percentage of revenue after their child labor and green issues.

Companies cannot turn a blind eye to social issues like customer privacy. Every day there are new financial groups of socially responsible investors, also known as socially-conscious or ethical investors. These investment groups will sell stocks in a corporation that fails in social responsibility. They will also work within the companies to not re-elect board members and change the corporate culture. Corporate citizenship is becoming increasingly important. Simply complying with bad laws and not challenging them may hurt a company in the long run.

Re: Long arm of law reaches into World of Warcraft

Companies exist to make money, otherwise they fail. "Social" items are just a form of advertising. In and of themselves they aren't consistent with the bottom line, as they tend to be costly. These things work at the moment because "social" things are currently popular. When a company fits with the way a customer thinks the the company should work, they identify with and buy from that company. In time when such things become less popular, then they'll disappear simply because they don't contribute to the bottom line. When they become popular again, they'll be back again. You may be too young to have seen this previously, but you don't have to look back very far to see this has happened before.

Re: Long arm of law reaches into World of Warcraft

Back to the original situation...

Yes there are companies that will fight to protect subscriber info (some ISP's in dumbass RIAA lawsuits, etc), and many that all but had law enforcement the keys to the cabinets.

I think the solution for both sides is that companies need to learn that they can do business with less information and that by not collecting it in the first place, they are absolved, subscribers feel more private and anaonymous.

Law enforcement is protected in a way since they can't go on fishing expeditions for idle records since they don't exist. If they want to capture information, there has to be a specific action to do so (i.e. actually hook a wiretap in place, pre calea and digital phone switches) and record the calls, rather than just poking through pre-recorded stuff and the issues that arise with having those records.

I think you could also make the business case that by recording less, you can save money since you odn't need to store it or index it, cutting overhead.

If we could at least get companies to stop recording credit card numbers post transaction, that would be a start (inbox is full of google alerts about CC database breaches over the holidays)

Re: Long arm of law reaches into World of Warcraft

If I were a shareholder of a company that continually wasted money on attorney's fees because they continually pushed authorities to follow through with an in-state subpoena, I'd probably be raising hell at the next shareholder's meeting.

As Thorn has stated, LE does not do fishing trips when they request this kind of information. They ask for very specific items about very specific people. No company would comply with giving a wide swath of information about non-specific people, except for maybe Google.

As for utilities giving out this information, if those utilities happen to also be Municipalities, then they are required to give out that information with just a simple FOIA request.

I believe that companies need to stop opting-in people for storing CC information. A large number of sites have that box checked by default to save information when you purchase something, and as we know, people don't bother to read every line. Personally, I cannot see any reason why any company needs to store that information post transaction.

Re: Long arm of law reaches into World of Warcraft

Renderman made a really great point on recording less. I agree completly with that.

The ROI (Return on Investment) for the top 100 corporate citizens is typically much higher than their competitors. In 2009 it was 26 percent higher. To quote a resource to that statistic below: “In good times, being 26 percent better is good. But in bad times, 26 percent better is downright brilliant.”

http://www.thecro.com/100best09

The cost to something like social responsibility is no longer seen as an expense by executives. It is seen as a reduction of waste. They are opportunities to gain market share and increase revenue. Many are not even advertised to the public. It is the creation of a corporate culture of ethics and responsibility that will really increase ROI.

Economics is not a simple matter of supply and demand. There are many more factors to business. As users of things beyond their normal and intended use (definition of a hacker), we should be concerned with privacy concerns that arise. We should raise our concern when we see problems in privacy with corporations we are stakeholders of.

Re: Long arm of law reaches into World of Warcraft

You continually preaching what we should be concerned with as being a hacker is getting tiresome. It may be something that you are concerned with but telling everyone else that we should be just makes you sound like a loon. Maybe it isn't your intent to sound that way, but you've made a similar statement several times in this thread so far.

Re: Long arm of law reaches into World of Warcraft

Sorry to disagree, but it all still sounds like marketing copy to me. It may not be an expense at the moment, because it is generating marketing. It will be an expense as soon as it stops being a positive in the purchasing public's eye. Again, I'd urge you to look into the recent past. These things are very cyclic.

You're mixing a couple of things here, some of which, besides they're being advertising/PR/marketing poise no real value. Personally, I don't by the "stakeholder" bit, as it's nothing more than a buzzword. You're either a consumer or you're a provider of a product/service.

I must say that for someone who was talking about being a skeptic before, you seem to swallow the whole social thing hook, line, and sinker.

It would also seem we disagree about economics. Economics IS nothing more than supply and demand when you get to the basics. If a company gets away from that fact, they die. It happened less than ten years ago, when the "new economy" was based solely on investment income for growth without watching for profits. The "dot bomb" was the result. It sure seems that people forget history very quickly. Turn that skepticism toward some of this, and you might just start to wonder what a company's motives really are. The answer is simple: Profit.

Re: Long arm of law reaches into World of Warcraft

In other words; "When you use our service, your information is not always private". Simply put, when you access a service, you agree abide by their terms, their terms will often state something similar to this. There is no breach of privacy when you agree to a statement like that every time you log in.

Reference: http://www.worldofwarcraft.com/legal/termsofuse.html

Re: Long arm of law reaches into World of Warcraft

This may be the ideal, but unfortunately, it is not how things work in the real world.

Re: Long arm of law reaches into World of Warcraft

This discussion is moving toward economics and corporate policy. I considered stopping my participation in it because it was moving a little off topic to this forum. However, it is still about privacy which is very much relevant to this forum. Hopefully the moderators see it the same way as I do. If not, feel free to do to the thread of which you wish.

Wow. Um, don't know where this came from.

Interesting argument. I'm not quite sure how the two relate though. I have researched this topic, and have a few colleagues who work in supply chain management. They have made convincing arguments on this. That is why I have this view on this subject.

I think you are confusing economics with accounting. Economics is the social science that studies the production, distribution, and consumption of goods and services. The dotcom bubble was an over-value in technology stocks due to the fact that investors did not understand the profitability of the business model.

A company's profit decisions are determined by their executives and accounting controls. Socially responsible companies tend to have higher profits than their competitors. So in your theory they should choose to be socially responsible or "die".

As far as privacy goes, it looks like we agree to disagree on this.


Correct. These are the terms, and according to the article they abide by these terms. My point wasn't what their policies are, but if their policies are what they should be.

Re: Long arm of law reaches into World of Warcraft

When you're making buttloads of money like Blizzard, it is easy to appear responsible to virtually everyone, including those you refer to as stakeholders. But when times get tight, you'll see that they (and everyone else) care a little less about everything other than the bottom line.

Companies aren't claiming to be "green" because they care about the environment, they do so because it appeals to people if they appear to be conscious about their impact on the environment. If they're spending money to do so, it's more akin to advertising then it is to actual impact. Sure, there might be businesses that don't fit this generalization, but they're few and far between. And when the rubber hits the road, it's all about the bottom line.

If you spend your life building a business, and during some down time is about to go under, but you could save it by scrapping your support of the local little league, what would you do?

Re: Long arm of law reaches into World of Warcraft

Well, it's up to you, although you first brought up what policies "should" do or be. But if you want to drop that portion of the discussion, then that's OK.

I'm not sure we disagree on basics, i.e. certain information shouldn't be seen unless the person involved wants it released. However, we seem to disagree on the application. As I see it, keeping information private is a matter of personal responsibility. That is, that a person only releases what they want to release, and then understands what they have little or no control with it after that. Because of that view, I am very careful about what information I release, and I read things like the TOS from service providers. Admittedly, my past career has shaped a lot of that and I tend to know the limits, and be cautious about what I release, and to whom I release it.

From what you have said thus far, I infer that you want to compartmentalize the information, prevent its release to the authorities and others unless you think it's OK, and have other people be responsible for information you released. Please correct that impression if I'm wrong.