A report from the Privacy Commission of Canada has concluded that economic transactions in Second Life could be harmful to a user’s real life privacy, according to the CBC.
The commission published a report from Janet Lo, who conducted the study of SL while a law student at the University of Ottawa. The paper, entitled “Second Life: Privacy in Virtual Worlds,” was commissioned by the commissioner, and its table of contents can be found here.
She found that agreements made between Linden Labs and Second Life users didn’t necessarily translate to transactions between avatars in-world.
Lo cited the infamous happening in August of 2007, when a virtual bank set up in SL ran off with an estimated $750,000 in real money. She also cited a breach in SL’s data security that led to the exposure of the personal information of more than 650,000 users.
The problem, she noted, was that privacy rules and regulations were “missing, or just a bit unclear or vague.” For example, she quotes in her report from the SL user agreement section on privacy:
… [users] may choose to disclose personal information in our online forums, via [a user’s] Second Life profile, directly to others users in chat or otherwise while using the Second Life service. Please be aware that such information is public information and you should not expect privacy or confidentiality in these settings
Lo also writes about legal concerns of Canadians using Second Life – as Linden Labs is based in the US – and about anonymity issues and the potential for in-world survelliance.
“It wasn’t really clear to me whether Second Life keeps track of what avatars are doing,” Lo added. She has since graduated from law school and now articles at the Public Interest Advocacy Centre in Ottawa.
Sidebar: Linden are not surveilling you (without good reason) because they’re not allowed to legally and I don’t just mean because of any perceived right to privacy. LL have claimed Service Provider status for themselves which grants a ‘safe harbour’ clause that they cannot be prosecuted for any illegal or stolen content carried on their networks on the grounds that they cannot practically know what’s being carried on their networks.
I’ve been told (by lawyers that know much more than me!) that this absolutely pivots on them having ‘no prior knowledge’ of any users activity or user-content. If they ever did have it would nullify their safe harbour and they’re wide open to all sorts of litigation. Guessing they’d like to avoid that?
I don’t buy what Eris is saying whatsoever.
That’s a thin veil of legitimacy covering a multitude of vast oceans of data, with little or no constraints on the Lindens’ use or potential use of it.
I remember I used to collar Philip Linden and say, Good Lord, you have more knowledge about all the businesses in a world/country than any government in history. How can we have free enterprise…free anything!…in such a setting?
Many businesses simply refused to get started from real life into SL precisey because they couldn’t protect their data stream.
The Lindens are sitting on a gold mine of externalized dreams…how/when/if they will use it is nothing that there is any law about, really, even privacy law.
The Lindens’ ability to obtain immunity from prosecution or limit their liability to litigation isn’t at all the same thing as what they may do on their own with their knowledge of the world scraped from us. The TOS enables them to scrape at will and use at will if you read closely.