Saturday, December 8, 2007

Age Verification argument rages on

There seems to be three camps developing among residents with reference to age verification.

The first want it, have done it (or not, depending on whether Integrity actually has their information) and are annoyed at everyone else who doesn't want it.

The second is those who are generally okay with it. These are normally non-US residents whose only reservation is whether or not they are breaking the privacy laws in their own countries. More often than not, the age verification process fails for them anyway, but they're willing to try it.

The third camp is the one that I - and the vast majority of Residents - are in. That is, we don't want it, we won't use it, we won't flag our land and we'll inform relevant authorities where we see breaches of the law. In my case, since I live in Canada, I don't break the law if I voluntarily give my Social Insurance Number (SIN) to Linden Labs or Integrity, BUT, if I choose not to, Linden Labs DO break the law in Canada the moment that they deny me access to something on the grounds I haven't given my SIN number to them.

A pattern is beginning to emerge about Integrity's database. A number of people have failed to verify with their current data, but have managed to verify with data several years out of date. This indicates that Integrity are gathering public records to add to their database, but these records are often out of date. In the UK, for example, they buy data from the credit check company Equifax (which performs credit checks on consumers) however, Equifax only have data about those who have applied for credit in one form or another, or who have home facilities. Take my 42 year old brother, a sad individual who still lives with his parents. He's never applied for a credit card, hasn't bothered to tell the Driver and Vehicle Licensing Agency the last three or four times he's moved house, doesn't bother with bank accounts (he lives off welfare, cashing his cheque every two weeks at a post office who know him and never bother to ask for ID) - He wouldn't be on Equifax's database. He holds a driving license and passport, but has never had the internet at home. He is on the electoral roll, but the list that is not available to the general public (only available to government bodies).

As a test, I asked him to try age verification. Surprise surprise, it failed, despite the fact that the data he provided was correct. However, what was most interesting was he provided state information (passport number and driving license) - which would NOT normally be available to anyone but the UK government. It wasn't in Integrity's database. Which leads me to have serious doubts that their claims their data is taken from governments worldwide is genuine.

To me, Integrity has always seemed like a data mining company, that gets its profits by acquiring tiny pieces of the huge jigsaw that is a persons life, putting those pieces together and selling the completed picture for far more than the individual pieces cost. By age verifying, what a person actually does is to alert Integrity to their existence. Nobody has been able to find a privacy policy for Integrity, but my guess is that it's something like the policy for facebook; by providing them with ANY information, you expressly authorise them to collect any and all information they can about you, including but not limited to, credit card data, bank data, address data, religion, voting preference, membership of clubs etc etc. In other words, anyone trying to age verify with Linden Labs systems, whether they pass or fail, is actually authorising Integrity to start data mining on them. Again, this IS only my guess, but until someone can find a privacy policy I'm standing by this opinion, bearing in mind the discovery that it was indeed the case for Facebook.

And this is what makes it dangerous. Particularly the section in Linden Labs own terms of service, that states in the event of bankruptcy, Linden Labs can no longer be held responsible for anything done with ANY data collected by the Second Life system. Linden Labs remains completely silent on the questions being thrown at them by residents along the lines of "What guarantee do WE have that your third party company (Integrity) won't misuse or sell our information." And the answer to that is simple. None at all.

Looking at it from a legal point of view, a resident makes a contract with Linden Labs when they sign up, for the provision of a service called "Second Life" in return for complying honestly with their terms of service (it's far more complicated than this, of course, but this is what it boils down to in its simplest form) - This means that the resident, as a consumer, and Linden Labs, as a service provider, can hold one another liable in the event that one breaks the conditions. As it's part of the terms of service that users of the adult grid are over 18, anyone who isn't and uses the service is in breach from the moment they log in for the first time. Bringing a third party into it, however, muddies the waters.

Since a resident has not agreed to anything with this third party, there is no contract, and nothing to regulate the residents behaviour toward the third party or the third parties use of any collected residents data. Effectively what this means is a resident is perfectly at liberty to be totally dishonest with the third party, because there's no agreement to stick to, but it also means the third party is equally at liberty to do whatever the hell it wants with whatever data it does get provided. No agreement, no contract, no protection.

Some Residents will sign up to age verification right away (and indeed, some already have). Some will be willing to sign up when the database is more complete and they're likely to be on it. Most will refuse point blank to give this data. When push comes to shove, and it becomes mandatory, Linden Labs will risk their existence as a corporate entity on getting enough people to use the system. Ultimately, if enough rebel and leave, the costs of running Second Life will rapidly overtake the revenue - at which point, bye bye Linden Labs.

In closing, try this for a bit of fun. I created a facebook based on my best friend from school's details, except in the facebook account she lives in Canada, has a much more glamorous job, is a member of a number of respectable organisations and is most definately over 18. I created this facebook account when Age Verification was first being discussed for Second Life, so it's a over six months old now. Using a fictitious Ontario driving license number and a fictitious passport number, both authentic in the layout of their numbers and special characters, I tried to take her through Age Verification, using the same details with Integrity as I had put on her Facebook profile - and passed, proving that one of Integrity's sources is indeed facebook. The only problem with this is - she doesn't actually exist as a Canadian citizen, and her birthdate as given in her facebook account is one day wrong from her actual birthdate. Also, her address is the middle of a cemetery, but the postcode and street number do exist.

She's now verified. The thing is, she doesn't actually exist (with the details I provided to Integrity) so she should not have passed the age verification. I'm betting somewhere there's a very puzzled computer failing miserably to put together the missing pieces on her. This just shows how much of a sham Integrity's system is, and in my mind vilifies my position: I'm not using this system, ever, and if it gets made mandatory, I'll say goodbye to Second Life.

1 comment:

Anonymous said...

http://www.aristotle.com/content/view/31/152/