An Invasion Of Privacy Policy?

I live in a strange and naive world, one where a man can drink water straight out of the faucet, where it is assumed that fellow drivers populating the genius of Eisenhower's interstate highway systems understand the fundamental rules of driving, and where a corporation publishes its Privacy Policy to explain how your sensitive information is respected and protected. One might call it a fairy tale land of such delusional fiction as to be ridiculed and beat up for its lunch money, which is why the recent story from the consistently outstanding Dubious Quality regarding Electronic Arts' Privacy Policy as it relates to those playing EA Games over Xbox Live was not entirely unlike being punched in the stomach. As I read it, Electronic Arts takes the Privacy Policy position that by playing EA games online you are actively authorizing Electronic Arts to extract whatever data it deems pertinent from your system and from Microsoft's Xbox Live customer database. Further, this sharing of customer information seems to happen without any effort to make the casual user aware that a stream of tiny, data-fat bits full of juicy private information is issuing forth through the online ether into the waiting and hungry servers at Electronic Arts.

Which is all to say that, if you've ever played an Electronic Arts game over Xbox Live, EA may already have your email address, phone number, birth date, and credit card information filed away without you even knowing it.

{Edit: Tuesday, August 22, 2006 - Electronic Arts responded to this article and my inquiries, with important clarifications of their policies. Read their response: Here}

Here is what EA has to say on the matter by way of their ironically named Privacy Policy:

If you sign up to play EA games through Microsoft's Xbox Live Service, Microsoft will provide your Xbox Live user account information to EA so that we can establish an EA Online account for you. You need an EA Online account to play EA's Xbox Live titles. By signing up to play EA's Xbox Live titles, you agree that Microsoft can transfer your user account information to EA.

Information collected will vary depending upon the activity and may include your name, e-mail address, phone number, mobile number, home address, birth date and credit card information. In addition, we may collect demographic information such as gender, zip code, information about your computer, hardware, software, platform, media, Internet IP address and connection, information about online activity such as feature usage, game play statistics and scores, user rankings and click paths and other data that you may provide in surveys or online profiles, for instance. We may combine demographic information with personal information.

As I read the referenced quote, it is the policy of Electronic Arts to create an EA Online account for you when you log onto an EA game through Xbox Live, and by creating the account they are granting themselves the authority to retrieve your private credit card information and much more from Microsoft in the process.

This mention of EA Online as being something to which I am registered seemed odd, as I don't recall having seen the brand EA Online associated with my Xbox Live gaming experience in the past, and certainly don't recall authorizing or even being made aware that an account was being made with EA Online on my behalf. I suppose it's possible that at some point over the years I played an EA game where it was made at least vaguely clear to me that I was registering with EA Online, but they've certainly not made a point since of reminding me that my playing EA games online represents my membership in something called EA Online or that I've authorized the extraction of private information such as my phone or VISA card number. To verify this, I fired up my copy of NCAA Football 2007, and hunted high and low within the game, in the provided instruction manual, or on the retail box for any mention of EA Online or the necessity of having such an account for Xbox Live play. As far as I could tell, the EA Online brand is not mentioned even once, nor, certainly, the rights you will relinquish by playing.

Whether Electronic Arts is actually gathering credit card numbers, demographic information, click paths, birthdates, or any of the other multitude of chocolate covered data nuggets at their disposal when you actually log onto an EA Online game is not entirely clear. That is why I contacted their provided email address at [email protected], identified myself and expressed my interest in clearing up any possible confusion for our readers. I was certain Electronic Arts would want to elaborate on the important and well-intentioned methods they employ in protecting sensitive customer information, which must be why they contacted me immediately with a clear and detailed response that reasonably explained their lusty needs for such comprehensive data. Also, they sent me flowers and candies, and invited me to the prom.

Unfortunately, those last two sentences are entirely false. What they actually did was not respond to me in any fashion. Not a "˜no comment', a "˜piss-off', a "˜we don't like you in that way', or even a callous and terse form letter that answered a question seven degrees removed from the ones I actually asked. So, after a week of stony silence, I pressed on and contacted a Corporate Communications Manager at EA for clarification on precisely what information they are gathering on their customers and for what purpose. Again, I received no response at all.

This seemed odd. After all, Electronic Arts had, not six months prior, given us excellent access and coverage at E3, with a PR staff that was keenly interested in our site, our community, and what we thought of Command and Conquer 3. But faced with questions about privacy policies, and credit card numbers, all of our contacts and sources were suddenly very very quiet.

I tried Microsoft next, beginning with researching their privacy policy statement, which is much more with the warm fuzzies and offers a distinct sense that they are very concerned about making certain your private information is kept secure and used only for the forces of good. There's lots of talk about opting out, and blocking the transmission of information from your Xbox, leading one to the impression that here is a company far more interested in at least offering artificial platitudes about privacy options. Or, so it seems until you get to the extremely brief and information-deficient section on "Co-branding", which reads as follows:

Some Microsoft services may be co-branded and offered in conjunction with another company. If you register for or use such services, both Microsoft and the other company may receive information collected in conjunction with the co-branded services.

Presumably, this is exactly what is happening when Electronic Arts grants itself authority to suck Microsoft dry in siphoning information about you. And here Microsoft makes no mention of opting out, or blocking those co-branding companies that decide to lay claim to your email address, street address, telephone number, gender, birthdate, or credit card info. It's not even made clear that the user has any opportunity to be aware of the data transfers.

I proceeded to contact Microsoft's Privacy Policy support through the provided web form, indicating that I'd be interested in any further information they could provide on how co-branding works, what co-branding companies are authorized to extract, and whether customers could opt out of sharing information with those companies. Having already learned a good lesson from my experiences with Electronic Arts, I also went on to put the question to some of our other MS contacts. Despite the web form's assurance that I would have some kind of response within 24 hours, I have yet to hear back from a representative of either company with even a form response.

Clearly, Microsoft and Electronic Arts are not talking about EA Online or what information gamers are sacrificing to play games online like Madden, NCAA Football, or Tiger Woods.

And, of course they aren't interested responding right now. After all, they both have a significant stake in a widely publicized game to be released in the next week, and the last thing they need is some pesky questions about who is getting whose credit card numbers. Ok everyone, all eyes on Madden! No, don't look over there; ocular orbits up front.

Except that this isn't a new story, and despite numerous websites reporting on the troubling phrasing of EA's Privacy Policy since 2006, Electronic Arts is taking a page out of the book written by many an ex-girlfriend in simply not returning even the most impassioned phone call.

EA knows that they can only turn this otherwise quiet discontent into a significant news story by responding publicly. Silence in the specifics of how your information is handled when playing Electronic Arts games is, by far, their best possible policy, because they count on the ignorance and passivity of their consumers. As long as the most significant players in the retail game, consumers in general, don't demand a response, then there's simply no reason to provide one.

That Electronic Arts is heavy handed in their business practices is not a new piece of information. There's simply no reason to be surprised that the company would be stretching every available avenue in collecting any possibly pertinent or profitable information. You might as well be shocked that Michael Jackson had more plastic surgery, or your favorite baseball player is on the juice. We give such corporations no reason to change their practices, because, when push comes to shove, and that new game is so shiny and enticing on the shelves, we conveniently forget our righteous indignation.

And so, when Madden 2007 crashes into retail outlets next week you will again be faced with a choice. How will you choose?

- Elysium

{Again, EA responded to this article: here}

Comments

If you all think back a bit you will recall there was a quite a bit of noise around EA not wanting to participate on live and instead offer their own service so that they could "own" the customer.
Now we all have learned what MS did to get them to play on XBL and what "own", as in your ass buddy, really mean to them.
Oddly enough this third party exchange constitutes a business relationship with EA so they can feel free to sell your information to 4th parties as well.

Whole thing makes my skin crawl. Sombody should send this over the consumer news divsion at CNN :), who knows maybe they would nibble.

Yeah, I was considering cashing in my PSP stuff and PS2 and taking the plunge for a 360. But now I just don't know.

Years of usage in both computers and internet has made me keenly aware of how to dodge the spam/virus/spyware that end up on my computer but with a console I just don't want to have to play those games. The thought of built in spyware that microsoft and EA or anyone else can use to get my info so that they can better market their crap to me doesnt seem that exciting.

The more fun and advanced the online worlds become the more I feel my privacy is raped and the less the corperations care. I finally took a break from WoW because I was sick of the bugs in a game that had been out for 2 years with no signifigant expansion. But Blizz doesn't care because they have our cash. EA/Microsoft won't care till they stop getting our money.

Play NFL 2k5 (2k6 doesnt exist). Urge 2k Sports to make a generic football game.

That makes sense I knew 2k6 didn't sound right.

This is just insane. Good work, Ely, keep us posted.

Gaald wrote:

With an attitude like that of course it will never happen, and that is totally fine if you don't want to jump on board that is your perogative, but as consumers we could if we wanted to change the way EA does business by not giving them our money until they give us some answers and if necessary changing their policies.

I've been against EA for a long, long time now, only picking up the titles that have caught my interest second-hand from other people so they don't see one iota of my cash, and I like the way you think, but frankly, I think you're being unrealistically idealistic.

Don't get me wrong, what they're doing stinks. It's wrong. But I still don't see the vast majority of gamers (Not just Madden fans, but Gamers as a whole) caring as long as they get their Madden/BF2142 fix. If you'd like to try and convince them that somehow information that they don't give a fig about giving up to corporate America under the guises of "better marketing strategies" and so on is somehow important, i'm with you, but I think we're talking about a battle that even Sisyphus would look at and go "**** this".

I see a reasonably large amount of people getting angry over this, and not buying any EA games for, oh, three months. Then half of those people break down and start re-buying again. And even during the full brunt a protest, it only appears as the most minor blip on EA's radar, and they keep on selling subpar crap like gangbusters.

Mind you, I'd love, love, love to be 100%, ass-backwards wrong, and see EA get strung up from a tree for this BS. I just intensely, seriously doubt it'll ever happen.

KrazyTacoFO wrote:

Hmmm, it's a good thing I really don't play any EA games online.

If you play any EA games on your 360 and it's connected to the internet, even if you're playing single player, you're technically connection to EA Online in order to have your achievements noted.

Congratulations! Bet you didn't know that, did you? That's ok, EA didn't want to make you have to figure anything out, so they took care of it all for you. How friendly of them!

My long-standing boycott of purchasing any new EA games has blossomed into full-bore boycotting against purchasing even used games over the course of the past month with everything we keep learning. I'm on the verge of selling Burnout Revenge (which I picked up used, not new - the point being to keep the profits out of EA's hands) because I simply don't want to touch it anymore.

[edit]
Pred, I know I'm in the minority here, but I for one haven't purchased a single EA game new (only second-hand, and even then only occasionally) for nearly two years now. I also haven't shopped at Wal*Mart for about three years, among other choices I make.

Will I make a difference? Beats me, but I had to start drawing lines and not crossing them. Enough of us do this and it will make a difference. But no, I don't think enough of us will. Won't stop me, though.

If you play any EA games on your 360 and it's connected to the internet, even if you're playing single player, you're technically connection to EA Online in order to have your achievements noted.

You have some sort of proof of this?

I have to dig that up; I forgot where I read that, but it was fairly convincing.

I ask only because this whole issue contains a good deal of speculation and a lack of hard evidence that suggests that EA is actually taking credit cards numbers. The policy says they may if necessary, but there's been no proof that they actually have been. That's why the larger sites aren't reporting on this, cynical assumptions are not proof.

I ask only because this whole issue contains a good deal of speculation and a lack of hard evidence that suggests that EA is actually taking credit cards numbers. The policy says they may if necessary, but there's been no proof that they actually have been. That's why the larger sites aren't reporting on this, cynical assumptions are not proof.

OK let's say that as of yet EA hasn't taken any information from Microsoft, although it seems they could at any time, and as far as I am concerned it is highly unlikely they haven't already. Who gets to decide when that information is necessary for EA to have. Not you, you give up that freedom to EA and Microsoft and it seems a lot of people didn't even know it. The fact of the matter is most people would never give up that freedom willingly to their own goverments, at least I know most Canadians wouldn't. Why would we not fight to stop a corporation from doing it, especially when they aren't being upfront about it. This is certainly something to get upset over.

Not only that Certis but you keep saying that these are just assumptions based on very little fact, and you would be right we don't have all the facts. That is the biggest problem, we don't seem to have all the facts, are we just supposed to assume the companies have our best interests at heart? You know just as well as I do that is not how things work. Elsyium has tried to get more facts on this story and has yet to get anywhere, you would think that if there was no truth to this story both companies would be looking to set the story straight before it did more harm than good. I would like some answers why are we not getting any?

You get upset over your cereal having too much milk, let alone what corporations are doing on systems you don't actually own/take online

I'm not going to waste my time getting riled up about something that isn't more than assumptions, I don't need to light the torches and sharpen my pitchfork to make inquiries. I may have some information on Monday, we'll have to wait and see.

Aha, found it. It was a poster on the OO thread who noted that, while they played NCAA07 on their 360, they didn't actually try to play an "online" game, but received confirmation of the creation of their account anyway.

The post is Shkspr's

Now, this actually makes sense, since when you are connected to Live and you insert an EA game into your system, you're technically playing that game with online connectivity running, even if you aren't playing an online multiplayer match.

Even more convincing that this is likely true is the way that EA's policy is specifically worded. I read it again carefully, and would like to point out the key wording (I've bolded the text I will reference after the quote):

EA's Privacy Policy wrote:

What is personal information and when does EA collect it?
Personal information is information that identifies you and may be used to contact you on-line or off-line. Electronic Arts collects personal information from our online visitors during (1) contests (registration or claiming a prize), (2) warranty registration and/or during customer support or technical service requests, (3) player match up or other online services, (4) registration for games or special game-specific event participation, (5) marketing surveys and email campaigns, (6) registration for membership on our sites, (7) when you order products or subscriptions from us online, or (8) when you request services from third party service providers on our site or (9) through the use of our software or online services.

If you sign up to play EA games through Microsoft's Xbox Live Service, Microsoft will provide your Xbox Live user account information to EA so that we can establish an EA Online account for you. You need an EA Online account to play EA's Xbox Live titles. By signing up to play EA's Xbox Live titles, you agree that Microsoft can transfer your user account information to EA.

Note first, that in the initial paragraph, the privacy policy explicitly distinguishes between player matchup and using their software or online services. In legal-speak, I think it's important that they actually take the time to distinguish essentially between multiplayer and just the mere use of their software.

In the second paragraph, the important thing to note is that all of EA's games are Live, so while we may automatically insert "multiplayer" into that paragraph, nowhere does it explicitly state that this is the case.

I think that, unless Shkspr was lying, we have a solid case here that all it takes is to play an EA game on your 360 while it's connected to Live (and thus playing online as it interfaces with the Live system to record that you've played it, what achievements you've earned, and where you stack up against your friends on scoreboards even though you're playing single player modes), and then EA creates an EA Online account for you automatically, triggering this whole process. It makes sense, and it fits with their "privacy policy".

I was going to check my hotmail account to see if this happened to me when I first played Burnout on the 360 (as I didn't delve into the online for a few days, and I still have my receipt), but unfortunately my Hotmail account had lapsed when I just checked it for the first time in who-knows-how-long, so of course the old e-mails aren't there.

I'm really curious now, and would like to know for certain. But logically, following the evidence provided, it makes sense. I'm dead tired and going to crash, but will be doing what I can to get more verification on this since I'd like to know for certain as much as you.

You get upset over your cereal having too much milk, let alone what corporations are doing on systems you don't actually own/take online

Yes and I already stated that in my first post on this thread, to me the fact that I don't have an Xbox 360 is neither here nor there. It is about standing up for a persons right to protect their private information, like I said I wouldn't let my government get away with this without a fight and I certainly won't let a corporation get away with it either.

Hate to be the one to say to this you people, but this is only going to get more prevalent. Boycotting EA isn't going to change anything, since it is Microsoft itself that's going along with it. Just unplug your 360 from the wall if you're up in arms about the whole situation; your privacy went out the window the second you hooked up the internet connection.

Rat Boy wrote:

Hate to be the one to say to this you people, but this is only going to get more prevalent. Boycotting EA isn't going to change anything, since it is Microsoft itself that's going along with it. Just unplug your 360 from the wall if you're up in arms about the whole situation; your privacy went out the window the second you hooked up the internet connection.

Exactly. This isn't just an EA problem, it's not even a video game problem. All major companies, of any kind, will buy and sell your personal information if they can get a hold of it. "Registration" is a fancy term for turning your mailbox into a dirty little slut. The whole subject just makes me sick. The only real fix would be legislature, but we all know how good that was at stopping things like spam. I feel media should take more action to police businesses in this country, bravo GWJ.

And you all thought I was mad to hate EA because of its customer service, MAD I tell you!

souldaddy wrote:
Rat Boy wrote:

Hate to be the one to say to this you people, but this is only going to get more prevalent. Boycotting EA isn't going to change anything, since it is Microsoft itself that's going along with it. Just unplug your 360 from the wall if you're up in arms about the whole situation; your privacy went out the window the second you hooked up the internet connection.

Exactly. This isn't just an EA problem, it's not even a video game problem. All major companies, of any kind, will buy and sell your personal information if they can get a hold of it. "Registration" is a fancy term for turning your mailbox into a dirty little slut. The whole subject just makes me sick. The only real fix would be legislature, but we all know how good that was at stopping things like spam. I feel media should take more action to police businesses in this country, bravo GWJ.

Fo' realz. We're screaming invective at an oncoming train here. I hate it, but it's inevitable.

So we're just saying the only solution is to bend over and take it whenever any corporation tries to screw us over?

Don't worry about it Farscry, some people just like being sheep

Farscry wrote:

So we're just saying the only solution is to bend over and take it whenever any corporation tries to screw us over? :?

So far the only "solution" I've heard is "Get them on the phone, demand answers!" Yet, you guys don't trust the company so would you trust them if they said 'we don't take credit card information unless you agree to it through a purchase'? I dare say you wouldn't. So what are we left with here? I see a lot of (so far) impotent anger that seems to be more interested in cultivating outrage than actually doing something tangible.

Anger should be razor sharp and brought to bear when the time is right and you actually have some facts to back it up. If not getting spitting mad with next to no research makes you a sheep, I'll get to grazing.

Baaaah.

You've been slashdotted. Yay for more exposure on this matter.

Certis wrote:

So what are we left with here? I see a lot of (so far) impotent anger that seems to be more interested in cultivating outrage than actually doing something tangible.

Anger should be razor sharp and brought to bear when the time is right and you actually have some facts to back it up.

RIOT!!!!!

EDIT: I'm sorry, how highly inappropriate of me.

FOOD FIGHT!
IMAGE(http://www.tigersweat.com/images/anim09.jpg)

So far the only "solution" I've heard is "Get them on the phone, demand answers!" Yet, you guys don't trust the company so would you trust them if they said 'we don't take credit card information unless you agree to it through a purchase'? I dare say you wouldn't. So what are we left with here? I see a lot of (so far) impotent anger that seems to be more interested in cultivating outrage than actually doing something tangible.

I am not trying to cultivate anger, I am trying to motivate action. I am trying to get people to care about something they should care about and get them to tell everyone they know.

You've been slashdotted. Yay for more exposure on this matter.

Perfect the more eyes on this story the better!

Does anyone know EA's corporate mailing address? I don't feel that the privacy policy email would do any good.

Well crap. My browser died and ate my reply.

Ditty what Gaald said.

In addition, I'm seeing a lot of complacent apathy that seems to be more interested in coming up with excuses so our entertainment isn't impacted than in considering that we might have to pass on a Madden game for our own good.

Yes, I mirrored your statement to make a point, Certis, but it actually isn't directed at you. My point is that there are a fair number of people simply saying "eh, all companies do stuff to rip us off, it's just the way things are."

Well, "the way things are" is wrong. Hopefully EA is acting benignly. Somehow I doubt it. I've been severely ripped off multiple times by medical insurance companies in my life (including preventing treatment that swiftly passed the window of opportunity, so I'm left with an injury that will be with me long-term and possibly for life if a new treatment is never found), all over a $#@& profit margin. You'd be amazed what companies will justify by trying to re-interpret their service agreements.

Hopefully none of you deal with the kind of horrible frustration I've endured at the hands of corporate greed. But that doesn't make it any less frustrating to see people simply stick their heads in the sand.

Yes, EA is "just a game company". But this is a luxury we're talking about here. We should be more willing and ready to drop a luxury expense to prove a point and make a stand, since necessities are, well, necessities and harder to work on acquiring through other means. Not to mention, if we allow behavior to pass from an entertainment company, it's still setting a legal precedent for corporations as a whole, not just entertainment companies.

Yes, I mirrored your statement to make a point, Certis, but it actually isn't directed at you. My point is that there are a fair number of people simply saying "eh, all companies do stuff to rip us off, it's just the way things are."

Just to play devils advocate here for a moment, Certis point was that there is no hard evidence that EA is doing what people are assuming they are doing, but are only speculating based on how EA's policy is worded.

Well I for one don't want to wait till someone finally decides to share that proof. How long am I supposed to wait for that proof to come out? I want answers to that question now, and IF EA is doing what a lot of people think they are doing than I want that policy to change. It is underhanded and borderline theft as far as I am concerned.

How do we get those answers? By demanding EA and Microsoft make their policy clearer, that they be upfront with what data they are collecting and who exactly gets to have it, by forcing them to change the way they do buisness, show them with your pocket book that until they resolve this we won't buy their product. If enough people do this it will hurt them where it matters, their bottom line. Madden is a great place to start because EA has invested a lot of money in making sure this franchise sticks around, they need it to do well in order to pay off for them. Microsoft needs Madden to do well because the game is so main stream and probably helps them sell systems.

Even if this whole issue isn't that important to some of you (which boggles my mind) at least wait until the reviews come out. Last years Madden was crap and EA's track record with this series is far from spectacular, why pay 60 bucks for the game right away when you can wait a while and make sure it is worth the purchase in the first place.

Sega got my credit card info and birthday from MS when I signed up for Phantasy Star Online on Xbox Live. I found it very convenient and never heard anyone complain about lack of privacy.

People who hate video game companies are such sad silly little creatures.

Marketing plant!

Seriously, please discuss in an adult matter FuriousBroccoli. No need for name calling, thankyouverrmuch.

Btw, you knew you were giving away private information and why you were doing it. All the difference in our sad silly little world.

Sega was up front because they had to charge you for playing PSO and need that information for billing. EA does not.

Sega got my credit card info and birthday from MS when I signed up for Phantasy Star Online on Xbox Live. I found it very convenient and never heard anyone complain about lack of privacy.

Ignoring the uncalled for name-calling, there are a few key differences.

1) PSO is a subscription game.
2) Sega was upfront about the information they were retrieving.
3) It was made clear that you are signing up for a sevice outside Xbox Live when logging in.

The issue here is how EA is handling private information without involving the person whose information is at risk. As I stated in the article, it is entirely possible that EA is retrieving no significant information from MS when you create an EA Online account, but the real problem here is that the gamer is being removed from the equation, and apparently can't even find out what information EA has.

Whether it is an impotent call to the wind or not, I have no idea, but I do think it is entirely reasonable to put this kind of information out there. What you as a consumer do with the information is up to you.

Oh, and just to be clear, comments like the 'sad silly creatures' nonsense is a good way to be removed from our site.