Some of my favourite science fiction novels of recent years have featured augmented reality in one form or another: Pattern Recognition by Willam Gibson, Halting State by Charlie Stross, and Rainbows End by Vernor Vinge. I liked the ideas so much that I’ve been thinking about the legal implications of augmented reality for many years now (here’s my Gikii presentation back in 2010). However, I don’t think that any of those interested in the subject could have guessed that the first mainstream adoption of the technology would be a game where the objective is to catch virtual monsters. As William Gibson commented on Twitter, quoting Bruce Sterling:
— William Gibson (@GreatDismal) July 10, 2016
In case you have been living in a cave for the past week, Pokémon Go is a smartphone game that allows users to catch virtual pokémon in the real world (hence the augmented reality element). The game displays an avatar that interacts with a realistic map of your surroundings, and whenever you are near a pokémon, you receive a notice and can catch it. The game encourages players to move around the world in various ways. First, the more you move, the better chance there is to catch different pokémon. Second, there are stops in real-life landmarks (which contain goodies), and there are also “gyms” where you can combat other pokémon for control of a location, usually a church, park, or business. Third, walking allows you to hatch eggs containing more pokémon.
Clearly there are a few positives to the game. It is strangely addictive and lots of fun, it encourages players to leave their couches and exercise, and it has already allowed me to get to know my neighbourhood a lot more than I already did. But there are undoubtedly lots of privacy and security concerns. Because this is a game based on geolocation and GPS, it is building an incredibly valuable database of people’s movement and daily routines. Who has access to that data? Is it secure? Who would be liable if something bad happens to a player? I’ll explore a few legal issues.
Privacy and data protection
A very troubling privacy aspect is the report that iOS Pokémon Go accounts that are using Google as registration and authentication mechanisms may have inadvertently given full access to all Google services, including email, contacts, Google Drive, etc. This is because Niantic, the makers of Pokémon Go, are using an outdated Google authentication mechanism for iOS which could give the game developer access to all services. At the moment this seems to be a bug and not a feature, so we have to wait and look for further developments.
Related to the above, Pokémon Go may open a phone to security breaches. The obvious one comes from the fact that some users are installing the game from unofficial websites because it has only been officially launched in the US, Australia and New Zealand. Many such sites are reputable, such as APK Mirror, but there are already reports of malware versions available.
Another potential security risk is that the popularity of the game may be used by hackers to find exploits and gain access into user accounts, but this is a concern shared by other popular apps.
An interesting aspect of a mainstream augmented reality app is that it brings together the virtual and the real. Users may place themselves in danger by driving erratically, by walking without seeing where they’re going, or just by wandering into dangerous territory on their own. Anecdotally, there is a gym close to my home in the back of a church which is frequented by the local drug addicts and drunks, and it is perhaps the type of locale that you do not want children near to. We already have reports of criminals using the game to mug unsuspecting players.
It seems almost inevitable that something really bad will eventually happen to someone when using the app. Who is responsible when that happens? Niantic has gone to great lengths to try to reduce their liability. The game’s logging screen contains a warning for players to remain vigilant of their environment, while the Terms of Service read:
“During game play, please be aware of your surroundings and play safely. You agree that your use of the App and play of the game is at your own risk, and it is your responsibility to maintain such health, liability, hazard, personal injury, medical, life, and other insurance policies as you deem reasonably necessary for any injuries that you may incur while using the Services. You also agree not to use the App to violate any applicable law, rule, or regulation (including but not limited to the laws of trespass) or the Trainer Guidelines, and you agree not to encourage or enable any other individual to violate any applicable law, rule, or regulation or the Trainer Guidelines.”
These may be enough to limit Niantic’s liability in most jurisdictions, but we will have to see on a case by case basis. For example, Niantic will really have to police the location of their stops and gyms, as failing to identify potential trouble spots could open them to negligence claims.
Virtual location rights
One of the most interesting aspects of the game is one that is currently not covered by any legislation, but that it may arise if the popularity of the game remains, or even expands. This arose from a fascinating Twitter thread from designer Boon Sheridan, who lives in an old church in Massachusetts. Because it was marked as a church in some database, his house was tagged in the game as a gym, and after the game’s release he started getting large numbers of visitors. It got to the point that he started wondering if there is anything the law can do in situations like this. He wrote:
Do I even have rights when it comes to a virtual location imposed on me? Businesses have expectations, but this is my home.
— Boon Sheridan (@boonerang) July 10, 2016
The easiest recourse may be to ask Niantic to move the gym to some other location, but we start entering interesting legal territory. Should there be a virtual location right of some sort? Should people be able to legally object to a physical location being tagged in some form without their permission? I know that this way madness lies, but there could be situations in which having strangers show up in large numbers could become problematic.
On the other hand, this could be fantastic for businesses, it is not beyond the realm of possibility that businesses would want to become stops and gyms. One of the local pubs is a gym, I specifically dropped by last night to have a pint and take over the location (Go Team Blue!), and I asked the bartenders if they knew that they were a Pokémon Go gym. They looked at me as if I was mad.
The following months will certainly provide more legal issues we have not even thought of. I am sure that many can be answered with existing legislation, but one thing is for certain, augmented reality has finally arrived.
As an interesting parting note, one of the things that we will have to analyse in coming months are the commercial motives surrounding the game. Niantic started life as an internal Google startup company, so I would be surprised if there is no agreement in place to share data with the mothership. Pokémon Go may be nothing more than a large exercise to gather data from otherwise recalcitrant Millennials.