Compliance: Stop Before You Pokemon Go

Pokemon Go and the Unusual Risks of Augmented Reality

Sometimes the divide between consumer technology and enterprise technology is a fine line. And with BYOD being the norm, they sometimes are one in the same.

Pokémon Go might be this year’s most unexpected compliance event,” announced Compliance Week in a headline that would’ve made no sense as recently as two weeks ago.  What makes this truly fascinating, and worrisome, from an enterprise perspective are the various levels of risk posed by the game. Not only are there glaring security vulnerabilities in the app, but also the possibility that distracted employees (especially those who are driving) will hurt themselves or others while “catching ‘em all.”

The security vulnerabilities, in particular, have even caught the attention of elected officials, with Senator Al Franken (D-MN) expressing concern that user information is not secure. Part of the problem is that, upon release, users would sign in using their Google account and would give the maker of the game, Ninatic, full access to their account. While this framework was apparently established accidentally by Niantic, and a fix is in the works, the fiasco underscores how delicate the balance between information security and convenience can be. This is perhaps especially true in light of the rapid ascent of the game, with eager players overlooking the fact that they were handing over unfettered access to their emails to what was — at least until the past couple of weeks — a relatively unknown entity.

The issues with Pokemon Go are quite likely a harbinger of things to come. While it is certainly not the first augmented reality app, its overwhelming popularity is quite apparently ushering in a new era in which these sorts of interactions (and associated legal risks) will become more commonplace. However, given the widespread anecdotal evidence that pursuing the transient creatures is helping people be, well, happier, implementing appropriate policies may well prove to be a complex endeavor.

Lurking in the background of this discussion is the notion that Pokemon Go will soon run its course and fade away. After all, there have been other immersive experiences that temporarily held outsized sway, such as the anecdotal reports of depression induced by the film Avatar due to the fact that the world in the movie was fictional. But even when this iteration of Pokemon departs from the public consciousness, there will undoubtedly be other augmented reality apps, and other innovations, that raise novel concerns for the enterprise.

Prior to ZL, I served as a compliance consultant at a top-5 bank and represented clients regarding a wide range of legal matters, including breach of contract, appellate law, securities fraud, and motion picture financing. Here at ZL, I’ve truly enjoyed the opportunity to engage in the discussion of how technology will fit into the bigger picture of legal practice. My interests include the Baltimore Ravens, music, and good books.