Snitches get riches | This Week in Games
The SEC's whistleblower program pays for tips that lead to fines, and has proven effective. The FTC and other regulators need to have comparable programs in place.
Sometimes I worry that I spend too much time complaining about the myriad problems in games and tech, and not enough time proposing solutions.
So in the interest of balance, this week I've got a solution to propose. It doesn't fix everything, but I believe this one thing would help address many of the problems we see in games and tech: bounties.
I don't mean bounties like money-paid-for-apprehending-individual-executives (let's put a pin in that one and perhaps circle back to it later), but financial incentives for people who know where the skeletons are buried and can give regulators a detailed map. Whistleblower awards, if you will.
I know, I know. This is not a novel idea. After all, we've already got those.
As part of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the US Securities and Exchange Commission was given the ability to pay money to whistleblowers when their tips lead to fines of $1 million or more.
(Fun fact: Dodd-Frank was also the legislation that mandated conflict minerals reporting for publicly traded companies. I'm a fan.)
The bigger the fine that comes from the info, the bigger the reward, as the whistleblowers are eligible to receive between 10% and 30% of the penalties collected.
By all measures, the program has been a significant success. The SEC Office of the Whistleblower's last annual report to Congress revealed that the program had paid out more than $1.9 billion to almost 400 people since the establishment of the program a dozen years earlier. (Also, I'm delighted that "Office of the Whistleblower" is a real thing and formally request someone make a sitcom about it.)
Since then that number has eclipsed the $2 billion mark, as just last month, the SEC announced another $82 million going to a whistleblower for assisting in a probe that led to SEC enforcement. A second person who assisted later in the probe received $16 million on top of that. A few days later, the SEC announced $24 million in awards for two more whistleblowers.
Whistleblowing can be so lucrative there are people like this guy GQ wrote about last month, who find companies they believe are breaking the law then pose as potential investors to get a better understanding of the business and evidence that can be passed on to authorities.
The SEC program is also gaining in momentum and effectiveness as time goes on. Since 2011, the SEC has received almost 83,000 whistleblower tips. About 60% of those came in the past four years, each of which set a new record for most tips in the program's history.
The problem is that whistleblower payment programs like this exist at regulators like the SEC, the Commodity Futures Trading Commission, the IRS, and the Department of the Treasury's Financial Crimes Enforcement Network, but many of the problems in games and tech right don't fall under the purview of those agencies. Instead, they would be tackled be agencies responsible for consumer protection (Federal Trade Commission), workers' rights (National Labor Relations Board, Equal Employment Opportunity Commission), or the environment (Environmental Protection Agency).
The Department of Justice also recently launched a pilot whistleblower program, but with a focus on financial crimes, government bribes, and foreign extortion cases.
At the risk of oversimplifying things, whistleblowers get money for coming forward to protect money, but have to settle for warm fuzzies if they're instead protecting customers, employees, or, well... everybody.
The cost to whistleblowers
That discrepancy between which agencies can pay for insider assistance is made worse when you consider the risks whistleblowers are taking when they raise an alarm about their employers.
Best case scenario, they're not exactly helping their chances of a promotion. Worst-case is, well, worse.
Here's Debra Katz, lawyer for Boeing whistleblower Sam Salehpour, describing the retaliation he faced after coming forward:
"Initially, he was just told to shut up. Then he was told he was a problem. Then he was excluded from meetings. He was barred from speaking to structural engineers. He was barred from speaking to mathematicians and others to help him understand the data. And at one point, his boss threatened him with physical violence."
And beyond the stress of the actual retaliation, whistleblowers also suffer the toll of whatever possible retaliation they might imagine a company to be capable of. So however certain you or I or the police might be that two Boeing whistleblowers dying unexpectedly this year was just a tragic coincidence, I'm certain the news hit different for the remaining whistleblowers, and is the sort of thing that will no doubt rattle around in the back of the minds of people who consider coming forward in unrelated cases for years to come.
While all these agencies have whistleblower protection rules that say companies can't retaliate against you, most companies aren't going to straight-up say they're punishing you for ratting them out. Assuming you are not a whistleblower, just think of all the ways that your various jobs may have gotten "organically" worse over your working life with no particular malice from above, and how easy it would be for companies to take the mundane reasons for such swings and intentionally direct them toward an individual. Then think of how difficult it would be to prove that was retaliation, how much you could spend on lawyers to make that case for you, and how much the company could spend on lawyers to tear that case down.
It costs a lot to come forward as a whistleblower, to put your career, your finances, your relationships with people from work, and even your health at risk. And I don't think it's unreasonable for people to weigh that cost against the benefit of (maybe) correcting corporate misdeeds and decide it makes more sense to keep their mouths shut.
But if they could weigh that cost against a mountain of money so big they would never need to work again, I think you'd get a few more people digging deep and finding the courage to speak up.
It's not like I'm the first person to suggest this. Democratic Representative Janice Schakowsky introduced the FTC Whistleblower Act of 2021, with a payment model based on the one that worked so well for the SEC. It didn't make it to law, and actually never even came close; it was referred to a pair of committees that week and never heard from again.
That's a shame, because I think an FTC whistleblower payment program could do a lot of good in gaming and tech specifically. So many of the concerns we have in these fields stem from the business taking place inside a black box into which customers and regulators have effectively zero insight. And that's exactly the kind of opacity that requires a view from the inside to truly understand what's happening.
It's one thing for a company to say on a website that this is how its software works, this is what it does with your personal data, or that these are the terms of service, but it's another thing to know that information is accurate and truthful when it was said, and still a third thing to know it will be accurate and truthful next year, or even next week.
Sure, we could take these companies' word for it that they aren't doing anything untoward and are being as transparent about their business as possible, but we're a very long way away from the days when anyone took Google's "Don't Be Evil" mantra seriously, least of all Google. At this point, if you're taking any assurances from tech and gaming companies at face value, I've got a Hyperloop to sell you (provided you halt all plans for improving public transit first.)
What whistles need blowing in games?
If you didn't think I was going to lead with loot boxes, you must be new here.
(Welcome! Be sure to subscribe and tell your friends!)
How are loot boxes designed? Are the odds the same for everyone, or do companies put a thumb on the scale in order to maximize sales? To what extent is the "optimizing for engagement" companies say they do really just "designing for addiction"? Are they deliberately targeting vulnerable audiences, like kids and people with gambling addictions?
How about planned obsolescence and right to repair? From mandatory updates that slow down old hardware to paired parts, are these wasteful and anti-consumer practices really necessary to serve the stated interests of device security and anti-piracy, or are they just trying to push people into buying new devices instead of holding onto their perfectly functional older ones or repairing the things they own?
And what about dark patterns and child privacy? Fortnite was so blatant about its violations on this front that the FTC fined developer Epic Games $520 million in 2022.
At the time, Epic's explanation was basically that everybody else was doing it:
The video game industry is a place of fast-moving innovation, where player expectations are high and new ideas are paramount. Statutes written decades ago don’t specify how gaming ecosystems should operate. The laws have not changed, but their application has evolved and long-standing industry practices are no longer enough... The old status quo for in-game commerce and privacy has changed, and many developer practices should be reconsidered.
And you know what? Epic was 100% right on that count. Using dark patterns to trick people into making purchases has been a staple in the mobile and free-to-play space for years. Because there was never a trade group with the muscle and organizing power to establish reasonable boundaries for platforms to enforce around a growing and experimental industry, the resulting moral free-for-all meant there was always someone willing to be a little more deceptive and blatantly abusive than the norm.
That also meant there was always someone developers could point to as worse then them to reassure themselves they were "one of the good ones" and help them sleep at night. And as more companies found success with shadier tactics, others copied them, and the free-to-play Overton window shifted to make those tactics seem acceptable.
This is happening in more than games, of course. Just look at some of these totally common things the FTC considers to be illegal dark patterns:
● Using virtual currencies to hide the real cost of buying things
● Letting people sign up for a subscription online but making them call somebody to cancel
● Hiding fees or significant limitations in the fine print of terms of use
● Pre-checked boxes to steer people toward sharing personal data
● Ads formatted to look as if they might be actual editorial content
● Making a request that doesn't let the user permanently decline
How would you like to live in a world where the options presented to us by technology were not just "Make this thing crappy now" and "Please remind me to make this thing crappy later"?
Or a world where you never had to scroll past a row of ads that look an awful lot like news stories about how you won't believe what's happened to some child celebrity or one trivial thing you could make that would let you stop loathing your body?
Imagine a world where the terms of service consisted more of the bare minimum things a product needs in order to function instead of an aggressive landgrab to deprive customers of as many rights or recourse as legally allowed.
A world where buying a PlayStation did not mean agreeing to never re-sell a disc-based game without the permission of both Sony and the game's publisher, where signing up for a streaming service didn't potentially mean letting a restaurant off the hook for your wife's fatal allergic reaction, or where being a delivery driver for UberEats in Canada didn't mean agreeing to take any disputes with the company to arbitration... in the Netherlands.
Yes, when those last two were challenged in court (both actual court and the court of public opinion), common sense won out. But they never should have gotten as far as they did, and the benefit of common sense should not be limited to people who can afford lawyers to fight for them.
Now imagine that we didn't need to wait for these kind of abuses to become so pervasive, obvious, and intolerable that the FTC is compelled to take action. Imagine that a whistleblower award program existed to encourage employees who saw companies resorting to these tactics and understood the true extent of them to come forward on their own.
If the FTC could pay tipsters, those Epic fines could have netted a whistleblowing employee more than $156 million. That's a pretty attractive payday to start with, and doubly so when you consider the alternative to that employee could very well be sticking around for years of intense crunch and burnout before being kicked to the curb alongside more than 800 co-workers because the company blew its ill-gotten gains chasing a metaverse pipe dream.
A whistleblower award program would not just incentivize the industry to take better care of customers, but to take better care of employees as well.
Big Tech too big to regulate?
Where whistleblowers in gaming would bring attention to a wealth of companies and practices currently sliding by with minimal friction, the situation is a little different in tech more broadly, where companies like Google, Apple, Meta, Microsoft, and Amazon are already in regulators' crosshairs.
I still think whistleblower awards from more regulators would help address some of the abuses of Big Tech, but these companies are so massive and have so much leverage that any attempts to rein them in are going to be challenged.
In recent years – particularly as regulators have toyed with the idea of actually doing their job when it comes to Big Tech – these companies seem increasingly annoyed with the idea that they are subject to the laws that govern the rest of us, and they are testing the waters of how far they can go to change that.
For example, when the FTC tried to block Microsoft's acquisition of Activision Blizzard, the company responded by arguing the consumer protection agency itself was unconstitutional.
After being accused of retaliating against its employees for supporting unionization, Amazon is making the same argument about the National Labor Relations Board.
(In fairness to Microsoft and Amazon, it's basically open season on the Constitution these days so why not shoot your shot?)
In a lawsuit brought against it by the New York Times, Microsoft-backed OpenAI is arguing with a straight face that it must be allowed to violate copyright law because it would be impossible to make generative AI work without those violations, as if "making generative AI work" should be a higher societal priority than keeping theft illegal.
When a judge in the US ruled that Apple must allow apps to link to outside payment options rather than be forced to pay the App Store's 30% fee, Apple responded with the equivalent of a middle finger, changing its terms to allow the practice but imposing a 27% fee on all redirected charges.
Earlier this year, the EU's Digital Markets Act (DMA) similarly compelled Apple to change a number of App Store policies, and Apple rolled out terms that largely negated most of the benefit developers might find from using a third-party payment processor or launching a competing store for iOS apps. As a result, the European Commission now has three ongoing non-compliance investigations on Apple's revised policies.
Apple also postponed the European debut of some new AI features and blamed it on the DMA, which you could see as the spiteful act of a scorned toddler or an admission that AI is incompatible with even modest consumer protections.
Then there's Facebook, which struck a deal with the FTC in 2012 to stop lying to users about data privacy, then broke it and paid a $5 billion fine in 2019 as part of a new deal with the regulator. Last year the FTC said it broke that new deal, too. Meta disagrees, but this really seems like a Boy Who Cried We-Care-Deeply-About-Your-User-Privacy story at this point.
But I'm sure we can trust them now. It's not like this company spent years denying that it was serving people ads based on overheard conversations captured by their devices, only for us to discover that's pretty much exactly what happens.
As for the one tech giant for whom I don't have an offhand example of egregious above-the-law nonsense – and please feel free to volunteer your own in the comments, I'm sure there are plenty – we're about to see how Google reacts to last month's judicial determination that it holds an illegal monopoly on search and advertising (a subject in which the European Commission has also taken interest). Google has said it will appeal the judge's ruling, but we don't yet know if it's going to argue that judges are unconstitutional.
I don't think having more whistleblowers will suddenly make these giants more deferential to the judgment of regulators, but they could make the regulators' cases stronger and increase the chances of a positive outcome for consumers. As a bonus, it might make the companies themselves slightly more mindful of staying on employees' good sides instead of kicking them to the curb by the tens of thousands during times of record profit.
Letting more government regulators compensate whistleblowers won't fix everything, of course. But the programs pay for themselves, and they've already been proven effective at unearthing misconduct that would have been difficult if not impossible to prosecute otherwise.
Whistleblower awards are an effective tool, and we should be using that tool to protect more than just investors' money.
If you liked this piece, please consider signing up for the Unlosing Writer newsletter. It's free, but if you enjoy the work, I would greatly appreciate a monthly subscription or a one-time tip.