How bureaucracy effectively killed a community project

Hello world!

My name is Karl Lindmark, and I thought I’d try to tell you guys a story about how the world works, more specifically how bureaucracy can effectively kill a community project. In order for you guys to be able to wrap your head around the whole situation, I’ll pretty much have to give you the long version of it all. So, without further ado, let’s go back to October 2011 (more specifically Friday the 27th), where this whole thing began.

It was a…

…cold October evening in Sweden, and I had just played a few rounds of Battlefield 3, when a question popped into my head – can I interact with friends and foes while not in the game, nor by my computer? Battlefield 3 came bundled with a social network for the game, a social network called Battlelog. Battlelog seemed like a great leap for the genre per se, as there wasn’t really a similar service providing the users with the tools to interact with each other and keep track of their performance. Yes, I’m aware that Bungie somewhat had that combination since Halo 3, if not even earlier, but apart from that I don’t see any worthy mentions. Oh well, back to the point!

You see, as an aspiring developer I tend to look for interesting projects that I can utilize my skillset on, and more importantly – upgrade my knowledge and become better at what I love doing. Battlelog was released with Battlefield, and the landing page pretty much advertised an app for it. I searched Android Market – nothing there, and no other information could be found except for the hinting image of an actual app. One might think that a multi million corporation would be able to have an app out for the release of their (very) anticipated game, but that wasn’t really the case. Eager to learn more about Android development in a real situation outside the tutorials, I decided to take the matter in my own hands and create my own app. A little more than a day later, BF3 Battlelog (unofficial) was born, and available on Android Market. If someone would’ve told me that I would actually reach out to the amount of users that I have, I would’ve said “not a chance”, but man what a ride it’s been.

There are a few major milestones worthy of mention:

•  The first version only worked for Xbox players due to me not knowing how the underlying Battlelog API actually works, but thanks to a few users, I managed to overcome that critical obstacle.
• Also, quite early on, I decided to open source the app, and put up the code on my Github - the reason for this was mainly due to two factors: transparency and education. Transparency as in “here’s what the app is really doing” (which is the same as advertised) and education as in giving something back to the community that hopefully teaches/engages another human-being…
• …and this led to me making new contacts. Somewhere around five months ago, I started getting code contributions from Peter Mikloško, a man that’s provided me with a ton of help ever since. Much appreciated Peter!
• Seeing people refer to your work when you haven’t had contact with them directly is really something else. I remember seeing a tweet aggregator mention BF3 Battlelog, so I clicked the link and saw that a Swedish newspaper had mentioned the app on their webpage. Big “what the fork”-moment right there.
• Last but not least – the issue at hand, the 100,000 mark and subsequent removal from Google Play.

Anyhow, let’s get back on track…

…and jump to April 13th 2012. The app had just reached 100,000 (unique) downloads on Google Play, and I was reaching out to DICE (more specifically Daniel Matros a.k.a zh1nt0) for sponsorship regarding a giveaway I was planning for the users. Little did I know that the following evening would be of such disappointment when I replied to Daniels email (which had a positive attitude towards the idea) – after all, you’d think that community is what makes a game blossom, but I was really oblivious of what was about to happen.

At 11:35 PM, I received an email from Google Play, with the message that my app “has been removed from the Google Play Store”, courtesy of our friends over at EAs legal department. Bam. Bureaucracy ran me over, like a tsunami over an helpless village. During the upcoming days, I tried to get answers from EA (IP Department) and DICE (zh1nt0 and elxx a.k.a Elton Muuga) but with no luck. I’m guessing the first email I sent to a specific individual didn’t reach the intended recipient, but we tried again later on and got some answers. I’ve included the full email thread with them below, to shed some light on what they had to say about the whole situation.

Peter » IPEnforcement & Me

To whom it may concern!

My name is Peter Miklosko and I’m contributing to Karl Lindmark open source project Bf3 Battlelog (Unofficial).

On the 13 April 2012 on request from your office Google Play removed the above named application from Google Play Store (Please see bellow for orignal message from Google Play). At that time official reason been

The applications at issue display unauthorized copies of images and unauthorized use of trademarks of EA’s video game Battlefield 3 and EA’s Battlelog.

After discussion with Daniel Matros (Global Battlefield Community Manager at DICE) and Elton Muuga (Web Software Engineer EA DICE) we learned that display of images was not the issue since application was non-profit, but the real reasons been rising number of complains because of stolen user credentials by rouge applications and use of BATTLELOG name in the title of the application. At this time it was suggested to us that if we can use Battlelog own website login mechanism and change the title of the application you would be willing to revoke your report on the application.

We been working on suggested changes and would like to push them to our existing application user in next few days. Could you kindly contact Google Play and revoke your report for:

android_app_developer_1: ninetwozero.com
android_app_name_1: BF3 Battlelog (unofficial)
android_app_url_1:

https://play.google.com/store/apps/details?id=com.ninetwozero.battlelog&feature=search_result#?t=W251bGwsMSwxLDEsImNvbS5uaW5ldHdvemVyby5iYXR0bGVsb2ciXQ..

Kind regards
Peter Miklosko

IPEnforcement » Peter & Me

Good afternoon:

Your application was removed from the Google Play market because it used copyrighted images and trademarks from EA’s Battlefield 3 video game and EA’s Battlelog application as well as required users to login with their private EA login credentials, including username and account password. The credentials you were requiring users to enter could potentially give you access to sensitive information, so you can understand why we would want to protect the credentials.

EA greatly appreciates its fans and would be willing to allow you to repost your application if you agree to (1) remove all copyrighted artwork and trademarks, including Battlelog from your application; (2) put “Unofficial” before the title of your application; and (3) change the login requirements and do not require users to enter their credentials.

We look forward to hearing from you on this matter.

Thank you,
Marissa

Me » IPEnforcement (Marissa) & Peter

Hello Marissa!

While I do understand the need to protect the user’s sensitive information, I also see no (better or atleast likewise) alternate way to authenticate a user at the current time being. The thing with the app that differentiated it from the other apps on Google Play, was that it gave the user the “Battlelog experience”, which basically means everything from the public feed to the chat, forums, platoons and all other features that need an authenticated user to function correctly.

Would it be possible to obtain some sort of “permit” to use the credentials, given I sign some form of contract stating that:

a) I will never send the Origin credentials to third-party servers (only battlelog.battlefield.com)
b) I will never misuse the (on the device) stored (encrypted) password

I’m not familiar with what might be possible, and not possible at all – but hopefully you’ll be able to shed some light on this matter. That said, I’ll break down the three terms that you’ve come forward with in your e-mail one-by-one below:

1. Remove all copyrighted artwork and trademarks
While this term is as straight-forward as it gets, I feel that I need to ask what artwork used in the app falls within the boundaries of the copyright; weapon images and so on? If so, pretty much every other app (both disabled and active) use them, and If I’m not mistaken the website bf3stats.com even provides a zip-file with all the images bundled together.

2. Put Unofficial before the title of the application
Is this term still needed (or even feasible) if Battlefield/Battlelog isn’t present in the name. Scenario: we decide to name it “BF3 Combat log” or anything similar – would it require the “unofficial”-prefix, or would it be OK to use without it? I did include the unofficial-postfix from start when I picked the name “BF3 Battlelog (unofficial)”, as I felt the need to notify the users (already at the first glance) that the app wasn’t endorsed by EA/DICE. However, naming it something non “Battlefield” nor “Battlelog” would mean no risk to mislead users into thinking it’s the official app, thus rendering the “unofficial”-tag unnecessary.

3. Change the login requirements and do not require users to enter their credentials
I’m not 100% sure I understand this one – how can one maintain a login without requring the users to enter their credentials? Mr Muuga did however suggest that we use a WebView (instead of using a regular two-field login), which is basically a browser window that opens up within the app and enables the user to login via the website, and once that’s done – we’ll have to retrieve the cookie from it to be able to access the resources in the “regular” fashion.

This comes back to the part above where I said I’ll would be willing to sign a contract of some sort to ensure that no misuse will be done, and in return the app receives a permit thus leaving the login functionality intact. That would be the best solution to #3 if you ask me, atleast until the guys working on Battlelog create some way to use OAuth or anything similar. Also, although we are 2-3 people actually writing code for the app, I do have the last say and I look through all the contributions thorough, ensuring that every single line of code is “valid” (in the sense that it’s conforms with the user credential integrity, and so on).

Eclipse and other projects sometimes use something called an Open Source Contributor Agreement – examples of such can be viewed more specifically here (http://www.eclipse.org/legal/committer_process/EclipseIndividualCommitterAgreementFinal.pdf) and here (http://www.apache.org/licenses/icla.pdf). (Peter’s remark)

Last but most certainly not least – thank you for replying to us. We appreciate the fact that you’re willing to talk to us about it and come up with a solution. After all, we’re only individuals wanting to help everyone out.

Best regards,
Karl Lindmark

IPEnforcement (Marissa) » Peter & Me

Dear Mr. Lindmark,

As explained, EA requested removal of your application because it used EA intellectual property without authorization in a manner we believe was infringing and misleading to consumers, who were being asked to provide their private account credentials to use the application. Unfortunately, we cannot authorize or endorse any collection of our consumer credentials. EA actively advises our consumers not to share the account information. With respect to your questions on use of our trademarks and copyright content, we offered solutions to ensure that your application would not infringe our rights. There may be other solutions, e.g., choosing a name for your application that doesn’t use any EA trademarks. You may want to consult your own counsel on any other rights you may have with respect to intellectual property use or other rights pertaining to distribution of your application or collection of user credentials. EA will not seek to remove any application that doesn’t infringe its rights. Thank you.

Thanks,
Marissa
IP Enforcement Associate
Electronic Arts Inc.

So, what they’re saying is…

…well, let me break the terms down one by one, to show you why this is such a mess.

1. Remove all copyrighted artwork and trademarks, including Battlelog from the application

While I do see why this may (or may not) be an issue, I feel it’s unreasonable to state this due to the fact that there are plenty of apps up on Google Play that use “copyrighted images” from Battlelog and Battlefield 3 - what exactly triggered the gun to shoot at this app, and nine others? Heck, I’m pretty sure *all* the BF3Stats.com-based apps use copyrighted images (they sure look identical to the ones on Battlelog don’t they?), and the api itself… well, it links to a big-ass image pack consisting of the images in question. Don’t get me wrong, I’m not trying to bring down the Internet and BF3 Stats-based apps, on the contrary – I believe the images are subject to fair use and should not be considered an issue. Now, if we instead created a game called Battlefield 33 and used the images, then EA/DICE should start worrying.

2. Put “Unofficial” before the title of the application

This point is actually quite fuzzy. Since they state the terms in the sense of term 1, 2 and 3, it could be considered that they’re “chained”, effectively leading this to mean that whatever I choose to name the app, I have to put “Unofficial” before it. Does this mean that I can call it “Unofficial BF3 Battlelog”? Probably not, but it seems to me as if I’d have to change the name to “Unofficial <new app name here>” to satisfy them. I’ve tried to be very clear about my intentions with the app throughout the period it’s been available, and I believed that including “(unofficial)” in the name from the start would keep it away from these type of things. I guess I was wrong.

3. Change the login requirements and do not require users to enter their credentials

This is the liver blow, the kill shot, the kick in the groin – you name it, it’s there. Just to get on the same page here, we’re talking about a social network (Battlelog), and thus an app for a social network (BF3 Battlelog). A quick lookup on Wikipedia states that “a social network is a social structure made up of a set of actors (such as individuals or organizations) and the dyadic ties between these actors”. Notice that it mentions the term individuals, as it bears quite the weight in this situation. An individual is a person with their own identity, and can be seen as an entity in the social network. Parallells can be drawn to a real-life society, where people can state who they are, but we don’t often encounter a situation where we have to distrust the identity the individual is claiming as their own. The solution to this problem has been to keep track and issue plastic cards that prove the bearers identity. It’s a bit more complicated when it comes to the digital world, but it works out OK most of the times. Battlelog, being a social network, regulates the population in their own “e-world”, and handles the identity management for the individuals residing in it. They know who is, and is not allowed to be on Battlelog, as well as have the means to tell the difference between the users (easiest done via the unique usernames).

So, if you want to interact in the world, on your or another individuals behalf, you’ll need to have the appropriate ID (and probably looks too) present (or in this case, e-mail address & password) to be able to do so. If that wasn’t the case, then anyone could take the role of the Community Manager, the administrator and other individuals, as there is no way to restrict the usage. The same goes for the app – for the users to be able to use the app, they’ll have to login through it (directly passing the credentials onto Battlelog) and in return the app will act on their command within the boundaries of their identity. To change the login requirements, and not require the users to enter their credentials would literally cripple the app. After all, a social network without the social networking isn’t really a social network is it?

This demand is by far the hardest one to manage to comply to, as it really isn’t something that I deem acceptable (given the circumstances). I do understand the issue with third-parties getting access to user credentials, but if it’s done correctly I don’t really see why it’s a problem. In this specific case the app goes under an open source license, meaning that the code is available online for anyone to view (in other words, check for malicious intent). Some people have claimed that “the code visible on GitHub isn’t neccessarily the same as the actual app”, which is a statement that can easily be proven false by decompiling the application. Bottom line is that there are easy ways for EA/DICE to verify that this app is playing nice (as always), but also that there really isn’t a reason for them to disallow the login process via the app.

A little side note: We’ve actually talked to people at DICE regarding an alternative way to login (think Facebook Connect, but for Battlelog), but there isn’t any option for that right now, nor planned for a future release (as we know of). It’s a shame, but what else can one do?

The end?

I’m not quite sure what I expect to happen when I publish this post, but I felt that I owed you guys an explanation regarding what actually went down, and why the app isn’t on Google Play right now – I’m still getting a few e-mails from users asking this question, so here’s the story out straight. As far as my intention to keep on supporting the app with new functionality, I have no real answer to that. I have less time than ever to work on my side projects, and I can’t keep doing it full-time as I did while I was studying (full-time there too), it just won’t work out.

However, one thing I can tell you is that we’re aiming for another beta release, and then we’ll see where we end up. Hopefully it’s with a version 2.0 on Google Play, but one may never know for certain – I thought I was considered in the clear after six months on Google Play with EA/DICE not releasing their own app, but I shouldn’t have taken my hands off the handlebars just yet.

Whichever way this turns out, I’d like to thank you all for your support during the past 7½ months – it’s been an awesome journey and an invaluable experience. Hopefully I’ll create something in the future that you guys will have use of then (as you have had now), and don’t hesistate to leave a comment below or send an email/tweet/anything our way if you have any further questions.

Last but not least, I’d like to end the post by stating the obvious – there’s a reason bureaucracy is just one letter from being bureaucrazy.