FACTORY ESCAPE GAME

start

FIX THE FACTORY

By Henry, Max, Daniel

You have been hired to fix the AI in this factory. Fix AI misuses to align with SDG goals (The UN's Sustainable Development Goals) and the GDPR (General Data Protection Regulation), or the factory will be taken over by AI!

THE MISSION

FACTORy

Factory Control Room

To start, let's find the computer with the AI on it so we can inspect it. Click around to find the computer.

NO

CONTROL ROOM 1/3

YES

This AI states that it is only processing the efficiency of the machines in this factory. However, from your inspection, it appears that the AI is also processing employee data and ranking them based on efficiency, which was unknown to the employees. Is this in compliance with GDPR (General Data Protection Regulation) regulations?

Incorrect! "You must process data for the legitimate purposes specified explicitly to the data subject when you collected it." -GDPR Since the AI is processing employee data without their knowledge, that would go against that GDPR principle.

Correct! "You must process data for the legitimate purposes specified explicitly to the data subject when you collected it." -GDPR Since the AI is processing employee data without their knowledge, that would go against that GDPR principle.

try again

You failed to regulate the AI! 😔

MISSION FAILED

Removing the antivirus

Make the password "password1234""

Two Factor Authentication

You notice that the AI handles all the employee's data with no encryption or protections, and neither do the employees. This violates the 6th GDPR principle. What is a way the employees at this factory can keep the AI's sensitive data secure?

CONTROL ROOM 2/3

Incorrect! Removing an antivirus would make the database more susceptible to cyberattacks.

Incorrect! "password1234" is a very easy to guess password that anybody could guess. This would not help make the database more secure.

Correct! Two factor authentication can stop attackers from accessing sensitive information that the AI stores by requiring another device for the employees to access data.

try again

You failed to regulate the AI! 😔

MISSION FAILED

3. Data Minimization

CONTROL ROOM 3/3

7. Accountability

2. Purpose Limitation

The engineer that operates and monitors the AI seems to be unaware and indifferent to the GDPR regulations it has failed to pass, even when you state these flaws to him. Which GDPR principle does this violate?

Correct! Accountability says that data controllers have to be able to show they are GDPR compliant. Not caring about GDPR regulations would violate this principle.

Incorrect! Purpose limitation states that you should only process data for legitimate purposes described to the data subject, but this situation does not relate to this principle.

Incorrect! Data minimization states that you should only collect and process as much data as absolutely necessary, which does not apply here.

try again

You failed to regulate the AI! 😔

MISSION FAILED

You've fixed the Factory Control Room and solved all AI issues here. Now it's time to move on to the next area.

Factory Control Room

FACTORY

Data Storage Room

This is a data storage bank for a small social media company. Click on the control panel to check it out!

QUESTION 1/3

It seems this AI is having problems with User #173967. Which piece of data, according to GDPR, is illegal for this AI to store and process?

User #173967's email is m.k@email.com

User #173967's username is Makr

User #173967 is of the muslim faith

This violates GDPR article 9, which states "Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited."

Correct!

Companies are allowed to know usernames that their customers use on their platform.

inCorrect!

Companies are allowed to know their users' email.

inCorrect!

try again

You failed to regulate the AI! 😔

MISSION FAILED

QUESTION 2/3

You find old information concerning a former employee that was forgotten about. Is the company allowed to keep this information?

Who cares?

No

Yes

This violates GDPR principle #5: Storage Limitation. This states that the controller may only keep the data for a long as it is useful for the purpose specified when the data was given. Since data on an old employee isn’t necessary because they don’t work there anymore, it should have been deleted.

inCorrect!

This violates GDPR principle #5: Storage Limitation. This states that the controller may only keep the data for a long as it is useful for the purpose specified when the data was given. Since data on an old employee isn’t necessary because they don’t work there anymore, it should have been deleted.

Correct!

This violates GDPR principle #5: Storage Limitation. This states that the controller may only keep the data for a long as it is useful for the purpose specified when the data was given. Since data on an old employee isn’t necessary because they don’t work there anymore, it should have been deleted.

inCorrect!

try again

You failed to regulate the AI! 😔

MISSION FAILED

Data Storage Room

Nice job fixing the data storage room! Time to move on to the next area.

the base

Your co-worker Howard was behind the door, help him look through the employee records and remove the unethical information collected by the AI.

QUESTION 1/3

Which of these pieces of data is not ethical to collect for an employer by AI?

previous places of employment

DNA records

Level of Education

According to the European AI Act the knowledge of an employees level of education for an AI is permitted.

INCORRECT

According to the European Union AI Act the collection of biometric data such as DNA is unethical use of AI

Correct

According to the European Union AI Act AI can collect information pertaining to previous places of employment.

INCORRECT

try again

You failed to regulate the AI! 😔

MISSION FAILED

QUESTION 2/3

As mentioned in an article by Boston University, "...discriminatory disinvestment in broadband infrastructure that disproportionately affects people of color, low-income communities, and rural populations, worsening disparities in access to healthcare, social services, education, and employment for these populations," is called what?

Digital redlining

Digital Segregation

Historical Data Redlining

That's not the correct term.

INCORRECT

While redlining was made illegal in 1968 by the Fair Housing Act, it is still present in the digital sphere through AI's assumptions due to biased historical data

Correct

try again

You failed to regulate the AI! 😔

MISSION FAILED

QUESTION 3/3

The AI used in the hiring process has shown to have bias, what SDG goal does this work against?

SDG 10

SDG 9

SDG 9: Industry, Innovation, and Infrastructure would not be directly affected by this action by AI.

INCORRECT

SDG 10: Reduced Inequalities is being worked against due to the bias that the AI can hold caused by biased historical data.

Correct

try again

You failed to regulate the AI! 😔

MISSION FAILED

Thanks for helping me look through these files!

Nice job helping Howard. Now it's time to move on to the next and final room.

the base

There appears to be nothing wrong in this area, but let's check out one of these robots to make sure. Click on one of the robot arms.

Assembly Room

Uh oh, there seems to be an error in one of the robot arms and it's going haywire and causing destruction! Let's fix this as fast as we can. You will have a limited amount of time to answer the next questions

Assembly Room

try again

You failed to regulate the AI! 😔

MISSION FAILED

00:15

1/3 questions

Correct! Good health and well being is the answer because social networks like Facebook have been shown to negatively impact health and well being of individuals and communities.

2/3 questions

00:15

Correct! Life on land is the answer because the characters in the movie are trying to restore earth so that life on land can flourish and they can live on earth again.

3/3 questions

00:15

Correct! The European Union's General Data Protection Regulation (GDPR) was created to protect everyone's personal data online.

Sources

START OVER?

Nice job, You've saved the factory! Thanks for playing!

Mission Complete

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.

SOURCES

exit

back

You will lose progress

Are you sure you want to go out?