FACTORY ESCAPE GAME

FIX THE FACTORY

start

By Henry, Max, Daniel

THE MISSION

You have been hired to fix the AI in this factory. Fix AI misuses to align with SDG goals (The UN's Sustainable Development Goals) and the GDPR (General Data Protection Regulation), or the factory will be taken over by AI!

FACTORy

Factory Control Room

To start, let's find the computer with the AI on it so we can inspect it. Click around to find the computer.

CONTROL ROOM 1/3

YES

This AI states that it is only processing the efficiency of the machines in this factory. However, from your inspection, it appears that the AI is also processing employee data and ranking them based on efficiency, which was unknown to the employees. Is this in compliance with GDPR (General Data Protection Regulation) regulations?

NO

Incorrect! "You must process data for the legitimate purposes specified explicitly to the data subject when you collected it." -GDPR Since the AI is processing employee data without their knowledge, that would go against that GDPR principle.

Correct! "You must process data for the legitimate purposes specified explicitly to the data subject when you collected it." -GDPR Since the AI is processing employee data without their knowledge, that would go against that GDPR principle.

MISSION FAILED

You failed to regulate the AI! 😔

try again

CONTROL ROOM 2/3

Removing the antivirus

You notice that the AI handles all the employee's data with no encryption or protections, and neither do the employees. This violates the 6th GDPR principle. What is a way the employees at this factory can keep the AI's sensitive data secure?

Make the password "password1234""

Two Factor Authentication

Incorrect! Removing an antivirus would make the database more susceptible to cyberattacks.

Incorrect! "password1234" is a very easy to guess password that anybody could guess. This would not help make the database more secure.

Correct! Two factor authentication can stop attackers from accessing sensitive information that the AI stores by requiring another device for the employees to access data.

MISSION FAILED

You failed to regulate the AI! 😔

try again

CONTROL ROOM 3/3

7. Accountability

The engineer that operates and monitors the AI seems to be unaware and indifferent to the GDPR regulations it has failed to pass, even when you state these flaws to him. Which GDPR principle does this violate?

2. Purpose Limitation

3. Data Minimization

Correct! Accountability says that data controllers have to be able to show they are GDPR compliant. Not caring about GDPR regulations would violate this principle.

Incorrect! Purpose limitation states that you should only process data for legitimate purposes described to the data subject, but this situation does not relate to this principle.

Incorrect! Data minimization states that you should only collect and process as much data as absolutely necessary, which does not apply here.

MISSION FAILED

You failed to regulate the AI! 😔

try again

Factory Control Room

You've fixed the Factory Control Room and solved all AI issues here. Now it's time to move on to the next area.

FACTORY

Data Storage Room

This is a data storage bank for a small social media company. Click on the control panel to check it out!

QUESTION 1/3

User #173967 is of the muslim faith

It seems this AI is having problems with User #173967. Which piece of data, according to GDPR, is illegal for this AI to store and process?

User #173967's username is Makr

User #173967's email is m.k@email.com

Correct!

This violates GDPR article 9, which states "Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited."

inCorrect!

Companies are allowed to know usernames that their customers use on their platform.

inCorrect!

Companies are allowed to know their users' email.

MISSION FAILED

You failed to regulate the AI! 😔

try again

QUESTION 2/3

Yes

You find old information concerning a former employee that was forgotten about. Is the company allowed to keep this information?

No

Who cares?

inCorrect!

This violates GDPR principle #5: Storage Limitation. This states that the controller may only keep the data for a long as it is useful for the purpose specified when the data was given. Since data on an old employee isn’t necessary because they don’t work there anymore, it should have been deleted.

Correct!

This violates GDPR principle #5: Storage Limitation. This states that the controller may only keep the data for a long as it is useful for the purpose specified when the data was given. Since data on an old employee isn’t necessary because they don’t work there anymore, it should have been deleted.

inCorrect!

This violates GDPR principle #5: Storage Limitation. This states that the controller may only keep the data for a long as it is useful for the purpose specified when the data was given. Since data on an old employee isn’t necessary because they don’t work there anymore, it should have been deleted.

MISSION FAILED

You failed to regulate the AI! 😔

try again

Data Storage Room

Nice job fixing the data storage room! Time to move on to the next area.

the base

Your co-worker Howard was behind the door, help him look through the employee records and remove the unethical information collected by the AI.

QUESTION 1/3

Level of Education

Which of these pieces of data is not ethical to collect for an employer by AI?

DNA records

previous places of employment

INCORRECT

According to the European AI Act the knowledge of an employees level of education for an AI is permitted.

Correct

According to the European Union AI Act the collection of biometric data such as DNA is unethical use of AI

INCORRECT

According to the European Union AI Act AI can collect information pertaining to previous places of employment.

MISSION FAILED

You failed to regulate the AI! 😔

try again

QUESTION 2/3

Historical Data Redlining

As mentioned in an article by Boston University, "...discriminatory disinvestment in broadband infrastructure that disproportionately affects people of color, low-income communities, and rural populations, worsening disparities in access to healthcare, social services, education, and employment for these populations," is called what?

Digital Segregation

Digital redlining

INCORRECT

That's not the correct term.

Correct

While redlining was made illegal in 1968 by the Fair Housing Act, it is still present in the digital sphere through AI's assumptions due to biased historical data

MISSION FAILED

You failed to regulate the AI! 😔

try again

QUESTION 3/3

SDG 9

The AI used in the hiring process has shown to have bias, what SDG goal does this work against?

SDG 10

INCORRECT

SDG 9: Industry, Innovation, and Infrastructure would not be directly affected by this action by AI.

Correct

SDG 10: Reduced Inequalities is being worked against due to the bias that the AI can hold caused by biased historical data.

MISSION FAILED

You failed to regulate the AI! 😔

try again

Thanks for helping me look through these files!

Nice job helping Howard. Now it's time to move on to the next and final room.

the base

Assembly Room

There appears to be nothing wrong in this area, but let's check out one of these robots to make sure. Click on one of the robot arms.

Assembly Room

Uh oh, there seems to be an error in one of the robot arms and it's going haywire and causing destruction! Let's fix this as fast as we can. You will have a limited amount of time to answer the next questions

MISSION FAILED

You failed to regulate the AI! 😔

try again

1/3 questions

00:15

Correct! Good health and well being is the answer because social networks like Facebook have been shown to negatively impact health and well being of individuals and communities.

2/3 questions

00:15

Correct! Life on land is the answer because the characters in the movie are trying to restore earth so that life on land can flourish and they can live on earth again.

3/3 questions

00:15

Correct! The European Union's General Data Protection Regulation (GDPR) was created to protect everyone's personal data online.

Mission Complete

Nice job, You've saved the factory! Thanks for playing!

Sources

START OVER?

SOURCES

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.

Are you sure you want to go out?

You will lose progress

exit

back