U.S. Markets open in 3 hrs 1 min

As the ESA tests E3 2020 site, big questions linger about long-term data security [Update]

Amanda Farough

As the ESA tests E3 2020 site, big questions linger about long-term data security [Update]

A new E3 test site briefly popped up last week, showcasing potential new ticket prices. The ESA is adamant that the site isn't representative of the final E3 site.

Amanda Farough,Tue, 15 Oct 2019 18:33:00

Update (10/15/2019): 

The ESA has reached out to clarify that the media opt-out has been on the registration for several years and isn't in response to data privacy. 

Original Story:

The ESA has been ramping up for another E3. In the wake of the E3 2020 presentation that we received in September, a user on gaming forum ResetEra noticed a new test site for next year's E3 convention. They took a number of screenshots, some shared below, which may be reflective of next year's ticket pricing, in addition to a new option for media applicants: an option to opt out of the exhibitor media list. 

Source: ResetEra

Considering the utter calamity that the ESA created by not securing media, influencer, and analyst registration data for E3 2018 and 2019, even the mention of an opt-out is a far cry from protecting the data that applicants are entrusting to the organization. We reached out to the ESA for clarification as to what the organization, and their external developer, CompuSystems, will be doing to protect applicant data going forward. 

"CompuSystems utilized a randomly-generated URL and password protection to safeguard the test site from unauthorized access and tampering," the ESA said in a provided statement. "This is the same security practice it uses for its other large trade event clients. Upon learning of yesterday’s issues with the test site, CompuSystems took down the site and added additional levels of security. We can assure our E3 partners and attendees that the test site does not reflect the many E3 2020 cybersecurity enhancements we intend to make in partnership with outside experts, including a new practice to collect the minimum information necessary from E3 2020 registrants."

These assurances, including collecting the "minimum information necessary" from applicants aren't particularly reassuring for media, influencers, and analysts whose data has been exposed for the wider internet to process and exploit. The ESA is adamant that this is a "test site… [and] a placeholder to begin building out the E3 2020 registration site. The test site is not reflective of the final E3 2020 site." 

The ESA has yet to give more than a watered-down explanation of what happened with data security over the last couple of years. In a statement provided to GameDaily in August, the ESA said, "... a confidential file containing the contact information of registered E3 2019 media badge holders could be accessed by individuals other than authorized users. The file was located in a password-protected section of the E3 website, which was intended for exhibitors only."

The company said in its email to affected 2019 attendees that, “For more than 20 years, this has never been an issue.” However, according to a source that spoke with GameDaily in August, the ESA knew about data breaches for well over a year without disclosing to the affected parties. As such, the ESA failed to respond to our request for comment both privately and publicly. We have yet to receive any explanation as to why the ESA chose not remove the information in the lead up to the wider breach. And, unfortunately, this failure to take appropriate steps is in line with the maelstrom of chaos that Variety reported on in May. 

The ESA has been, up until recently, opaque in its approach to communicating with the media about almost everything. And between the ESA proposing "queuetainment" and "experience hubs" to entertain the masses, the once trade show is quickly finding itself a hollow imitation of PAX. And that means the ESA is putting itself in competition with a host of better managed, better attended, and more consumer-friendly events where it once stood alone in North America. And if major platform holders and publishers like Microsoft and EA continue to create their own events adjacent to E3, or skip the event entirely, the ESA is banking on a legacy that is seeing diminishing value with each passing year.