One of the most common questions I get asked (or overhear) as a teacher, content creator, and recruiter is “Why do I need to give a corporation my API(s)?”
The answer is a deceptively simple one—deception being the point. Recruiters, personnel officers, and other corporation and alliance officials need to ensure that the players joining their membership are forthright, honest, and a good cultural fit. As long as CCP’s EVE Online End-User License Agreement (EULA) allows a game culture where scamming, theft, piracy, and corporate espionage are permitted—if not endorsed—then it behooves them to use every tool at their disposal to achieve that.
The API is the single largest tool in that toolbox. While the EULA has very strong language around the use and disclosure of a player’s personal information, it is a lot less protective of character information and the communications, interactions, and play a user has in the use of that character. The EULA document clearly states that nothing you do as your character is private, and you should have no such expectations that it will be. The API grants access to that information.
What the heck is an API?
For those who are unfamiliar with the term, API is short for Application Program Interface.
An API makes it easier for developers, both at CCP and third-party, to develop additional tools outside of the game and to access information and data sets to use in those tools. Tools empowered by APIs include:
- Desktop programs (EVEMon, PyFA, EVE ISK-per-Hour, and others)
- The EVE mobile apps (EVE Online Portal, Evanova, EVE Droid, Aura, EVE PI, etc)
- Market and industry websites (EVE Central, EVE Market Data, Evepraisal, Chruker’s EVE Market, EVE-Cost, EVEplanets, EVE-Mogul, EVE-Industry, Cerlestes Ores, ad infinitum…)
- Metrics tools (Your EVE Year, Your year in EVE, and EVE Year in Review)
- and dashboards created by content creators who know how to take advantage of APIs:
- EVE Talk with DeLoneWolf
- EVE Prosper podcast with Lockfox (now defunct)
- Miner Metrics with Christopher Mellon
- and many of the podcasters linked on EVEpodcasts.com
The above is not an exhaustive list.
As such, while the API is a programmer’s tool, for recruiters and officers in EVE’s many corporations and alliances the API is more of a Swiss Army Knife.
Why do corps ask for an API?
In addition to the host of tools designed for player-benefit, above, there are also tools created expressly for corporations.
These tools allow the user to parse through your account, and character information. What kind of information? Everything.
Everything contained in the game about your account and the characters in it.
I’ll let that sink in for a minute.
Okay, so beyond sounding like an Orwellian nightmare this is actually incredibly useful for vetting players for a corporation. It can tell a corp officer or recruiter a lot about your engagement with the game, with others, and with certain types of game-play.
The purpose for requesting this information is multi-layered:
- Transparency: Are you acting with good faith? It sets out a foundation of trust and honesty.
- Trust, but verify: Does your account and character details support your backstory and your assertions?
- Education: Does your API(s) show a thoughtful approach to character development; where can the corporation or alliance help you to grow?
- Fit and suitability: If you are joining a PVP alliance do you have the requisite skills to fly the alliance doctrines? Do you show prior experience in solo and fleet PVP?
- Counter-intelligence: Are you lying? If so, why, and to whom do you report?
Looking at a submitted API, however, takes a bit of experience and awareness. You have to know what it is that you’re looking for and you have to understand the rationale that drove it. While you run the sincere and extreme risk of fallacy of intent, you can also underestimate the motivations of a particularly savvy or dedicated spy.
On the matter, John le Carré wrote that “once you’ve lived the inside-out world of espionage, you never shed it. It’s a mentality, a double standard of existence.”
He was not wrong.
A model for analysis can be wrong but data never is.
The biggest problem tech, bio-med, and hard sciences companies have in presenting analyses with large data sets is that with sufficient data you can appear to support anything. Companies which adopt big data tools without properly trained and experienced data scientists can end up with horribly skewed, inaccurate, or flat wrong assertions and can waste millions of dollars on a “sure bet” that turned out to be trash.
People can, and have, built whole careers on bad or incomplete data. When new data is revealed that disproves their understanding of the world, some take it very badly. Others are excited for the chance to learn the truth, because of all the new possibilities for discovery which are revealed. (I kid you not: a fossilized piece of human excrement upended the archaeological chronology of the Americas.)
When you get a big set of data like an API output, you need to know what questions to ask in order to prove the legitimacy of a person’s claims. Otherwise, you’ll just end up frozen looking at a giant wall of information and it’s easy to get lost in that data. This is called analysis paralysis; where you have so much information you’re not sure where to start. This is where the social sciences meet the hard sciences. You need to be able to refocus your search to shine a very bright light on the gaps between a person’s story and what the hard data in their API doesn’t do to support their claims.
Lies are like bad research. The beauty of the scientific method is that when you hold up presented findings to ardent scrutiny it only takes one bad premise to make the whole fallacy collapse. And if you’ve done your job right, anyone should be able to reproduce your results. I get excited when I catch someone in a lie.
Tread lightly, though, because it can be hard to balance paranoia and jurisprudence.
The denials, if they need be given, could better be given with sincerity, and they could only be feigned if you didn’t know them at all.
– Kenneth Eade, Russian Holiday
At the end of the day, it all boils down to Human Intelligence, referred to in military and law-enforcement circles as HUMINT or ELINT, Clandestine Intelligence, Cloak and Dagger, Sneak and Peek, and a dozen other euphemisms, acronyms, and pejoratives. Regardless of how you come by your data, you need a means to aggregate it and you need a person who knows what they’re looking for to make the call on a person’s sincerity, the reliability of the data, and the possible variances on the model. All it takes is one piece of information to undo a person’s façade.
This is where human intelligence meets counter-intelligence.
Once you find something that doesn’t fit the weave of a person’s story, you need to be able to understand what it means in the greater arc of New Eden’s social, economic, military, and political environment. Once you have one bad premise in a person’s assertion that they’re being forthright and honest, you need people who can go digging, and know where to look. People with spies of their own to discreetly ask questions, covertly reconnoiter, and report back to you.
It’s never the size of the lies. Spies get caught out in the details.
Here are three examples which are common enough that (as a recruiter) I don’t feel like I’m selling the keys to the kingdom in sharing them:
- Personal standings: You apply to a corp as a neutral newbro, but you have +10 personal standings set with someone in their enemy’s alliance.
- Wallet and skills: You claim to be a day-one newbro, but you’ve got 300M ISK and all of your skills are only combat-related.
- Kill History: You claim you’ve never “done PVP” but you’re on kills with Bomber’s Bar or Spectre Fleet.
When it comes to spies, there are a figurative thousand-and-one ways to find them out. Where there’s one, there are always more. Always.
I have never caught a spy where it was only one piece of information which sold them out. The API isn’t the only place that information comes from.
If you’re one of the newbros who has asked the question, “Why do you want my APIs?” I hope that this answers your question.