Hotline Miami 2, the forthcoming sequel to the excellent indie game Hotline Miami (note: I wrote that in bold, underline and italics to show how much I mean it), has been denied classification in Australia (another victim of the relatively restrictive local age rating system there). So its developer instead just told Australian fans to pirate the game for free, attracting no small amount of games press in the process (hello, Streisand Effect). So, I thought I’d write a little post on the subject of what happens legally if a developer pirates, or encourages piracy of, its own video game? Continue reading Can you pirate your own video game?
Category: Theft
Should virtual theft be treated like real world theft? A UK MP says yes.
I couldn’t resist blogging quickly about this intriguing story, courtesy of The Guardian: a British MP wrote a formal question to the British government asking them to ensure that in-game theft be treated the same as real world theft. Answer: nope (ish), but it does raise a real question which judges are already addressing… Continue reading Should virtual theft be treated like real world theft? A UK MP says yes.
The second virtual goods crime: is Runescape theft, theft?
The Dutch Supreme Court will be invited later this year to conclude that the theft of virtual goods from Runescape constitutes theft under Dutch criminal law; indications to date suggest that it may conclude that theft of virtual currency/goods IS criminal theft. To my knowledge, this is only the second time that a Western court has considered the (increasingly important) issue of the relationship between virtual goods and criminal law, the first time having been a UK criminal court earlier this year over Zynga chips.*
According to Futocop, this Dutch case apparently forms part of a long-running matter which began in 2008 when two boys were sentenced to community service and suspended juvenile detention after they forced a 13-year old to transfer a Runescape virtual mask and a virtual amulet from one avatar to another under the threat of physical violence. The detail is not entirely clear from Futocop, but I think what happened next is that the case was appealed, but the Court of Appeal ruled against the defendants and the case is now going even higher, to the Supreme Court.
One point in particular is worth noting. As part of the referral of the case to the Supreme Court, the Dutch Advocate General (a sort of legal expert whose job is to assist the court to make its decision) said that the economic value of the virtual goods is of particular interest to the question whether there is theft:
“Virtual objects can represent an economic value both inside and outside the game. They are also individually distinguishable and transferable“.
This comment is interesting because, if it was accepted by legal authorities, then basically that on its own could bring virtual goods and currency within the existing law. Put it another way: if both physical goods and virtual goods are recognised as having the same economic value even though one exists in the real world and one does not, then that is a powerful argument for both of them to be protected in the same way legally. In a way this is nothing new really: after all shares, electronic money and electricity are all legally protected even though you can’t physically touch them. But it is taking some time for courts to recognise that virtual goods fall into this category too. Of course, once that recognition is made, it opens up a whole new can of worms for the games and tech industry: who owns virtual goods? What can you do with them? What classes as virtual goods – game items, ebooks apps? And so on (more details on that here).
Anyway, in the meantime this case is due to go to the Supreme Court in October 2011, so expect more details later in the year…
* For those virtual goods scholars who are reading this post, to clarify: I know there have been previous opportunities in the West to consdier the legal status of virtual goods (e.g. Bragg v Linden Labs), but to my knowledge all of them resulted in settlements etc with no judicial pronouncements being made.
Follow us at http://www.twitter.com/gamerlaw or subscribe to our email updates here
The first virtual currency crime: hacker jailed after $12m Zynga theft
Last week a hacker faced a substantial prison sentence after pleading guilty to stealing approxmately $12 million worth of Zynga chips, a virtual currency used in its poker game. This is big stuff (more on that below).
I spoke with Develop about this fascinating development – here’s their article:
“An IT businessman is facing a substantial prison sentence after pleading guilty to stealing around $12 million in online game currency.
Ashley Mitchell, 29, based in the Devonshire costal town of Paignton, admitted to hacking into the accounts of social gaming giant Zynga.
He transferred around 400 billion virtual poker chips into his account and began selling the currency on the black market. He had made £53,000 before his arrest.
Mitchell stood to make around £184,000 from the chips, the court heard, though Zynga’s sale value of the currency is $12 million.
Judge Philip Wassall said Mitchell faced a substantial jail term for the offences, according to regional paper Herald Express.
Mitchell was remanded in custody after the case was adjourned for reports.
Digital economy
The actual value of Zynga’s intangible and instantly replicable online currency sparked a debate in court.
Prosecutor Gareth Evans said Zynga had not been, in essence, deprived of any goods. He claimed there may be a knock-on effect as more customers bought the poker chips on the black-market instead of paying Zynga.
Judge Wassell asked if the case was any different from stealing notes from the Royal Mint – the UK’s body that manufactures British currency.
Prosecutor Evans replied that, in theory, there was no difference because the mint can produce more currency if its goods were stolen.
He said there is, however, a difficulty in valuing the chips because they are digital. But if Zynga had sold them legitimately the value would have been around $12 million.
Jas Purewal, lawyer and author of Gamer/Law, explained to Develop that the case has set a new precedent.
“This shows that the legal regulation and protection of virtual goods and currency, which historically has been fairly uncertain, is evolving fast – driven partly by the boom in virtual goods sales in games.
“This case is particularly interesting because it involved a UK court recognising virtual currency – in this case, Zynga chips – as legal property which can be protected by existing UK criminal laws.
“The court effectively found that, even though virtual currency isn’t real and is infinite in supply, it still can deserve legal protection in the same way as real world currency”.
Purewal said the case is a “vindication” for Zynga and other virtual goods providers.
Hacker record
Judge Wassell heard that Mitchell’s offences were in breach of a previous suspended sentence he was handed in 2008.
Mitchell had previously been convicted of hacking into the Torbay Council website and changing his personal details.
Defence solicitor Ben Derby said as a plea in mitigation that Mitchell had been “wrestling with a gambling addition” at the time of the Zynga theft.”
THOUGHTS:
As I said to the Develop guys, this case really does seem to break new legal ground. For the first time (so far as I’m aware anyway) in the West, a court has looked at virtual currency and seemingly accepted on relatively little argument that it can be classified as ‘property’ within the meaning of (UK) criminal laws (though NB I can’t state definitively the the court found virtual goods = property, because we don’t have the court transcript).
So what? Well, as longtime readers will know, I’ve been exploring for some time the legal status of virtual goods, which I think is going to come under significant pressure from different directions in the next few years. The key issue is whether virtual goods are ‘goods’ (i.e. property) or whether they are services or something else. If they are property, then in principle they could be bought/sold/assigned etc – which goes way beyond the way in which virtual goods are currently dealt with.
Until now, there has been relatively little by way of official analysis of this issue – which is why this case, where a judge seemed willing to convict a man based effectively upon theft of a virtual currency – is significant.
We may not hear much more about this particular development (except possibly when the man is actually sentenced) but this is definitely not the last we’ve heard about the interaction between games, virtual goods and the criminal law (in fact, I might even write a piece on that next month!) As always, watch this space…
Follow us at http://www.twitter.com/gamerlaw or subscribe to our email updates here
Runescape, the Computer Misuse Act and theft
The background:
Details here. A group of Runescape players mount a phishing scam, obtain other players’ accounts, strip those accounts of gold and loot. Presumably they make an in-game or real-world profit. Then the UK Police (specifically the Central Police e-crimes unit) swoop in. They arrest a caution an individual in Avon and Somerset “on suspicion of a number of computer misuse offences”.
Police pwn players
This appears to have been the first time that a UK games company has gone to the police to protect the integrity of its game. Not much at all has been said about exactly what offences have been alleged.
UPDATE: I had initially thought that one way in which the Police could go after the accused would be to prosecute for theft. However, on a closer look (and thanks to the guys in the comment thread), it seems that a better way may be under the Computer Misuse Act 1990 – with which I must admit I was previously unfamiliar. Thanks!
What is the Computer Misuse Act 1990? (CMA)
In the late 1980s there was controversy in the UK regarding the legality of hacking, following a UK case called R v Gold and Schifreen – in a nutshell, two guys were able to hack a British Telecom system but, as the law stood at the time, hacking was not expressly illegal and therefore they were acquitted. This was a factor in the Parliament of the day passing the CMA.
As a very quick summary, the CMA was intended to criminalise three kinds of conduct:
(i) Intentional attempts to cause a computer to perform any function with intent to obtain unauthorised secure access to a computer or data on it (the section 1 offence)
(ii) Same as (i) but with the intent to carry out a further criminal offence (e.g. hacking a PC in order to commit fraud) (the second 2 offence), and
(iii) acting in any way which causes the unauthorised modification of the contents of any computer, with the intent to impair the operation of any computer/programme or to hinder access to data on any computer (the section 3 offence).
Carrying out any of the above renders you liable to a fine and/or imprisonment (between six months and five years depending on how you plead to the offence).
Is the phisher/account-ninja covered?
‘Yes, but the wording isn’t brilliant’, seems to be the general answer. Certainly phishing could be said to fall under the section 1 offence under the argument that the phisher sets programmes running which find out the account details etc of the innocent person(s). To the extent that the phisher had intent to use those details to commit further criminal offences then he/she could also fall under section 2 – which carries harsher penalties. Then there is the somewhat more nebulous section 3: does phishing or ninjaing someone’s account “impair” or “hinder” any other computer or program? Maybe – perhaps if having your account details “hinders” your ability to use the programme?
But this gets even more interesting
Anyway, what we want to do is focus on section 2. If the phisher stole Runescape account details with a view to somehow trying to gain access of others’ computers or stealing their bank details, then there would in principle be a case for arguing that they had had intent to commit further criminal offences under section 2. But what if the phishers only intended to enrich themselves in-game by, for example, turning the stolen accounts’ assets into gold and transferring that gold to themselves or even selling it on the black market (which would be a breach of the EULA etc but not necessarily illegal as such). Could enriching yourself in-game or in the real-world through a game by unauthorised means be classified as an offence?
That is the really interesting part to this case and, if the Police are interested in pushing for the strongest sentence possible against these phishers, they will need to consider this sometime soon – if they haven’t already.
That’s exciting, isn’t it? Makes us think about adding a chapter to that book on virtual law which we’ll have to write one day…
In the meantime, the story goes on…
Little more has been announced since the Police announcement earlier this week, but no doubt further details will follow in due course. It’s also worth bearing in mind that Jagex has stated that this is part of a long-term investigation in both the USA and UK – so there may be further twists in the tale yet…