It’s worth bearing in mind that in the UK and EU he would have faced similar criminal proceedings. In the UK for example there are specific criminal penalties under the Computer Misuse Act 1990. We wrote about Runescape and the Computer Misuse Act some time ago, check it out for more info
Gamesindustry.biz reports on a Californian class action against Sony Computer Entertainment following its recent removal of the Other OS functionality from the PlayStation 3. I talked to them about it here.
Thanks to Kotaku for this one: a US teen has pleaded guilty to criminal offences over his hacking and crashing of a Playstation web site in 2008, which he did in revenge for being kicked out of a tournament for the PS2 game SOCOM US Navy Seals for using a cheat mod.
Apparently, he carried out his attack by infecting the site’s servers with a virus. Clearly, he was savvy enough to carry out the attack, but not savvy enough to hide his tracks, meaning that he was found out and has now pleaded guilty to four felonies: unlawful use of a computer, criminal use of a computer, computer trespassing and the distribution of a computer virus (this was part of a plea bargain and prosecutors have therefore dropped 11 other counts in exchange for the four guilty pleas). Silly boy.
The case gives us an opportunity to remind everyone of the legal position in the UK. The Computer Misuse Act 1990 is the principal legislation for hacking and it criminalises the following main actions:
(i) Intentional attempts to cause a computer to perform any function with intent to obtain unauthorised secure access to a computer or data on it (e.g. phishing),
(ii) Same as (i) but with the intent to carry out a further criminal offence (e.g. hacking a PC in order to commit fraud), or
(iii) acting in any way which causes the unauthorised modification of the contents of any computer, with the intent to impair the operation of any computer/programme or to hinder access to data on any computer (e.g. uploading a virus to a PC or server).
This Act was most recently used publicly by the UK police to swoop in on a group of Runescape players who had been hacking/phishing Runescape accounts for criminal purposes (more on that, and the Computer Misuse Act, here).
This is one of those posts when the legal lesson of the day seems blindingly obvious, but here goes anyway: hacking someone else’s computer or web site is a criminal offence, so don’t do it!
Follow us at www.twitter.com/gamerlaw or subscribe to our weekly email newsletter here
This article is about modchips: is their sale/use illegal or not? We look at three recent cases in England, Spain and France – which show an interesting divergence of European opinion as to the legality of modchips: not every country thinks that modchips are a bad thing. More below…
“A modchip (short for modification chip) is a small electronic device used to modify or disable built-in restrictions and limitations of many popular videogame consoles. It introduces various modifications to its host system’s function, including the circumvention of region coding, digital rights management, and copy protection (homebrew) software checks for the purpose of running software intended for other markets, copied game media, or unlicensed third-party.”
Modchips exist for other devices (e.g. dvd players) but for today’s purposes we’re only talking about modchips which are used in games consoles and which are intended to circumvent games copy-protection: in other words, modchips which fool a console into thinking that the player owns an authentic, licenced copy of a game when it fact he/she does not. An example of such a modchip is the wiikey, which (funnily enough) mods the Wii.
- USA: in principle, use of modchips may fall foul of the Digital Millenium Copyright Act (DCMA), which has been used previously to get at sellers of modchips (example here)
- In Italy, back in 2005 a court ruled that the purpose of modchips was to ‘avoid monopolistic positions and improve the possibilities for use of the PlayStation’. The court said: ‘It’s a little like Fiat marketing its cars while banning them from being driven by non-European citizens or outside towns.’ “
- In Australia, the Australian High Court ruled in 2005 that modchips for the Playstation 2 were not illegal. As I understand it the Court’s reasoning was that, since the Playstation 2 technology had only ever sought to stop players playing unauthorised games but had not sought to stop them copying those games, a modchip which assisted players to play but not copy unauthorised games was not an attempt to circumvent “technological protection measures” under Australian law. (As far as I’m aware, that position has not been contradicted in any subsequent case-law).
(In England, the Court took a rather simpler approach by holding that the very act of playing a game using a modchip constitutes copying infringement – but there may have been good reasons why this
argument was not adopted in Australia).
- Even without having to get into a detailed legal review of the laws of different jurisdictions, it is clear that some countries have adopted a relatively hardline approach to modchips (e.g. the UK or USA). In particular, the UK has made it clear that the sale of modchips may be a criminal offence.
- But, maybe surprisingly, other countries appear to have taken a more neutral/favourable approach to modchips, recognising that modchips are not just about playing pirated games. With games companies apparently remaining keen to shut down modchip sellers (as with the French action above), it will be interesting to see what 2010 brings…
Details here. A group of Runescape players mount a phishing scam, obtain other players’ accounts, strip those accounts of gold and loot. Presumably they make an in-game or real-world profit. Then the UK Police (specifically the Central Police e-crimes unit) swoop in. They arrest a caution an individual in Avon and Somerset “on suspicion of a number of computer misuse offences”.
Police pwn players
This appears to have been the first time that a UK games company has gone to the police to protect the integrity of its game. Not much at all has been said about exactly what offences have been alleged.
UPDATE: I had initially thought that one way in which the Police could go after the accused would be to prosecute for theft. However, on a closer look (and thanks to the guys in the comment thread), it seems that a better way may be under the Computer Misuse Act 1990 – with which I must admit I was previously unfamiliar. Thanks!
What is the Computer Misuse Act 1990? (CMA)
In the late 1980s there was controversy in the UK regarding the legality of hacking, following a UK case called R v Gold and Schifreen – in a nutshell, two guys were able to hack a British Telecom system but, as the law stood at the time, hacking was not expressly illegal and therefore they were acquitted. This was a factor in the Parliament of the day passing the CMA.
As a very quick summary, the CMA was intended to criminalise three kinds of conduct:
(i) Intentional attempts to cause a computer to perform any function with intent to obtain unauthorised secure access to a computer or data on it (the section 1 offence)
(ii) Same as (i) but with the intent to carry out a further criminal offence (e.g. hacking a PC in order to commit fraud) (the second 2 offence), and
(iii) acting in any way which causes the unauthorised modification of the contents of any computer, with the intent to impair the operation of any computer/programme or to hinder access to data on any computer (the section 3 offence).
Carrying out any of the above renders you liable to a fine and/or imprisonment (between six months and five years depending on how you plead to the offence).
Is the phisher/account-ninja covered?
‘Yes, but the wording isn’t brilliant’, seems to be the general answer. Certainly phishing could be said to fall under the section 1 offence under the argument that the phisher sets programmes running which find out the account details etc of the innocent person(s). To the extent that the phisher had intent to use those details to commit further criminal offences then he/she could also fall under section 2 – which carries harsher penalties. Then there is the somewhat more nebulous section 3: does phishing or ninjaing someone’s account “impair” or “hinder” any other computer or program? Maybe – perhaps if having your account details “hinders” your ability to use the programme?
But this gets even more interesting
Anyway, what we want to do is focus on section 2. If the phisher stole Runescape account details with a view to somehow trying to gain access of others’ computers or stealing their bank details, then there would in principle be a case for arguing that they had had intent to commit further criminal offences under section 2. But what if the phishers only intended to enrich themselves in-game by, for example, turning the stolen accounts’ assets into gold and transferring that gold to themselves or even selling it on the black market (which would be a breach of the EULA etc but not necessarily illegal as such). Could enriching yourself in-game or in the real-world through a game by unauthorised means be classified as an offence?
That is the really interesting part to this case and, if the Police are interested in pushing for the strongest sentence possible against these phishers, they will need to consider this sometime soon – if they haven’t already.
That’s exciting, isn’t it? Makes us think about adding a chapter to that book on virtual law which we’ll have to write one day…
In the meantime, the story goes on…
Little more has been announced since the Police announcement earlier this week, but no doubt further details will follow in due course. It’s also worth bearing in mind that Jagex has stated that this is part of a long-term investigation in both the USA and UK – so there may be further twists in the tale yet…