Setback for Jagex in Runescape lawsuit

Jagex, developer of the popular browser MMO, has suffered setbacks in its ongoing lawsuit against Impulse Software, the maker of a bot for Runescape called the “iBot”.  This follows attempts in 2009 by Runescape to take legal action against a gang of UK phishers.

First, a quick summary

Impulse’s bot (like most bots) allows players to level up their avatars faster by playing for them.  Jagex, understandably, was not happy with this.  It therefore brought a lawsuit against Impulse Software in the US, bringing claims under the Computer Fraud and Abuse Act, as well as claims for copyright infringement, DMCA violations, and trademark infringement. 

As part of that lawsuit, Jagex sought a preliminary injunction against Impulse banning it from sale or use of the iBot.  This then came to a court hearing, with Impulse contesting the injunction.  The court has now published its judgment denying Jagex that preliminary injunction, during which it commented on Jagex’s claims generally.  A quick summary follows:

Copyright claim: Jagex argued that Impulse’s iBot infringed the copyright works in its game.  The court felt that Jagex’s copyright claims were “unlikely to succeed” since it had not made all the necessary copyright registrations (in the US, for a copyright to be protectable it needs to have been registered with the US Copyright Office – unlike in the UK where there is no registration requirement and generally copyright works becomes protectable as soon as they have been creatted).  In particular, Jagex had not registered copyright in its website or software.  As a result, Jagex could not argue that Impulse had ‘copied’ its copyright works.

DMCA claim: The US Digital Millenium Copyright Act bans attempts to circumvent ‘technological measures’ put in place by owners to protect their copyright works (an example would be DRM technology).  The UK analogy is the Copyright Designs and Patents Act 1998 (you can read more on how it works in the UK here).  Jagex argued that Impulse use of its iBot breached the DMCA provisions.  Again, the court was unpersuaded by Jagex’s argument, because Jagex could not rely upon any registered copyright works that needed protection, or that there were any ‘technological measures’ in place to protect them.

Trademark claim: Jagex argued that Impulse had infringed its trademark in the name “Runescape”.  The court found against Jagex again, on the basis that Impulse had removed any references to Runescape and instead used “RS” throughout.  Jagex argued that the term “RS” was itself infringing on its trademark by causing consumer confusion between Runescape and the Impulse bot, as everyone knew that “RS” was being used to mean Runescape.  The court found against Jagex, on the basis that there could not be consumer confusion between a game and a bot intended to cheat that game.

Computer Fraud and Abuse Act claim: This law protects (as you might expect) against the misuse of someone’s computers for fraudulent and other purposes (a good example would be hacking).  The UK equivalent is the Computer Misuse Act (more on that here).  Jagex’s argument seems to have been that, while Impulse itself did not attack the “protected computers” in question (Runescape’s servers), they assisted players to attack those servers by providing the bot to them.  I won’t get into the detail, but the court found against Jagex on this argument as well.

Ruling on the preliminary injunction: having gone through the substantive legal claims, the court considered the preliminary injunction which Jagex sought, to obtain which Jagex had to prove (i) it would suffer irreparable harm if the injunction was not given; (ii) the balance of equities (i.e. probability) fell in its favour and not Impulse’s, and (iii) the public interest was in favour of granting Jagex the injunction.  Unfortunately, the court found against Jagex on all three counts.  As a result, the court denied Jagex’s application for a preliminary injunction.

What next?

Jagex is still free to pursue its lawsuit against Impulse, albeit without having been able to restrain the use of the iBot in the meantime (which Impulse presumably will continue to sell).  But clearly Jagex will have to look very carefully at what the court said about the merits of its claims – which were not positive.

Lessons to be learned:

  • THIS CASE DOES NOT MEAN THAT BOT MANUFACTURERS HAVE A FREE HAND.  We’ve seen on a number of occasions that games companies have successfully used litigation to shut down bot manufacturers and other illegal attempts to tamper with their game, usually using very similar arguments to those advanced by Jagex here.  Take for example Blizzard v Scapegaming last month, or the WoWGlider lawsuit before that.
  • Think globally with your IPJagex fell down at least in part because the court ruled that it not had protected its copyright properly in the US and its terms and conditions were insufficient.  So don’t just protect yourself in your home country – you need to protect yourself in every country in which you do substantial business (UPDATE: Thomas Bidaux suggests every country where you have >10% of your business). 
  • Take legal action as soon as you are able – don’t delayThis was another reason that Jagex failed to obtain the injunction.
  • Just registering copyright and trademarks won’t automatically protect your game – bot manufacturers these days are very careful to try to minimise liability on these fronts (hence for example Impulse’s use of “RS” rather than Runescape).  Talk to your lawyers if you have concerns about attempts to undermine your game.  A little legal advice early can save a lot of time and money down the line.

Follow us at http://www.twitter.com/gamerlaw or subscribe to our weekly email newsletter here

Runescape, the Computer Misuse Act and theft

The background:

Details here.  A group of Runescape players mount a phishing scam, obtain other players’ accounts, strip those accounts of gold and loot.  Presumably they make an in-game or real-world profit.  Then the UK Police (specifically the Central Police e-crimes unit) swoop in.  They arrest a caution an individual in Avon and Somerset “on suspicion of a number of computer misuse offences”.

Police pwn players

This appears to have been the first time that a UK games company has gone to the police to protect the integrity of its game.  Not much at all has been said about exactly what offences have been alleged. 

UPDATE: I had initially thought that one way in which the Police could go after the accused would be to prosecute for theft.  However, on a closer look (and thanks to the guys in the comment thread), it seems that a better way may be under the Computer Misuse Act 1990 – with which I must admit I was previously unfamiliar.  Thanks!

What is the Computer Misuse Act 1990? (CMA)

In the late 1980s there was controversy in the UK regarding the legality of hacking, following a UK case called R v Gold and Schifreen – in a nutshell, two guys were able to hack a British Telecom system but, as the law stood at the time, hacking was not expressly illegal and therefore they were acquitted.  This was a factor in the Parliament of the day passing the CMA.

As a very quick summary, the CMA was intended to criminalise three kinds of conduct:

(i) Intentional attempts to cause a computer to perform any function with intent to obtain unauthorised secure access to a computer or data on it (the section 1 offence)

(ii) Same as (i) but with the intent to carry out a further criminal offence (e.g. hacking a PC in order to commit fraud) (the second 2 offence), and

(iii) acting in any way which causes the unauthorised modification of the contents of any computer, with the intent to impair the operation of any computer/programme or to hinder access to data on any computer (the section 3 offence).

Carrying out any of the above renders you liable to a fine and/or imprisonment (between six months and five years depending on how you plead to the offence).

Is the phisher/account-ninja covered?

‘Yes, but the wording isn’t brilliant’, seems to be the general answer.  Certainly phishing could be said to fall under the section 1 offence under the argument that the phisher sets programmes running which find out the account details etc of the innocent person(s).  To the extent that the phisher had intent to use those details to commit further criminal offences then he/she could also fall under section 2 – which carries harsher penalties.  Then there is the somewhat more nebulous section 3: does phishing or ninjaing someone’s account “impair” or “hinder” any other computer or program?  Maybe – perhaps if having your account details “hinders” your ability to use the programme?

But this gets even more interesting

Anyway, what we want to do is focus on section 2.  If the phisher stole Runescape account details with a view to somehow trying to gain access of others’ computers or stealing their bank details, then there would in principle be a case for arguing that they had had intent to commit further criminal offences under section 2.  But what if the phishers only intended to enrich themselves in-game by, for example, turning the stolen accounts’ assets into gold and transferring that gold to themselves or even selling it on the black market (which would be a breach of the EULA etc but not necessarily illegal as such).  Could enriching yourself in-game or in the real-world through a game by unauthorised means be classified as an offence?

That is the really interesting part to this case and, if the Police are interested in pushing for the strongest sentence possible against these phishers, they will need to consider this sometime soon – if they haven’t already.

That’s exciting, isn’t it?  Makes us think about adding a chapter to that book on virtual law which we’ll have to write one day…

In the meantime, the story goes on…

Little more has been announced since the Police announcement earlier this week, but no doubt further details will follow in due course.  It’s also worth bearing in mind that Jagex has stated that this is part of a long-term investigation in both the USA and UK – so there may be further twists in the tale yet…