I couldn’t resist blogging quickly about this intriguing story, courtesy of The Guardian: a British MP wrote a formal question to the British government asking them to ensure that in-game theft be treated the same as real world theft. Answer: nope (ish), but it does raise a real question which judges are already addressing… Continue reading Should virtual theft be treated like real world theft? A UK MP says yes.
The Dutch Supreme Court will be invited later this year to conclude that the theft of virtual goods from Runescape constitutes theft under Dutch criminal law; indications to date suggest that it may conclude that theft of virtual currency/goods IS criminal theft. To my knowledge, this is only the second time that a Western court has considered the (increasingly important) issue of the relationship between virtual goods and criminal law, the first time having been a UK criminal court earlier this year over Zynga chips.*
According to Futocop, this Dutch case apparently forms part of a long-running matter which began in 2008 when two boys were sentenced to community service and suspended juvenile detention after they forced a 13-year old to transfer a Runescape virtual mask and a virtual amulet from one avatar to another under the threat of physical violence. The detail is not entirely clear from Futocop, but I think what happened next is that the case was appealed, but the Court of Appeal ruled against the defendants and the case is now going even higher, to the Supreme Court.
One point in particular is worth noting. As part of the referral of the case to the Supreme Court, the Dutch Advocate General (a sort of legal expert whose job is to assist the court to make its decision) said that the economic value of the virtual goods is of particular interest to the question whether there is theft:
“Virtual objects can represent an economic value both inside and outside the game. They are also individually distinguishable and transferable“.
This comment is interesting because, if it was accepted by legal authorities, then basically that on its own could bring virtual goods and currency within the existing law. Put it another way: if both physical goods and virtual goods are recognised as having the same economic value even though one exists in the real world and one does not, then that is a powerful argument for both of them to be protected in the same way legally. In a way this is nothing new really: after all shares, electronic money and electricity are all legally protected even though you can’t physically touch them. But it is taking some time for courts to recognise that virtual goods fall into this category too. Of course, once that recognition is made, it opens up a whole new can of worms for the games and tech industry: who owns virtual goods? What can you do with them? What classes as virtual goods – game items, ebooks apps? And so on (more details on that here).
Anyway, in the meantime this case is due to go to the Supreme Court in October 2011, so expect more details later in the year…
* For those virtual goods scholars who are reading this post, to clarify: I know there have been previous opportunities in the West to consdier the legal status of virtual goods (e.g. Bragg v Linden Labs), but to my knowledge all of them resulted in settlements etc with no judicial pronouncements being made.
Last week a hacker faced a substantial prison sentence after pleading guilty to stealing approxmately $12 million worth of Zynga chips, a virtual currency used in its poker game. This is big stuff (more on that below).
I spoke with Develop about this fascinating development – here’s their article:
“An IT businessman is facing a substantial prison sentence after pleading guilty to stealing around $12 million in online game currency.
Ashley Mitchell, 29, based in the Devonshire costal town of Paignton, admitted to hacking into the accounts of social gaming giant Zynga.
He transferred around 400 billion virtual poker chips into his account and began selling the currency on the black market. He had made £53,000 before his arrest.
Mitchell stood to make around £184,000 from the chips, the court heard, though Zynga’s sale value of the currency is $12 million.
Judge Philip Wassall said Mitchell faced a substantial jail term for the offences, according to regional paper Herald Express.
Mitchell was remanded in custody after the case was adjourned for reports.
The actual value of Zynga’s intangible and instantly replicable online currency sparked a debate in court.
Prosecutor Gareth Evans said Zynga had not been, in essence, deprived of any goods. He claimed there may be a knock-on effect as more customers bought the poker chips on the black-market instead of paying Zynga.
Judge Wassell asked if the case was any different from stealing notes from the Royal Mint – the UK’s body that manufactures British currency.
Prosecutor Evans replied that, in theory, there was no difference because the mint can produce more currency if its goods were stolen.
He said there is, however, a difficulty in valuing the chips because they are digital. But if Zynga had sold them legitimately the value would have been around $12 million.
Jas Purewal, lawyer and author of Gamer/Law, explained to Develop that the case has set a new precedent.
“This shows that the legal regulation and protection of virtual goods and currency, which historically has been fairly uncertain, is evolving fast – driven partly by the boom in virtual goods sales in games.
“This case is particularly interesting because it involved a UK court recognising virtual currency – in this case, Zynga chips – as legal property which can be protected by existing UK criminal laws.
“The court effectively found that, even though virtual currency isn’t real and is infinite in supply, it still can deserve legal protection in the same way as real world currency”.
Purewal said the case is a “vindication” for Zynga and other virtual goods providers.
Judge Wassell heard that Mitchell’s offences were in breach of a previous suspended sentence he was handed in 2008.
Mitchell had previously been convicted of hacking into the Torbay Council website and changing his personal details.
Defence solicitor Ben Derby said as a plea in mitigation that Mitchell had been “wrestling with a gambling addition” at the time of the Zynga theft.”
As I said to the Develop guys, this case really does seem to break new legal ground. For the first time (so far as I’m aware anyway) in the West, a court has looked at virtual currency and seemingly accepted on relatively little argument that it can be classified as ‘property’ within the meaning of (UK) criminal laws (though NB I can’t state definitively the the court found virtual goods = property, because we don’t have the court transcript).
So what? Well, as longtime readers will know, I’ve been exploring for some time the legal status of virtual goods, which I think is going to come under significant pressure from different directions in the next few years. The key issue is whether virtual goods are ‘goods’ (i.e. property) or whether they are services or something else. If they are property, then in principle they could be bought/sold/assigned etc – which goes way beyond the way in which virtual goods are currently dealt with.
Until now, there has been relatively little by way of official analysis of this issue – which is why this case, where a judge seemed willing to convict a man based effectively upon theft of a virtual currency – is significant.
We may not hear much more about this particular development (except possibly when the man is actually sentenced) but this is definitely not the last we’ve heard about the interaction between games, virtual goods and the criminal law (in fact, I might even write a piece on that next month!) As always, watch this space…
Details here. A group of Runescape players mount a phishing scam, obtain other players’ accounts, strip those accounts of gold and loot. Presumably they make an in-game or real-world profit. Then the UK Police (specifically the Central Police e-crimes unit) swoop in. They arrest a caution an individual in Avon and Somerset “on suspicion of a number of computer misuse offences”.
Police pwn players
This appears to have been the first time that a UK games company has gone to the police to protect the integrity of its game. Not much at all has been said about exactly what offences have been alleged.
UPDATE: I had initially thought that one way in which the Police could go after the accused would be to prosecute for theft. However, on a closer look (and thanks to the guys in the comment thread), it seems that a better way may be under the Computer Misuse Act 1990 – with which I must admit I was previously unfamiliar. Thanks!
What is the Computer Misuse Act 1990? (CMA)
In the late 1980s there was controversy in the UK regarding the legality of hacking, following a UK case called R v Gold and Schifreen – in a nutshell, two guys were able to hack a British Telecom system but, as the law stood at the time, hacking was not expressly illegal and therefore they were acquitted. This was a factor in the Parliament of the day passing the CMA.
As a very quick summary, the CMA was intended to criminalise three kinds of conduct:
(i) Intentional attempts to cause a computer to perform any function with intent to obtain unauthorised secure access to a computer or data on it (the section 1 offence)
(ii) Same as (i) but with the intent to carry out a further criminal offence (e.g. hacking a PC in order to commit fraud) (the second 2 offence), and
(iii) acting in any way which causes the unauthorised modification of the contents of any computer, with the intent to impair the operation of any computer/programme or to hinder access to data on any computer (the section 3 offence).
Carrying out any of the above renders you liable to a fine and/or imprisonment (between six months and five years depending on how you plead to the offence).
Is the phisher/account-ninja covered?
‘Yes, but the wording isn’t brilliant’, seems to be the general answer. Certainly phishing could be said to fall under the section 1 offence under the argument that the phisher sets programmes running which find out the account details etc of the innocent person(s). To the extent that the phisher had intent to use those details to commit further criminal offences then he/she could also fall under section 2 – which carries harsher penalties. Then there is the somewhat more nebulous section 3: does phishing or ninjaing someone’s account “impair” or “hinder” any other computer or program? Maybe – perhaps if having your account details “hinders” your ability to use the programme?
But this gets even more interesting
Anyway, what we want to do is focus on section 2. If the phisher stole Runescape account details with a view to somehow trying to gain access of others’ computers or stealing their bank details, then there would in principle be a case for arguing that they had had intent to commit further criminal offences under section 2. But what if the phishers only intended to enrich themselves in-game by, for example, turning the stolen accounts’ assets into gold and transferring that gold to themselves or even selling it on the black market (which would be a breach of the EULA etc but not necessarily illegal as such). Could enriching yourself in-game or in the real-world through a game by unauthorised means be classified as an offence?
That is the really interesting part to this case and, if the Police are interested in pushing for the strongest sentence possible against these phishers, they will need to consider this sometime soon – if they haven’t already.
That’s exciting, isn’t it? Makes us think about adding a chapter to that book on virtual law which we’ll have to write one day…
In the meantime, the story goes on…
Little more has been announced since the Police announcement earlier this week, but no doubt further details will follow in due course. It’s also worth bearing in mind that Jagex has stated that this is part of a long-term investigation in both the USA and UK – so there may be further twists in the tale yet…
A couple of more interesting Eve-related stories (as recently reported, Eve is an interesting place for games lawyers).
Yet more theft in Eve
First up, Massively reports that CCP Games have announced, breaches of the rules governing their Volunteer Program. The Volunteer Program consists of gamers who give of their time to help out CCP and fellow Eve gamers. Quote from Massively:
“The Volunteer Manager for EVE Online, CCP Ginger, explained the situation earlier today: ‘Last weekend external resources related to the Interstellar Services Department (ISD), EVE’s volunteer program, were compromised which led to the theft of some volunteer program related data but also information about specific volunteers. As a result, we are being extra careful here, as this first and foremost pertains to the volunteer program and has no effect on our EVE Online operations or any customer data whatsoever’ “.
CCP appears to be tight-lipped as to exactly what was stolen, although they stressed that personal and account information remains safe. Watch this space…
More generally, and as we’ve discussed previously on this blog, Eve is a brilliant example of gaming imitating life, in this case by the theft of information – which, in the real world, may have been private and/or confidential and accordingly would be protected (at least in England and Wales) by the common law as well as statute (for example, potentially under the Data Protection Act 1998). Unfortunately, Eve has no such systems of legal protection…yet.
Eve may implement a taxation system
Another one courtesy of Massively. CCP has said it is considering implementing a partial taxation system within Eve. Specifically, players who are members of NPC corporations (i.e. corporations provided by CCP, rather than player-created corporations; for corporation essentially read ‘alliance’) will be taxed on certain income.
Now, this is really very interesting indeed. CCP’s objective appears to be to use taxation to nudge players from out of the safety of NPC corporations (which are relatively matronly, comforting institutions) into the wild chaos that it is player-corporation Eve. To an extent, tax isn’t anything new to Eve because player-corporations already operate very rudimentary tax systems – the revenues from which are then used to fund the corporations’ activities. But what is new is that now CCP itself is wading into the action and on a far larger scale. This raises all kinds of potential issues – here are some of our thoughts:
(i) How is the principle going to be turned into practice? Modern tax systems in the real world are immensely complicated, featuring roles on taxable and non-taxable income/capital gains, exemptions and reliefs. More or less, this complexity is needed because taxation is a complicated activity – it is not fair to just slap an arbitrary tax upon everyone with no exceptions. If CCP implement this seriously, then at some point they are going to need a tax code.
(ii) What is going to happen to all that revenue? The NPC Corporations which will gather them don’t need it, because they are emanations of the Eve God. They could literally just delete the money as soon as it is received and not suffer for it.
(iii) What will the economic cost of imposing a general taxation system be? No doubt Eve’s resident economist will step to the fore on that one.
More interestingly from our perspective, this is a great example of the slow creep of MMOs towards creating quasi-legal systems to govern the relationships of gamers between each other and with the Devs. In this case, CCP is not creating a taxation system because they need to raise the money in game, but because they think it will improve the game experience. That sets a very interesting precedent. It may sound far-fetched now, but that same justification could be used to set up property laws, health and safety laws, even criminal laws in a game in the future…