by Mike Masnick
Wed, Nov 26th 2014 12:38pm
Thu, May 22nd 2014 1:58pm
from the paved-with-good-intentions dept
The road to Hell, as they say, is paved with good intentions. The lesson in that axiom is that one should always be wary of the potentially adverse consequences of actions intended to be good. Blizzard, unfortunately, appears to be something of a performance art piece on this concept. For many years now it has, under the auspices of protecting the larger portion of its customers' gaming experience, gone after hackers and cheaters in its games by twisting copyright law into a tortured pretzel. It began with Starcraft and then transitioned into World of Warcraft, both relying on a morose entwining of copyright law and terms of service. That combination essentially creates a cascade of faulty nonsense, starting with the concept that software is only licensed and not sold to customers, that ToS agreements are so binding that breaking them breaks the license, and finally that breaking the license negates the ability for fleeting copying that the software employs, creating a copyright infringement. If your head is spinning, you aren't alone.
Yet, Blizzard continues on, now going back into the Starcraft realm to sue "hackers" for copyright infringement in the name of protecting the larger audience of the game.
Blizzard filed papers in a California court on May 19th alleging that an unidentified group of programmers infringed on the publisher's StarCraft II copyright with a series of cheats and in-game exploits collectively known as the "ValiantChaos MapHack." Designed to give StarCraft II players any number of competitive advantages when playing the game online, the MapHack was made available online through the ValiantChaos forum—provided that forum members paid $62.50 for access to its VIP section. The complaint Blizzard filed says that the company is taking action against the programmers in order to "protect the sanctity of the StarCraft II experience" against "hacks, mods or any other unauthorized third-party software" that undermines the competition central to the game's online multiplayer.It would be quite easy for any Starcraft 2 player to cheer Blizzard on at this point. I don't play this particular game, but I've wished all manner of ill in the past on those that were obviously using cheats and hacks in online games in the past. Counter Strike, in particular, did more to teach me how much I hate cheaters than any other single experience in my entire life. That said, we still have the same problems as before.
Blizzard's filing again lays out its view that its software is licensed, rather than sold in the traditional meaning -- and that a violation of its ToS and EULA agreements nullifies that license. In addition, it claims both that the hacks created by the hackers (even if their copies were purchased legitimately) constituted a modified end-product, or illegal derivative work, and that this resulted in both direct and contributory infringement in the instance of every copy of the hack they provided, used or sold. It also, of course, argues that anti-circumvention clauses of the DMCA apply.
The problem with all of this is that it still relies on the twisted assumptions that Blizzard customers don't actually own what they bought and that ToS and EULA agreements are so binding that violation of them negates the license that the company insists was all that was purchased. As I mentioned, this may be done in a valiant effort to keep most of its customers as happy as possible, but that doesn't make it right. The wider implications of these rulings is horrifying. There simply will be unintended consequences in this that will prove to be far more harmful than any annoying game-hackers can create with their irritating products.
This may seem crappy, but the best course for everyone involved would be for Blizzard to simply jump back into the arms race with these cheaters and hackers and try its best to keep them off the company's servers. Going the legal nuclear option and twisting copyright into the mix may only amplify the amount of harm being done all around.
by Tim Cushing
Mon, Dec 9th 2013 9:45am
from the on-the-internet,-no-one-knows-you're-an-octopus dept
Apparently, there's nowhere our intelligence agencies won't go in ostensibly in search of terrorists. The latest leak from Snowden, as published by ProPublica, New York Times and The Guardian, shows the NSA and GCHQ are actively infiltrating MMOs and other online gatherings in order to fight terrorism.
Not limiting their activities to the earthly realm, American and British spies have infiltrated the fantasy worlds of World of Warcraft and Second Life, conducting surveillance and scooping up data in the online games played by millions of people across the globe, according to newly disclosed classified documents.According to the document (from 2008), online games like World of Warcraft and Second Life are potentially "target-rich environments" in which suspected terrorists "hide in plain sight." (And it's not just MMOs. Xbox Live has apparently been swept up in the surveillance efforts as well.) Despite this assertion, the documents contain no evidence that any terrorists have been uncovered by agents and analysts. In fact, experts and developers of games like these have found no evidence that terrorists are using their services to communicate or recruit new members.
Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels.
The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players, according to the documents, disclosed by the former National Security Agency contractor Edward J. Snowden.
Once again, the efforts of the NSA and GCHQ seem to be focusing time and energy searching locations where terrorists would be least likely to be "hiding in plain sight," much in the way that grabbing data from mainstream email services and social platforms is only going to find the most amateurish of wrongdoers.
Games “are built and operated by companies looking to make money, so the players’ identity and activity is tracked,” said Peter W. Singer of the Brookings Institution, an author of “Cybersecurity and Cyberwar: What Everyone Needs to Know.” “For terror groups looking to keep their communications secret, there are far more effective and easier ways to do so than putting on a troll avatar.”Not only is the effort highly inefficient, but it's also highly redundant. As ProPublica points out, there are so many agents from the Pentagon, CIA and FBI chasing targets in virtual worlds that a "deconfliction" group was created just to avoid online "collisions."
Blizzard, the developer behind World of Warcraft, has gone on record stating that if intelligence agencies are using the service to track terrorists, it hasn't been informed or given its permission. Microsoft and Linden Lab (Second Life's developer) declined to comment.
There may be a good reason Linden Lab isn't issuing a statement. Its former CTO is an ex-military officer with top secret clearance.
In 2007, as the NSA and other intelligence agencies were beginning to explore virtual games, NSA officials met with the chief technology officer for the manufacturer of Second Life, the San Francisco-based Linden Lab. The executive, Cory Ondrejka, was a former Navy officer who had worked at the NSA with a top-secret security clearance.GCHQ, in particular, has used Second Life to track down a crime ring selling stolen credit card information. While the use of these games in discovering and tracking terrorists still remains largely theoretical, GCHQ found the online games did offer one benefit:
He visited the agency’s headquarters at Fort Meade, Md., in May 2007 to speak to staff members over a brown bag lunch, according to an internal agency announcement. “Second Life has proven that virtual worlds of social networking are a reality: come hear Cory tell you why!” said the announcement. It added that virtual worlds gave the government the opportunity “to understand the motivation, context and consequent behaviors of non-Americans through observation, without leaving U.S. soil.”
According to the minutes of a January 2009 meeting, GCHQ’s “network gaming exploitation team” had identified engineers, embassy drivers, scientists and other foreign intelligence operatives to be World of Warcraft players — potential targets for recruitment as agents.The NSA, on the other hand, seems to have found little more than evidence that terrorism suspects are largely like non-terrorists when they play online games -- they do it for enjoyment.
One NSA document said that the World of Warcraft monitoring “continues to uncover potential Sigint value by identifying accounts, characters and guilds related to Islamic extremist groups, nuclear proliferation and arms dealing.” In other words, targets of interest appeared to be playing the fantasy game, though the document does not indicate that they were doing so for any nefarious purposes.Whether or not these agencies are actually hunting down terrorists, one this is for certain: large amounts of communications are being caught in the surveillance nets.
One document says that while GCHQ was testing its ability to spy on Second Life in real time, British intelligence officers vacuumed up three days’ worth of Second Life chat, instant message and financial transaction data, totaling 176,677 lines of data, which included the content of the communications.Not surprisingly, there's also a profit motive tied into this infiltration of online games. SAIC, a government contractor specializing in surveillance systems (and building non-functional, incredibly expensive software), may have set this online surveillance in motion back in 2007.
In one 66-page document from 2007, part of the cache released by Mr. Snowden, the contracting giant SAIC promoted its ability to support “intelligence collection in the game space,” and warned that online games could be used by militant groups to recruit followers and could provide “terrorist organizations with a powerful platform to reach core target audiences.”ProPublica notes that there's nothing in the documents that suggests SAIC ended up with a contract (at that time) as a result of its self-promotion, but it does appear that SAIC (along with Lockheed Martin) won a multi-million dollar contract a couple of years later, shortly after it participated in a discussion about a proposed government study of the link between online and offline behavior in MMO gamers.
The question is how useful these infiltrations have been after a half-decade of use. The agencies have stated they feel these games could be used for communication and recruitment, but nothing has surfaced indicating the surveillance is effective. It largely seems to be another way to gather data, something the agencies already have too much of. If nothing else, GCHQ seems to be using it for a headhunting tool, but I'm not sure how many potential employees would be flattered to know they've been "scouted" by a questionable surveillance program. For now, it seems to be another case of the reach far exceeding the grasp, not that this lack of success ever seems to result in scaling back the "reach."
by Mike Masnick
Tue, Nov 13th 2012 3:20am
from the oh-come-on dept
Defendants' acts have not only harmed Plaintiffs and Class members by subjecting their Private Information to hackers, they have harmed Plaintiffs and Class members by devaluing their video games -- purchased from Defendants under certain assurances of security -- by adding elements of risk to each and every act of playing said games.Yeah, notice how they gloss over the fact that the system is free for anyone with a smartphone? And let's not even get into the fact that no system can be perfectly secure and, eventually, every system is going to get hacked. Just being hacked doesn't make you negligent. And, as we've seen, courts have time and time again refused to find any legal claims against sites that are hacked unless actual harm is shown to the users. The idea that providing two-factor authentication -- and charging the basic cost of the fob for the few folks who don't have a smartphone -- is some sort of sneaky business practice is just ridiculous.
Moreover, rather than shouldering the burden of adopting sufficient security measures to prevent these repeated hacks and to protect the Private Information of their customers, Defendants instead have informed their customers, after the point of sale, that they must purchase additional security products in order to ensure the sanctity of their Private Information. These additional, post-purchase costs for security products -- which Defendants assert are the only measures that may be taken to ensure something even approximating account security when playing their video games -- were not disclosed to Plaintiffs and Class members prior to the purchase of Defendants' products.
Blizzard has hit back and slammed the lawsuit as being based on "patently false information."
The suit’s claim that we didn’t properly notify players regarding the August 2012 security breach is not true. Not only did Blizzard act quickly to provide information to the public about the situation, we explained the actions we were taking and let players know how the incident affected them, including the fact that no names, credit card numbers, or other sensitive financial information was disclosed. You can read our letter to players and a comprehensive FAQ related to the situation on our website.Hopefully the court understands just how ridiculous this case is and dumps it quickly.
The suit also claims that the Battle.net Authenticator is required in order to maintain a minimal level of security on the player’s Battle.net account information that’s stored on Blizzard’s network systems. This claim is also completely untrue and apparently based on a misunderstanding of the Authenticator’s purpose. The Battle.net Authenticator is an optional tool that players can use to further protect their Battle.net accounts in the event that their login credentials are compromised outside of Blizzard’s network infrastructure. Available as a physical device or as a free app for iOS or Android devices, it offers players an added level of security against account-theft attempts that stem from sources such as phishing attacks, viruses packaged with seemingly harmless file downloads, and websites embedded with malicious code.
When a player attaches an Authenticator to his or her account, it means that logging in to Battle.net will require the use of a random code generated by the Authenticator in addition to the player’s login credentials. This helps our systems identify when it’s actually the player who is logging in and not someone who might have stolen the player’s credentials by means of one of the external theft measures mentioned above, or as a result of the player using the same account name and password on another website or service that was compromised. Considering that players are ultimately responsible for securing their own computers, and that the extra step required by the Authenticator is an added inconvenience during the log in process, we ultimately leave it up to the players to decide whether they want to add an Authenticator to their account. However, we always strongly encourage it, and we try to make it as easy as possible to do.
Many players have voiced strong approval for our security-related efforts. Blizzard deeply appreciates the outpouring of support it has received from its players related to the frivolous claims in this particular suit."
Fri, Aug 31st 2012 5:31am
from the that-will-teach-them dept
"I want you!!! ...to enjoy the Mists of Pandaria Persian-free."
Last week, a user claiming to be from Iran posted on an official World of Warcraft forum to report that the game was inaccessible. A Blizzard employee responded to the thread on Saturday, writing that "United States trade restrictions and economic sanction laws prohibit Blizzard from doing business with residents of certain nations, including Iran."In a fun little addendum, the Blizzard employee also mentioned that the company is unable to refund subscriptions as well.
"This week, Blizzard tightened up its procedures to ensure compliance with these laws, and players connecting from the affected nations are restricted from access to Blizzard games and services," the employee said.
You can have your rials back when you pry them from our cold dead fingers...
Image source. CC BY 2.0
Thu, Jul 26th 2012 1:14am
from the it-needs-what? dept
Via Cinema Blend, we learn that one German consumer group has given Blizzard an ultimatum to change the Diablo 3 packaging to reflect the need for such a connection. The original report from the German site PC Games states:
Potential purchasers must know before purchase what are the requirements for the software to be used. Whether a permanent Internet connection, obligatory registration to an Internet platform including the related access to a game, or downloading additional software: all these things are essential information that the user much receive before purchase.The primary complaint is that the requirement to create and log in to Blizzard's Battle.net service in order to play is not clearly disclosed prior to purchase. Because of this requirement to be tethered to a constant internet connection, some people are having a number of issues, even when trying to play single player modes of the game. This consumer group has given Blizzard until July 27th to respond to the complaint. If Blizzard fails to respond or respond adequately, the group is prepared to pursue legal options against the company.
Unfortunately for gamers, many game companies are moving toward the use of this kind of "always-on" DRM. To those companies, it is a necessary part of the war on piracy. However, these DRM schemes are more often a nuisance for paying customers who have to deal with unexpected and even planned server outages. What makes these types of DRM more infuriating to consumers is the fact that it not only applies to the multiplayer portions, where you can understand a potential need for an internet connection, but also to single player portions that are typically done locally. There is never a reason to require that a gamer be connected to a server at all times when playing by themselves.
Hopefully as more consumer groups and consumers in general voice their dissatisfaction with such DRM schemes, more game developers will listen. We have seen many developers already making the stand that DRM is not useful or wanted. Those developers have found that treating fans with respect is a far more effective means of maximizing profits than any DRM scheme could ever be.
by Mike Masnick
Tue, Dec 14th 2010 2:05pm
from the no-contributory-infringement dept
Today, the court came out with its ruling in the MDY vs. Blizzard case, which as we noted had a really troubling district court ruling. This case was controversial because it involved a bot maker that let people automate certain tasks in World of Warcraft. Many people sided with Blizzard in this case because they just hate bots and people who use them -- but I don't think they considered the larger copyright issues raised by the original ruling, which said the bot software itself, called Glider, infringed on Blizzard's copyright. If you want a thorough understanding of how tortured the court's logic was in that case, just read William Patry's summary at the time, where he notes that absolutely nothing Glider did appeared to violate Blizzard's exclusive rights as laid out in the Copyright Act, so the judge effectively made stuff up -- saying that because using the bot violates the terms of service, it makes the "copy" of WoW (even if it was legally purchased) "unauthorized," and thus infringing. Thus, according to the ruling, Glider was responsible for contributory copyright infringement.
Thankfully, the appeals court appears to have walked back most of that part of the ruling. While it tips its cap to the Vernor decision, and says that you don't own your copy of WoW, but merely license it, it says that just because the Glider software might violate the terms of service, it doesn't mean that copyright law is automatically violated. It points out that there are lots of ways you can violate a software license that have nothing, whatsoever, to do with copyright's exclusive rights, and thus, just violating a terms of service shouldn't mean you violate copyright law. Thus, using Glider does not directly infringe on Blizzard's copyright (in this instance), and therefore, there's no contributory infringement on MDY's part, because there's no direct infringement that it could contribute to:
Were we to hold otherwise, Blizzard -- or any software copyright holder -- could designate any disfavored conduct during software use as copyright infringement, by purporting to condition the license on the player's abstention from the disfavored conduct. The rationale would be that because the conduct occurs while the player's computer is copying the software code into RAM in order for it to run, the violation is copyright infringement. This would allow software copyright owners far greater rights than Congress has generally conferred on copyright owners.That said, MDY still runs into trouble due to the (you guessed it) ridiculous anti-circumvention clause in the DMCA. The court finds that MDY effectively "trafficked" in circumvention tools with Glider, in getting around Blizzard's anti-bot software, called Warden. Here, the ruling gets right back to being troubling. While it discusses the Federal Circuit's ruling that said third party providers of garage door openers were not violating the DMCA by getting around anti-circumvention tools in garage opener technology, because no copyright was violated beyond the circumvention, it says it chooses to ignore that decision -- saying it doesn't believe Congress intended the DMCA to work that way. Now, it's true that this court is under no obligation to follow that ruling, it's still troubling.
There is a further discussion about exactly which parts of the DMCA are and are not violated here, which begins to get really down in the weeds, so I'll skip the discussion on that for now, but you can read the entire ruling after the jump.
by Mike Masnick
Tue, Oct 19th 2010 1:27pm
from the fleeting-copies dept
However, perhaps the most troubling (and highest profile) issue involving Blizzard is its lawsuit against a guy who made a bot for doing things within World of Warcraft. While we recognize that such things can be used to "cheat," the problem was Blizzard's attempt (successful so far) to drastically stretch the meaning and intent of copyright law, to suggest that making such a bot infringes on its copyright. Beyond the basic questions of how the decision in the case was at odds with the basic concepts of the First Sale doctrine, the real problem was that nothing the bot does actually violates copyright law. The judge had to seriously twist both the letter and spirit of copyright law to come to that conclusion (and if you don't want my analysis on it, try copyright expert William Patry's, who noted):
The critical point is that WoWGilder did not contributorily or vicariously lead to violating any rights granted under the Copyright Act. Unlike speed-up kits, there was no creation of an unauthorized derivative work, nor was a copy made even under the Ninth Circuit's misinterpretation of RAM copying in the MAI v. Peak case. How one might ask can there be a violation of the Copyright Act if no rights granted under the Act have been violated? Good question.While the appeal in that case is still ongoing, it appears that Blizzard is using that precedent to go after more folks who have made tools for "cheating." The company recently banned thousands of players from Starcraft II for allegedly using such cheat codes, but reader Jay was the first of a bunch of you to point out that it's also suing three creators of cheat codes using the same dubious claims of copyright infringement.
To get to its result, the court had to first find that WoW, even though sold over the counter, was licensed not sold. In so finding, the court declined to follow the recent Vernor opinion in the Western District of Washington, believing it had to follow other Ninth Circuit precedent. I agree with the Vernor court that the other precedent (MAI, Triad, Wall Data) do not hold that over the counter software is licensed, not sold. (WoW may be purchased online too, but I don't think this changes the analysis.). Having found there was license not a sale, there still had to be a breach of the license in order to permit an infringement action to lie, and recall here that the claim is not one for direct infringement, but rather secondary liability; there was no privity between the parties. There was in fact no provision in the license that barred use of WoWGlider. The court took the extraordinary step of stitching together two unrelated provisions to create one. You have to read it to believe it, but it took the court 8 pages to go through this hard work, and why? Was the court offended by what it regarded to be cheating? If so, God help us if law is being reduced to such subjective, non-statutory grounds.
Now, let me make it quite clear: I completely understand why Blizzard and many players of Blizzard games hate cheat codes and find them unfair and damaging to the overall gameplay. However, even if you think such cheats and hacks are the most evil thing out there, you have to admit that it's no excuse to misuse copyright law to punish the makers of those cheats, knowing that the end result could be precedent that negatively impacts all sorts of other things online. So what is Blizzard claiming specifically? Well, to make this a "copyright" issue, they're claiming that:
When users of the Hacks download, install, and use the Hacks, they copy StarCraft II copyrighted content into their computer's RAM in excess of the scope of their limited license, as set forth in the EULA and ToU, and create derivative works of StarCraft II.Pick apart that sentence carefully. In order to make this a copyright issue, Blizzard is claiming that (1) running a cheat code violates the EULA and the ToU (the fine print no one read) and (2) once you've violated the EULA and the terms of service, you no longer have a license for the game ("excess of the scope of their limited license") and, because of that (3) when you copy aspects of the game in a fleeting manner into the computer's RAM, it violates the copyright.
Hopefully, you can see how problematic this is. Thankfully, for now, other cases (in a different circuit, I believe, so non-binding on the Blizzard cases) have found that fleeting copies in RAM are not considered infringing, and hopefully the courts here agree, and toss out this kind of tortured logic that could lead to all sorts of other ridiculous rulings. If Blizzard is allowed to make these claims, then any software/content company that offers you a long license, where you don't obey each and every claim, can say you've infringed on their copyright and owe huge statutory damages.
by Mike Masnick
Mon, Aug 16th 2010 1:56pm
from the seems-a-wee-bit-excessive dept
The case has some similarities with the Blizzard/bnetd case, which still seems problematic to many. In the Slashdot comments, a bunch of folks have been quick to side with Blizzard, since Scapegaming was a for-profit entity, but at least one user notes that it was only via Scapegaming that he became a subscriber for Blizzard's official World of Warcraft servers:
Played on it a long time ago when it was still known as WoWScape. It was the whole reason I actually started playing on retail, me and a good portion of my friends. Blizzard would have lost out on thousands of dollars from me and my friends if it wasn't for them.... I honestly wonder about how much did Scapegaming make blizzard compared to how much it cost them. Wouldn't be surprised if it did them more good than harm.It's a good point. I've never quite understood why these companies get so upset about unauthorized servers. It's as if they're admitting that they can't offer service quite as good. Most people want to be on the official servers anyway, and as long as they keep improving the game and offering more value, people will keep coming. Let other servers run -- even for profit -- and use it as a way to recruit more people to the official servers. Suing them out of existence seems pointless.
by Mike Masnick
Thu, Jul 8th 2010 3:49pm
from the not-everyone-wants-to-be-known-as-a-gamer dept
There are some legitimate privacy concerns here as well, as some note that there is a stigma attached to people who play such games in certain areas, and that it could scare off lots of people who would like to partake in the forums, but would prefer Google searches on their names don't reveal to the world their WoW obsession. Others worry that in the heated world of online gaming, it really might not be such a good thing for people to know the real names of others that they play with.
I can understand the desire to bring about more civility to a forum (though, let's face it, we're talking about a game where civility is not exactly the main goal), but it seems like this step goes far beyond the comfort level of many participants.
Update: Well, it looks like with enough user complaints, Blizzard has backed down.