from the because-of-course dept
see you in court nianticlabs, with love from russia xoxoThat's because the Pokemon Company (not the game developer Niantic, but rather the Nintendo subsidiary that owns a piece of Niantic along with all the Pokemon rights) sent Mila432 a legal nastygram claiming that the creation of the API could violate the Computer Fraud and Abuse Act (CFAA). Mila432 posted screenshots to Reddit. We have all the screenshots posted at the end of this post. CFAA -- a law we've discussed many times before, mainly for it being the one law "that sticks" when no law was actually broken, but you've done something people dislike "with a computer." Here's what Pokemon's lawyers have to say:
Additionally, your actions with respect to the Mila 432/Pokemon_Go_API potentially violate the federal Computer Fraud and Abuse Act ("CFAA"), a statute that prohibits the unauthorized access of servers and access which exceeds authorization, as well as similar state statutes. And your inducement of others to violate numerous terms of service provisions violates the CFAA. While notice is not a prerequisite to liability, Pokemon hereby puts you on notice that you are barred from accessing Pokemon servers or infrastructure, and barred from facilitating access by others. Any continued access, whether directly or at your direction or on your behalf, will be unauthorized.See that language right there, about putting Mila432 "on notice" and saying that s/he is barred? That's straight out of the very recent Facebook v. Power.com decision in California, where the court ruled that once a company (in that case, Facebook) had sent a cease-and-desist notice, any further access was a CFAA violation. We were troubled by that ruling, and the use of it here further illustrates how problematic it was.
Now, yes, you can argue that unauthorized APIs can cause problems for games -- and that's true. Of course, it can also help make them more compelling by allowing others to build on the game and add more value. But, wherever you come down on that debate, going legal seems pretty silly. Niantic, for its part, had simply gone the technology route of limiting access to third-party servers, to deal with some quality of service problems created by such third parties accessing its system. That is, rather than totally freak out about such APIs, it noted the actual problem (overloaded machines) and sought to fix it through technology.
It's just the Pokemon company that took it up a few unnecessary notches to pull out a big gun like the CFAA. But, I guess, how can I be surprised? This is the same company that legally fucked over a party by Pokemon fans at PAX last year, suing the people who organized it.