(Now that I’m getting into a discussion of “what the law is”, I want to qualify my statement “I’m a legal expert.” I’m only a legal expert in so far as my work experience and formal education as a law student make me a legal expert. My statements in this forum are not legal advice, and if you are looking for legal advice do not assume my comments here are such. Instead you should consult a practicing attorney; I’m not one.)
OMGbearisdriving,
Thanks for your well thought out response. It’s great to have someone else with a legal education and real world experience as an attorney comment on my ideas. One thing that’s not taught in law school very well is how to practice. You’ve brought out a lot of practical issues that I haven’t touched on very well.
“Then why write this article unless you perceived there to be a demand for a legal means to prevent online cheating?”
I believe that even though now the best means of handling cheaters is technical, there will be a future demand for a legal means to prevent cheating in online games. This is an academic exercise, and I think that it may produce beneficial analysis for examining other scenarios that don’t have a thing to do with gaming just like when we analogize current factual situations to slightly different ones that are handled in the past by case law.
“until some hacker finds away around the newest version of punkbuster or whathaveyou”
Creative individuals will always be able to find a way around technical protection, but that doesn’t necessarily mean that the technical protection alone does not serve its purpose better than legal action, or that the desire to pursue legal means will not materialize.
“As do PD's. Having worked in both offices I know this. However I also know a PD will work 40 hours solid to take a crappy misdemeanor charge to trial to make a prosecutor look bad. However, prosecutors work for Lead Trial Attorneys who work for the elected District or State Attorney who sets the prosecutorial priorities. Lets think a moment though on your idea: prosecuting cheating online, without a specific statute on the books, using an interesting legal theory to squeeze a guy who cheats into some currently written law. Not going to happen on an election year I'll wager. And I'll bet a prosecutor will groan when the LTA shoves it at him and says "put this kid away for duping gold on EFU" or something.”
I’ve worked in both a PD’s and a DA’s office as well. When you put things in terms of prosecuting for duping items on a NWN PW server of course it’s going to sound unappealing. Colorable arguments are often ineffective in the face of incontrovertible facts that fulfill every material element of a statute. When you put it in terms of gaining unauthorized access to someone else’s computer, that’s a bit more palatable, and that’s exactly the scenario that I’m analyzing. In many statutes that I’ve looked at the result of what you are doing is irrelevant so long as the access itself is unauthorized.
“Yes but if you dont address them and provide a basis for them, they provide lawyers like me with easy dismissal opportunities, sending you back to the computer to redraft your complaint over and over and over again until your client either runs out of time under the statute of limitations or hires another attorney.”
“Okay on my own im going to say that you need to realize it may be interesting to write about certain topics but theoretical analysis can only go so far. You have to come up with a legal theory that would survive a motion to dismiss and create enough of a factual question to survive summary judgment.”
I really liked your hypothetical. The jurisdictional questions that it raises have been answered in civil law, and I believe that many computer fraud criminal statutes do the same. Even if they didn’t, I’m free to draw up a hypothetical that fits exactly into the statute for jurisdictional and summary judgment purposes so I don’t have to address that issue. Even still, under NYS CPL S 20.60 it doesn’t matter if the server, the server owner, and the perpetrator and the victim are all in different jurisdictions, so long as either the perpetrator or the server that contains the PW are located within NYS.
Check out the following statutes and the ALR section quoted below on criminal law.
Fact scenario: The perpetrator, located out of state, accesses a NWN PW that the victim runs from their home, located in New York State (NYS), and violates a condition of use, like not duping items or gold. NYS can file a complaint under Penal § 156.05, that would survive jurisdictional challenge, in either the jurisdiction of the physical location of the perpetrator during the alleged criminal act (that wouldn’t be used), or the physical location of the victim’s computer, if one of these is in NYS. In the current scenario the victim’s computer is in NYS. The law treats this situation as if the perpetrator was actually at the victim’s (the server owner’s) computer while the crime was committed.
Even if you argued that the jurisdictional challenge would be successful for some reason, I believe that the federal statute would be applicable and has one arguably relevant part, and one part that is relevant if damages can be shown.
In the NYS statute, the knowingly element is satisfied by showing that the condition of use is clearly posted in the rules that everyone has to assert they have read and understand before they can log into the server. Accessing an NWN PW is “access[ing] a computer, computer service, or computer network”. An NWN PW is necessarily and only run from a computer. One could definitely allege sufficient facts to graduate the charge sheet to an information.
Providing server action logs, the character database, ISP records that show that at the time duping occurred that a computer at the perpetrator’s personal residence contacted the IP where the NWN PW was located, and a witness deposition explaining such evidence is enough to survive summary judgment. All that evidence is reasonably obtainable under this fact scenario during pretrial discovery.
----------------NYS LAW-----------------------
NY CLS Penal § 156.00 Offenses involving computers; definition of terms
8. "Without authorization" means to use or to access a computer, computer service or computer network without the permission of the owner or lessor or someone licensed or privileged by the owner or lessor where such person knew that his or her use or access was without permission or after actual notice to such person that such use or access was without permission. It shall also mean the access of a computer service by a person without permission where such person knew that such access was without permission or after actual notice to such person, that such access was without permission.
§ 156.05. Unauthorized use of a computer
A person is guilty of unauthorized use of a computer when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization.
Unauthorized use of a computer is a class A misdemeanor.
NY CLS CPL § 20.60 Geographical jurisdiction of offenses; communications and transportation of property between jurisdictions
3. A person who causes by any means the use of a computer or computer service in one jurisdiction from another jurisdiction is deemed to have personally used the computer or computer service in each jurisdiction.
102 A.L.R.5th 525
Criminal Jurisdiction of Municipal or Other Local Court
“Defendants in criminal proceedings often challenge the subject matter jurisdiction of the village, town, or other local court that presided over the case. One universal restriction on local court subject matter requires that the offense occur within the territorial boundaries of the locality, and this criterion may be satisfied even if the defendant is not physically present there.”
People v. Graham, 396 N.Y.S.2d 966 N.Y.Co.Ct.,1977 - In prosecution for murder in the second degree, kidnapping, and robbery, defendants filed motion to suppress certain tangible evidence seized pursuant to search warrants and also warrantless arrest and to suppress certain confessions or admissions. The County Court, County of Sullivan, Louis B. Scheinman, J., held that: (1) …, and (2) New York had greatest interest in case with respect to New Jersey searches and Florida arrest, searches, and confessions or admissions, and thus law of New York would be applied in deciding motions to suppress physical evidence. Motions denied.
Government Employees Ins. Co. v. Sheerin, 410 N.Y.S.2d 641 N.Y.A.D. 2 Dept.,1978 - Courts need not make sua sponte determination as to which law should properly apply in cases in which law of any one of number of states might arguably have application and adoption of New York law is not patently incorrect.
People v. Benson, 454 N.Y.S.2d 155 N.Y.A.D. 3 Dept.,1982 - Law of New York, and not Texas, governed application of Miranda to confession defendant made to New York police officers who interrogated defendant in Texas where the officers obtained the statement for use in New York proceeding emanating from violent crime in New York.
----------FEDERAL LAW-----------
18 USCS § 1030 Fraud and related activity in connection with computers
(a) Whoever--
(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
(C) information from any protected computer if the conduct involved an interstate or foreign communication;
[The statements between the numbered subsections are subjunctive. There’s a conjunctive connection between subsection 5A and subsection 5B. The reason why I’m harping on damages and aggregate damage from several bad acts is due to the following subsection (5B). I believe that subsection 5 is the most relevant part of the statute to the factual scenario that I want to analyze, but section (a)(2) is also arguable.]
(5) (A) (i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
(ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
(iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and
(B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused)--
(i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $ 5,000 in value;
(c) The punishment for an offense under subsection (a) or (b) of this section is—
[fine or jail time]
(e) As used in this section—
(2) the term "protected computer" means a computer—
(B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;
USCS Fed Rules Crim Proc R 18 - Place of Prosecution and Trial
Unless a statute or these rules permit otherwise, the government must prosecute an offense in a district where the offense was committed.
[This federal section might be ambiguous, but I can only imagine that lawmakers have created other sections in federal law that take out the ambiguities like NY CLS CPL § 20.60 does for NYS law in terms of computer fraud that seemingly occurs in multiple locations. I haven't had the time to find it yet.]