I need some help for an academic project that I'm working on. I hope that someone out there can assist me.

I'm writing a legal thesis on cheating in online games. The crux of my argument is that people who cheat in online games are infringing on copyright and violating criminal law. Part of the argument surrounds the issue of whether the aggregate effects of a single cheater's activities can cause damages that meet either or both criminal and civil statutory minimum damage requirements.

I'm looking for information specifically on EfU and other NWN persistent worlds because NWN persistent worlds will be part of one of the main factual scenarios that I discuss in the thesis.

What I'm looking for is: 1) a DM / administrator / builder at EfU or another NWN persistent world that can give me estimates on how often and what methods cheaters use, and any solutions implemented to address cheating issues (I understand the need to leave out details if you feel that it's something that I shouldn't know as a player), and 2) any other very on point sources that anyone can find on the prevalence of cheating in online multi-player video games, or the legal consequences of such cheating. There is also a basic definitional issue concerning what cheating is, so if you are going to comment in response to part "1)" above, please briefly define cheating as you see it for NWN persistent worlds.

There is a high likelihood that the thesis will be published in a legal journal. This means that I'll be referring to any person who gives me direct information (as in your opinion or specific information that only you are the source of) as a source in my writing (obviously your preference as to whether you would like me to use your forum handle or real name).

Anyone that provides me with information is free to see the final result if I use that information in the thesis. Thanks in advance to anyone who posts. PM me if you feel you would like to give me information, but it is not appropriate to post in a public forum.

Even the smallest generalized blurb of information could be very useful for me. Thanks in advance to anyone who takes the time to help me out.

I'm no legal expert, but you're not going to get far on this. One, there is no law against cheating in online games. The worst you can do is violate an end user agreement. Two no one is actively harmed legally or civilly by cheating in NWN.

Now, you could look at the way people have hacked games like Ultima Online or Diablo to get powerful magical gear, which they then sold on Ebay and similar sites to make large amounts of money. That was technically criminal and I think some suits may have been filed.

Sadly, the above paragraph is based entirely on heresay from someone, and I don't have first hand information about it.

Oroborous I'm no legal expert, but you're not going to get far on this. One, there is no law against cheating in online games. The worst you can do is violate an end user agreement. Two no one is actively harmed legally or civilly by cheating in NWN.

Now, you could look at the way people have hacked games like Ultima Online or Diablo to get powerful magical gear, which they then sold on Ebay and similar sites to make large amounts of money. That was technically criminal and I think some suits may have been filed.

Sadly, the above paragraph is based entirely on heresay from someone, and I don't have first hand information about it.

Thank you for your response. Mentioning specific scenarios that have resulted in law enforcement action and/or litigation is *very* helpful.

I'm a legal expert. I have the basic legal analysis down. Although there is no law specifically against cheating in online multi-player video games, my argument is to make the current law applicable to such a scenario. What I need are facts that can substantiate the assumptions behind my analysis.

I've read extensive articles that discuss the definition of cheating and the specific tactics that cheaters use. I'm not really looking for the "how" in the abstract because frankly other people have discussed this topic more completely and specifically than what I would find here.

Again, actual facts and statistics, even if just estimates from people "in the know", are more important to me at this point. I need facts from people in the field, so to speak.

Here's a very rough draft executive summary for anyone interested in a more specific preview of what the thesis is about.

Since its infancy, nearly a quarter-century past, the entertainment software industry has grown by leaps and bounds. One of the most long standing legal issues in the industry, like in many other industries involved with digital products, is copyright infringement, primarily in the form of what is known as software piracy. Recently, software piracy has been facilitated by the birth and distribution of console emulators and illegal copies of console games in a purely digital medium. Software piracy via digital and physical distribution will always be an important issue. However, there is a new industry wide problem that puts a spin on the application of copyright law, opens the door to criminal law, and that may add new business issues that together are a veritable sleeping dragon, one that is even further removed into the realm of concept and electrons.

Cheating in online multiplayer video games is the next burning issue for the entertainment software industry. Although many people may consider the topic to be laughable, it is a significant cost to an industry that is now bigger than “the movies”. These games have electronic security measures to insure that everyone plays the game as it was intended by the developer. However, as with many similar electronic security mechanisms, creative individuals can often find ways around them. Security breaches are often committed for the purpose of cheating. Such security breaches cause a degradation of the quality and the value of the game to current game players, decrease its appeal to future potential customers, and may result in both criminal and civil violations of law.

(As a side note, please do not use any writing that I post here in a document without referring to me as the source. I can provide information on how to quote the final product upon legitimate request.)

I could tell you how people cheated on games I've DM'ed for. Catch me in IRC. I'd love to see a copy of the thesis you mentioned too. It'll help me know what kind of information you're looking for.

Here's a list of sources that I have consulted already if anyone is interested (there are plenty of statutes and case law that I have been looking at, but I'll spare you):

Aarseth, Espen. "Playing Research: Methodological Approaches to Game Analysis." March 10, 2004.

Appelcline, Shannon. "How to Cheat at Online Games." April 1, 2004.

Appelcline, Shannon. "How to Cheat at Online Games, Part Two." December 1, 2005.

Appelcline, Shannon. "Online Games & The Law, Part Five: Property Rights." March 23, 2006.

Becker, David. "Online gaming's cheating heart." June 7, 2002.

Egenfeldt-Nielsen, Simon and Heide Smith, Jonas. "Online Gaming Habits." April 7, 2002.

Holiday, Scott. "Law and Order." April 23, 2004.

Kuo, Andy. "On Cheating." March 22, 2001

Moses, Asher. "Cheating: Multiplayer Gaming: Achilles' Heal?" May 17, 2003

Pritchard, matt. "How to Hurt the Hackers. The scoop on Internet Cheating and How You Can Combat it."

Wayner, Peter. "Do Cheaters ever prosper? Just ask them." March 27, 2003. New York Times.

Zetterstrom, Joel. "A Legal Analysis of Cheating in Online Multiplayer Games." March 2005

Oroborous I could tell you how people cheated on games I've DM'ed for. Catch me in IRC. I'd love to see a copy of the thesis you mentioned too. It'll help me know what kind of information you're looking for.

Thanks so much. I don't have IRC but I will send you a private message. As we were posting at around the same time be sure to catch my first response, the rough executive summary, and my initial source list.

As someone with legal training I can point out a large problem :

Venue and Jurisdiction: How could you enforce such a law when gamers come from not only multiple states but multiple countries? Even if you made the crime federal, you couldn’t prosecute a European here. And from a state to state perspective, without a federal law on it, where would you prosecute the crime? On the server or client level?

From an international standpoint I could possibly see a treaty on internet usage, but provisions for online cheating would be laughable. Furthermore, with many jurisdictions looking to regulate and censor internet usage, its not likely to be included in any treaty that could be enforceable worldwide. Keep in mind that each country would have to ratify it, and how could we get Korean gold farmers to sign on? Not going to happen.

There is something included in every game called an End User License Agreement. It dictates the terms under which games can be used. This creates a civil cause of action for publishers/programmers/licensors to defend people stealing code, etc. Tougher to enforce but it might be a more fruitful research topic than criminal enforcement of online cheating.

Civil enforcement just seems to be the more appropriate manner for legal remedies. Intellectual Property rights, copyright enforcement, and EULA contract claims are the best ways for people to get at high profile hackers and modders. You dont get arrested for cheating at sports. You just lose and get shamed. Maybe you suffer some sort of monetary penalty to an organization.

Also of note is the economy of online gaming - some games allow for funds to become transferred into real currency. This income is not taxed, and is almost impossible to trace. Furthermore, in America, money earned overseas is tough to be taxed (one reason truck drivers are risking life and limb to drive in Iraq - they can make 150,000 a year tax free) so how can the IRS or any other taxing agency track that kind of income. Also, consider Ebay where people sell online items for games for money. Ebay income is not taxed.

check this link out: http://taxprof.typepad.com/taxprof_blog/2006/12/taxation_of_vir.html

Anyways just some musings.

If you're playing a game where real money can become game money and vice versa it's easy to see the legal implications of cheating.

But what about something like NWN? I think you really have to consider what actual -damage- they do. I mean obviously if a griefer kills the character I've spent several months carefully developing, and runs off with her magic ring of +3AC or whatever, I'm going to be upset, but I haven't actually lost anything real. So what counts as 'cheating' and what kind of cheating has real, physical, negative effects?

Might also be worth looking at intellectual property - I know a livejournal forum called Bad Rpers Suck that occasionally has someone come on and say 'one of my players has started a new game of her own and stolen all of my ideas' which I can see as potentially being more of an issue. Scroll back a few months, there should be one there. But that's more text-based stuff, and it's sometimes hard to differentiate between homage, simultaneous parallel thought processes and genuine plagiarism.

Essentially, before you can start looking at details of how the crime is committed, don't you have to establish what the crime is, and what damage has been done?

(Disclaimer: I have absolutely no knowledge of law, feel free to ignore anything that's glaringly obviously wrong)

Thanks for your response. You bring up some key issues that I plan to address in the thesis, even if only briefly.

OMGbearisdriving As someone with legal training I can point out a large problem :

Venue and Jurisdiction: How could you enforce such a law when gamers come from not only multiple states but multiple countries? Even if you made the crime federal, you couldn’t prosecute a European here. And from a state to state perspective, without a federal law on it, where would you prosecute the crime? On the server or client level?

As you know often it is not about whether the law has been applied to a specific factual scenario in the past, but whether you can analogize the current factual scenario to a previously decided case.

I have done a significant amount of research in the area of “cyber law” and I can understand that someone who has not would be asking the very same questions that you have. However, these questions about venue and jurisdiction have been specifically answered with case law, within the US, concerning online activities. In other words, these are issues that have largely already been argued and decided in the broad context of online activities. I will need to show how a slightly different factual scenario fits within the existing case law. In terms of the application of civil law, often contracts like EULAs decide venue and jurisdictional issues before litigation even begins. I wish I was writing this thesis on the issues of jurisdiction and venue in the context of online activities 10-15 years ago, because then these issues would have given me a much more interesting topic to discuss than my current one, but not today.

International jurisdictional issues will always be a pain in the butt for so many reasons. To do more than mention it as an issue would be foolish of me as it would take me away from the other very highly focused issues that my thesis will address. I'm only examining US law, as applied to actors within the US.

(Bochan v. La Fontaine (1999) – Bochan (P) (from VA) sued the LaFontaines (D) alleging defamation (libel = a tort in VA) based on Internet postings they made about him. (AOL, located in VA, used by D; Earthlink, based in CA, used by P) RULE: A Virginia court may exercise personal jurisdiction over a defendant who causes tortuous injury to persons located in Virginia by posting libelous messages to an Internet newsgroup aimed at such persons.)

(Check the case Asahi Metal v. California for the pinnacle discussion on purposeful availment of a foreign entity.)

OMGbearisdriving

There is something included in every game called an End User License Agreement. It dictates the terms under which games can be used. This creates a civil cause of action for publishers/programmers/licensors to defend people stealing code, etc. Tougher to enforce but it might be a more fruitful research topic than criminal enforcement of online cheating.

You don’t need a EULA to have a civil cause of action for copyright infringement. I suggest reading the Digital Millennium Copyright Act.

My response to your suggestion to do a project that analyzes the contract law surrounding EULAs, HELL NO. Two reasons: 1) it’s boring, but more importantly 2) EULA issues have been beaten to death over the past decade by a small army of contract law gurus and extensive litigation. I would have nothing to write about that has not been written about ad nauseam. I will be mentioning cases like ProCD v. Ziedenberg and Specht v. Netscape Communications Corp. that examine the concept of notice, and constructive notice, that determines the validity of a EULA, but only as a side note.

Jurisdiction, venue, and standing really are not the interesting questions here.

OMGbearisdriving

Civil enforcement just seems to be the more appropriate manner for legal remedies. Intellectual Property rights, copyright enforcement, and EULA contract claims are the best ways for people to get at high profile hackers and modders. You dont get arrested for cheating at sports. You just lose and get shamed. Maybe you suffer some sort of monetary penalty to an organization.

Let me simplify and slightly change your first sentence quoted above: Application of civil law is the best way to address the problem of cheating in online multi-player video games.

I disagree with this statement. I would go a step further and say that I don’t think any legal remedy is economical in most situations. Goddamned attorneys cost way too much for civil litigation, and prosecutors have better things to do than go after video game junkies that find ways to cheat. Technical remedies are the most effective means to address the problem. However, it wouldn’t be an interesting paper unless I picked a very difficult and undecided situation to discuss.

But saying that “it’s interesting” is the easy way out. Let’s go back to the practicality of applying criminal law for a moment. What about when someone jaywalks, or keys a car, or spray paints a building, or harasses another person. Prosecutors have better things to do than litigate on these crimes. Even still, people get summoned before a judge for the same things every day, and you can certainly have a trial so long as the crimes are misdemeanors.

Lets add the “online” context in a civil matter that is similar to criminal harassment: enter Bochan v. La Fontaine (mentioned earlier).

I think that as crimes that occur over the internet become easier to detect and prove, they’ll be more likely to be litigated. If someone can describe adequately to a judge that harassment over an internet chat forum fulfils a tort statute, I don’t think we are very far from a criminal misdemeanor harassment charge. In fact, I have personally witnessed a case in local court that deals with criminal harassment over an instant messaging service. I don't think that cheating in online multiplayer video games is very far at all from this kind of crime, conceptually at least. The primary issue that needs to be worked out under most current statutes addressing "cyber-crime" is monetary damages, which are a fixed dispositive factor.

Right now the evidentiary issues in a similarly technical criminal case are highly impractical for local criminal courts to deal with because the technical aspects can be daunting. It is my opinion that this will change with time. Back in the 1980s I am sure that many “legal eagles” said that you could never prosecute someone for a written statement made over the Internet. Today that situation is a reality. And, just because the context of video games is quite laughable, doesn’t mean that it always will be or that the analysis that I do here cannot be applied to other more practical situations down the road.

OMGbearisdriving

Also of note is the economy of online gaming - some games allow for funds to become transferred into real currency. This income is not taxed, and is almost impossible to trace. Furthermore, in America, money earned overseas is tough to be taxed (one reason truck drivers are risking life and limb to drive in Iraq - they can make 150,000 a year tax free) so how can the IRS or any other taxing agency track that kind of income. Also, consider Ebay where people sell online items for games for money. Ebay income is not taxed.

Anyways just some musings.

This is probably the most interesting part of your post. Placing a value on damages is at the heart of my thesis. If you can show that you could have sold your Broad Sword of Uberness on E-bay for the amount of the statutory minimum, and someone cheats in a way that destroys your opportunity to make that sale and fulfills the rest of the criminal statute addressing cyber-crime, then we’ve got a case.

Chances are, you’re not going to be able to sell your Broad Sword of Uberness on E-bay for anywhere near the criminal statutory minimum damages for a "cyber-crime". But, I think this minimum damage amount will be lessened significantly over time as the cost of presenting evidence is minimized.

Another very interesting concept related to what you have said is treating cyber-space as place. In other words, applying property law concepts to what is purely digital in the context of a video game. That’s something that I will be talking about, but it makes my head hurt.

Thanks again for your comments.

Edit:

FYI there is a case that states that trespass claims are not pre-empted by copyright claims (in the digital context). EBay, Inc. v. Bidder’s Edge, Inc.

It is much easier to discuss my thesis topic in terms of "digital trespassing" (that's also tied into the concept of cyber-space as place). In other words, one could analogize the duping of items in an NWN persistant world with spray painting someone else's house. The measure of damages is again the big question, at least for me.

Facts are most important for me here. I need real factual scenarios and statements concerning the how, how often, and the value of what is damaged.

I think that as crimes that occur over the internet become easier to detect and prove, they’ll be more likely to be litigated. If someone can describe adequately to a judge that harassment over an internet chat forum fulfils a tort statute, I don’t think we are very far from a criminal misdemeanor harassment charge. In fact, I have personally witnessed a case in local court that deals with criminal harassment over an instant messaging service.

Ah, the inherent pleasure of a legal system that does primarily serve the system itself. ;) From the point of view of continental jurisprudence, the idea of cheating in MMORPGs violating criminal law based on copyright infringement does reek. In any case, mind that unless there is a coded-in anti-cheat protection AND the person puts a cheat that circumvents or removes this protection into circulation, Directive 91/250/EEC can be interpreted (as regards cheating through decompilation) ambiguously (see Art. 6); to my knowledge, this ambiguity has been transposed into all of the Member States' legal orders. I would not rely on the intended purpose clause either since the ECJ has already proven to be rather flexible in interpreting similar provisions of the EC law in the past.

Entirely another issue is the degradation of quality and value of the services (not to mention the brand damage) which can doubtlessly result in criminal proceeding but cannot be in any way legally related to copyright infringement. An interesting twist within the EC law would be defining the cheaters as undertakings within the meaning of Art. 81 of the EC Treaty and subsequently applying para. 1b and 1d. That would require the Court to recognize virtual economy, though, and presume the cheaters to use the cheats to improve their economic position. Anyhow, that's beyond the scope of your thesis: you said you were examining the US law only.

However, you might want to check out Philippe Amblard's Régulation de l'Internet (Bruylant, 2004). I used it for my research and a few things treated therein could complement your argument on aggregate effects of norm infringement on the Internet and shed some light on meta-legal issues in applying criminal law to MMORPG cheaters.

End of blabber.

spawnofweevil

If you're playing a game where real money can become game money and vice versa it's easy to see the legal implications of cheating.

But what about something like NWN? I think you really have to consider what actual -damage- they do. I mean obviously if a griefer kills the character I've spent several months carefully developing, and runs off with her magic ring of +3AC or whatever, I'm going to be upset, but I haven't actually lost anything real. So what counts as 'cheating' and what kind of cheating has real, physical, negative effects?

You are hitting on a fundamental issue. One does not need to have knowledge of the law to understand it.

If I'm walking down the sidewalk and I let my dog shit on your lawn, does that cause measurable damage that should have a remedy in criminal law? The answer is: if you want it to. Some people would say yes, of course that's horrible, and some people would say no, stop whining and wasting public resources. Hence the varying degree and presence of leash laws.

The question of whether there should be criminal sanctions for digital trespassing is answered in the same manner. The public, via law makers, has mostly answered by saying yes, but only if it causes a certain amount of damage that can be measured to eqaul a certain amount monetarily.

So, what we'd need to figure out is how to argue that your magic ring of AC +3 cost you in terms of real world dollars an amount equal or greater than the statutory minimum. If the statutory minimum is $100, and it took you 10 hours to get your ring +3, and you make $10 an hour at your job, and if you were not playing NWN you definitely would have been working (you'd win me over if I was the judge ;-)) you might assign value like that. Or, what do the video game character building factories in China charge for a ring +3 on E-bay, etc. We'd also need to establish that objects that are created and destroyed purely in the digital medium are property.

The easier question is, if i walk down the street with a pack of dogs and let them shit on everyone's lawn in the neighborhood, should there be a remedy in criminal law. I think most people would say yes. Aggregation of the damage of lots of little crimes makes it easier to justifiy a criminal case and argue that what was done is equal to the minimum damage requirement.

So, if instead of just griefing you gainst the rules of a PW, and taking away your ring +3, what if someone hacked into the server and edited the database where characters are stored and gave his character an inordinate amount of gold and uber weapons, then ran around and bitched slapped 100 other characters on the server?

Hmmm.... I think that should be against the law, criminally, in the same way that I think that letting your dog shit on someone else's lawn should be against the law, criminally. I would be willing to guess that it is clearly criminal activity in many jurisdictions, however, the issue remains under many statutes that we need to prove a certain amount of damage, measured in dollars.

Here's a more on point set of questions: What if I gave someone permission to walk across my lawn, but only on the condition that they don't let their dog shit on it, and then they walk across my lawn and let their dog shit on it? In another context, what if I gave someone permission to use my NWN PW but only on the condition that they are not allowed to dupe items, then they dupe items?

This is a really cool topic for me, because I think that we're walking such a fine conceptual line that a convincing argument can be made to say that the second question, in the digital context, can be interpreted as being against the law, criminally. The question remains of how to get to monetary damages.

my comments are in italics

socialmisfit

As you know often it is not about whether the law has been applied to a specific factual scenario in the past, but whether you can analogize the current factual scenario to a previously decided case.

This is true, however, I worked in a prosecutor's office. You mentioned that you wanted to talk about the criminalization of online cheating. You may or may not live in America, this is a international community, but criminal laws are statutory. We do not prosecute people for common law crimes. The common law is often the basis for codification, though. You can create legal theories for why online cheating might fall under a certain statutory crime, but you have to charge someone with the crime (burglary, tax evasion, whatever your theory is) and therein you have to establish venue and so on. Its just that when I took trial advocacy, if you failed to establish that the crime took place in the jurisdiction of the court by the time youre done presenting your case in chief, you lose on a directed verdict. Which brings back the question of which court and which state? and what law?

I have done a significant amount of research in the area of “cyber law” and I can understand that someone who has not would be asking the very same questions that you have. However, these questions about venue and jurisdiction have been specifically answered with case law, within the US, concerning online activities. In other words, these are issues that have largely already been argued and decided in the broad context of online activities. I will need to show how a slightly different factual scenario fits within the existing case law. In terms of the application of civil law, often contracts like EULAs decide venue and jurisdictional issues before litigation even begins.

Practically all contracts do

I wish I was writing this thesis on the issues of jurisdiction and venue in the context of online activities 10-15 years ago, because then these issues would have given me a much more interesting topic to discuss than my current one, but not today.

International jurisdictional issues will always be a pain in the butt for so many reasons.

one reason why i rue the day we fall under icc jurisdiction. and dont even start on lazy countries who dont sign extradition treaties.

To do more than mention it as an issue would be foolish of me as it would take me away from the other very highly focused issues that my thesis will address. I'm only examining US law, as applied to actors within the US.

(Bochan v. La Fontaine (1999) – Bochan (P) (from VA) sued the LaFontaines (D) alleging defamation (libel = a tort in VA) based on Internet postings they made about him. (AOL, located in VA, used by D; Earthlink, based in CA, used by P) RULE: A Virginia court may exercise personal jurisdiction over a defendant who causes tortuous injury to persons located in Virginia by posting libelous messages to an Internet newsgroup aimed at such persons.)

(Check the case Asahi Metal v. California for the pinnacle discussion on purposeful availment of a foreign entity.)

Ok when it comes to ideas of establishing personal jurisdiction in a civil court you do have the nexis test. Its a tenuous basis for personal jurisdiction, but ill buy it for a civil purpose.

OMGbearisdriving

There is something included in every game called an End User License Agreement. It dictates the terms under which games can be used. This creates a civil cause of action for publishers/programmers/licensors to defend people stealing code, etc. Tougher to enforce but it might be a more fruitful research topic than criminal enforcement of online cheating.

You don’t need a EULA to have a civil cause of action for copyright infringement. I suggest reading the Digital Millennium Copyright Act.

No, but it is a basis for contractual lawsuits. Copyright infringement is but one avevnue for responding to cheaters.

My response to your suggestion to do a project that analyzes the contract law surrounding EULAs, HELL NO. Two reasons: 1) it’s boring, but more importantly 2) EULA issues have been beaten to death over the past decade by a small army of contract law gurus and extensive litigation. I would have nothing to write about that has not been written about ad nauseam. I will be mentioning cases like ProCD v. Ziedenberg and Specht v. Netscape Communications Corp. that examine the concept of notice, and constructive notice, that determines the validity of a EULA, but only as a side note.

Jurisdiction, venue, and standing really are not the interesting questions here.

Yes but if you dont address them and provide a basis for them, they provide lawyers like me with easy dismissal opportunities, sending you back to the computer to redraft your complaint over and over and over again until your client either runs out of time under the statute of limitations or hires another attorney.

OMGbearisdriving

Civil enforcement just seems to be the more appropriate manner for legal remedies. Intellectual Property rights, copyright enforcement, and EULA contract claims are the best ways for people to get at high profile hackers and modders. You dont get arrested for cheating at sports. You just lose and get shamed. Maybe you suffer some sort of monetary penalty to an organization.

Let me simplify and slightly change your first sentence quoted above: Application of civil law is the best way to address the problem of cheating in online multi-player video games.

I dont like it when people put words in my mouth but on this one youre pretty much on point. I do think the civil remedy will have a much more chilling effect. Look what Napster did to server based p2p downloading. Yes you cant stop torrent sharing, but it created a whole new industry for Rhapsody et al.

I disagree with this statement. I would go a step further and say that I don’t think any legal remedy is economical in most situations. Goddamned attorneys cost way too much for civil litigation, and prosecutors have better things to do than go after video game junkies that find ways to cheat.

Then why write this article unless you perceived there to be a demand for a legal means to prevent online cheating?

Technical remedies are the most effective means to address the problem.

until some hacker finds away around the newest version of punkbuster or whathaveyou

However, it wouldn’t be an interesting paper unless I picked a very difficult and undecided situation to discuss.

But saying that “it’s interesting” is the easy way out. Let’s go back to the practicality of applying criminal law for a moment. What about when someone jaywalks, or keys a car, or spray paints a building, or harasses another person. Prosecutors have better things to do than litigate on these crimes.

As do PD's. Having worked in both offices I know this. However I also know a PD will work 40 hours solid to take a crappy misdemeanor charge to trial to make a prosecutor look bad. However, prosecutors work for Lead Trial Attorneys who work for the elected District or State Attorney who sets the prosecutorial priorities. Lets think a moment though on your idea: prosecuting cheating online, without a specific statute on the books, using an interesting legal theory to squeeze a guy who cheats into some currently written law. Not going to happen on an election year I'll wager. And I'll bet a prosecutor will groan when the LTA shoves it at him and says "put this kid away for duping gold on EFU" or something.

Even still, people get summoned before a judge for the same things every day, and you can certainly have a trial so long as the crimes are misdemeanors.

Lets add the “online” context in a civil matter that is similar to criminal harassment: enter Bochan v. La Fontaine (mentioned earlier).

I think that as crimes that occur over the internet become easier to detect and prove, they’ll be more likely to be litigated. If someone can describe adequately to a judge that harassment over an internet chat forum fulfils a tort statute, I don’t think we are very far from a criminal misdemeanor harassment charge.

I can get behind the idea of sending harrasing IMs, tells, forum postings, or whathave you as harassment, and how that could rise to cyberstalking (which has its own statutes) but I think theres a difference between harassment and cheating, which i thought your thesis was about, like wallhacks, duping, and whathaveyou

In fact, I have personally witnessed a case in local court that deals with criminal harassment over an instant messaging service. I don't think that cheating in online multiplayer video games is very far at all from this kind of crime, conceptually at least. The primary issue that needs to be worked out under most current statutes addressing "cyber-crime" is monetary damages, which are a fixed dispositive factor.

Right now the evidentiary issues in a similarly technical criminal case are highly impractical for local criminal courts to deal with because the technical aspects can be daunting. You know whats sad, I had to explain to someone at the PD's office what an IP address is. But I think youre underestimating the techincal capabilities of most Police Forces

It is my opinion that this will change with time. Back in the 1980s I am sure that many “legal eagles” said that you could never prosecute someone for a written statement made over the Internet. Today that situation is a reality. And, just because the context of video games is quite laughable, doesn’t mean that it always will be or that the analysis that I do here cannot be applied to other more practical situations down the road.

OMGbearisdriving

Also of note is the economy of online gaming - some games allow for funds to become transferred into real currency. This income is not taxed, and is almost impossible to trace. Furthermore, in America, money earned overseas is tough to be taxed (one reason truck drivers are risking life and limb to drive in Iraq - they can make 150,000 a year tax free) so how can the IRS or any other taxing agency track that kind of income. Also, consider Ebay where people sell online items for games for money. Ebay income is not taxed.

Anyways just some musings.

This is probably the most interesting part of your post. Placing a value on damages is at the heart of my thesis. If you can show that you could have sold your Broad Sword of Uberness on E-bay for the amount of the statutory minimum, and someone cheats in a way that destroys your opportunity to make that sale and fulfills the rest of the criminal statute addressing cyber-crime, then we’ve got a case.

Okay we have some synthesis here. There is a crime in tax evasion if you dont pony up for realized gain due to selling. I think this could be avoided if Ebay issued 1099 MISC's foir selling. If someone cheats in a way to prevent a sale, you have a civil remedy of tortious interference. And I see an instance here of lost economic profits, not theft. Heres a hypo

A offers to sell the Hackmaster +12, a super unique sword on ebay. Only 10 or so have been found and sold, and the going rate is something like 500 bucks. A puts up an ebay auction for it for 3 days. he has to hold onto the item for enough time to get the payment and arrange the transfer. A hangs out in a no pvp zone. B uses cheat.exe which allows him to get into the code and attack people in no pvp areas and loot their corpses. B kills A who is sitting in the Nopvp Inn and steals the hackmaster +12, preventing A from paying off any potential bidders.

this is a tortious interference suit. Although you could possibly argue robbery as a criminal charge if this was real life, A did not have the sword. he had an economic interest in the sale of the sword. You cant put the guy in jail for keeping you from fulfilling your contract. Furthermore, lets say the server they played on was in Alaska, and one lived in California and the other lived in Maine. Where do you possibly bring up a theft charge?

Chances are, you’re not going to be able to sell your Broad Sword of Uberness on E-bay for anywhere near the criminal statutory minimum damages for a "cyber-crime". But, I think this minimum damage amount will be lessened significantly over time as the cost of presenting evidence is minimized.

Another very interesting concept related to what you have said is treating cyber-space as place. In other words, applying property law concepts to what is purely digital in the context of a video game. That’s something that I will be talking about, but it makes my head hurt.

Thanks again for your comments.

Edit:

FYI there is a case that states that trespass claims are not pre-empted by copyright claims (in the digital context). EBay, Inc. v. Bidder’s Edge, Inc.

It is much easier to discuss my thesis topic in terms of "digital trespassing" (that's also tied into the concept of cyber-space as place). In other words, one could analogize the duping of items in an NWN persistant world with spray painting someone else's house. The measure of damages is again the big question, at least for me.

Facts are most important for me here. I need real factual scenarios and statements concerning the how, how often, and the value of what is damaged.

Okay on my own im going to say that you need to realize it may be interesting to write about certain topics but theoretical analysis can only go so far. You have to come up with a legal theory that would survive a motion to dismiss and create enough of a factual question to survive summary judgment. I maintain that right now any legal recourse step beyond creating anticheating software requires a civil suit.

Feel free to PM me specific questions or catch me on IRC if you're interested in any data directly relating to EfU.

Howland Feel free to PM me specific questions or catch me on IRC if you're interested in any data directly relating to EfU.

Thanks so much. I'll be in touch.

(Now that I’m getting into a discussion of “what the law is”, I want to qualify my statement “I’m a legal expert.” I’m only a legal expert in so far as my work experience and formal education as a law student make me a legal expert. My statements in this forum are not legal advice, and if you are looking for legal advice do not assume my comments here are such. Instead you should consult a practicing attorney; I’m not one.)

OMGbearisdriving,

Thanks for your well thought out response. It’s great to have someone else with a legal education and real world experience as an attorney comment on my ideas. One thing that’s not taught in law school very well is how to practice. You’ve brought out a lot of practical issues that I haven’t touched on very well.

“Then why write this article unless you perceived there to be a demand for a legal means to prevent online cheating?”

I believe that even though now the best means of handling cheaters is technical, there will be a future demand for a legal means to prevent cheating in online games. This is an academic exercise, and I think that it may produce beneficial analysis for examining other scenarios that don’t have a thing to do with gaming just like when we analogize current factual situations to slightly different ones that are handled in the past by case law.

“until some hacker finds away around the newest version of punkbuster or whathaveyou”

Creative individuals will always be able to find a way around technical protection, but that doesn’t necessarily mean that the technical protection alone does not serve its purpose better than legal action, or that the desire to pursue legal means will not materialize.

“As do PD's. Having worked in both offices I know this. However I also know a PD will work 40 hours solid to take a crappy misdemeanor charge to trial to make a prosecutor look bad. However, prosecutors work for Lead Trial Attorneys who work for the elected District or State Attorney who sets the prosecutorial priorities. Lets think a moment though on your idea: prosecuting cheating online, without a specific statute on the books, using an interesting legal theory to squeeze a guy who cheats into some currently written law. Not going to happen on an election year I'll wager. And I'll bet a prosecutor will groan when the LTA shoves it at him and says "put this kid away for duping gold on EFU" or something.”

I’ve worked in both a PD’s and a DA’s office as well. When you put things in terms of prosecuting for duping items on a NWN PW server of course it’s going to sound unappealing. Colorable arguments are often ineffective in the face of incontrovertible facts that fulfill every material element of a statute. When you put it in terms of gaining unauthorized access to someone else’s computer, that’s a bit more palatable, and that’s exactly the scenario that I’m analyzing. In many statutes that I’ve looked at the result of what you are doing is irrelevant so long as the access itself is unauthorized.

“Yes but if you dont address them and provide a basis for them, they provide lawyers like me with easy dismissal opportunities, sending you back to the computer to redraft your complaint over and over and over again until your client either runs out of time under the statute of limitations or hires another attorney.”

“Okay on my own im going to say that you need to realize it may be interesting to write about certain topics but theoretical analysis can only go so far. You have to come up with a legal theory that would survive a motion to dismiss and create enough of a factual question to survive summary judgment.”

I really liked your hypothetical. The jurisdictional questions that it raises have been answered in civil law, and I believe that many computer fraud criminal statutes do the same. Even if they didn’t, I’m free to draw up a hypothetical that fits exactly into the statute for jurisdictional and summary judgment purposes so I don’t have to address that issue. Even still, under NYS CPL S 20.60 it doesn’t matter if the server, the server owner, and the perpetrator and the victim are all in different jurisdictions, so long as either the perpetrator or the server that contains the PW are located within NYS.

Check out the following statutes and the ALR section quoted below on criminal law.

Fact scenario: The perpetrator, located out of state, accesses a NWN PW that the victim runs from their home, located in New York State (NYS), and violates a condition of use, like not duping items or gold. NYS can file a complaint under Penal § 156.05, that would survive jurisdictional challenge, in either the jurisdiction of the physical location of the perpetrator during the alleged criminal act (that wouldn’t be used), or the physical location of the victim’s computer, if one of these is in NYS. In the current scenario the victim’s computer is in NYS. The law treats this situation as if the perpetrator was actually at the victim’s (the server owner’s) computer while the crime was committed.

Even if you argued that the jurisdictional challenge would be successful for some reason, I believe that the federal statute would be applicable and has one arguably relevant part, and one part that is relevant if damages can be shown.

In the NYS statute, the knowingly element is satisfied by showing that the condition of use is clearly posted in the rules that everyone has to assert they have read and understand before they can log into the server. Accessing an NWN PW is “access[ing] a computer, computer service, or computer network”. An NWN PW is necessarily and only run from a computer. One could definitely allege sufficient facts to graduate the charge sheet to an information. Providing server action logs, the character database, ISP records that show that at the time duping occurred that a computer at the perpetrator’s personal residence contacted the IP where the NWN PW was located, and a witness deposition explaining such evidence is enough to survive summary judgment. All that evidence is reasonably obtainable under this fact scenario during pretrial discovery.

----------------NYS LAW-----------------------

NY CLS Penal § 156.00 Offenses involving computers; definition of terms

8. "Without authorization" means to use or to access a computer, computer service or computer network without the permission of the owner or lessor or someone licensed or privileged by the owner or lessor where such person knew that his or her use or access was without permission or after actual notice to such person that such use or access was without permission. It shall also mean the access of a computer service by a person without permission where such person knew that such access was without permission or after actual notice to such person, that such access was without permission.

§ 156.05. Unauthorized use of a computer

A person is guilty of unauthorized use of a computer when he or she knowingly uses, causes to be used, or accesses a computer, computer service, or computer network without authorization.

Unauthorized use of a computer is a class A misdemeanor.

NY CLS CPL § 20.60 Geographical jurisdiction of offenses; communications and transportation of property between jurisdictions

3. A person who causes by any means the use of a computer or computer service in one jurisdiction from another jurisdiction is deemed to have personally used the computer or computer service in each jurisdiction.

102 A.L.R.5th 525 Criminal Jurisdiction of Municipal or Other Local Court

“Defendants in criminal proceedings often challenge the subject matter jurisdiction of the village, town, or other local court that presided over the case. One universal restriction on local court subject matter requires that the offense occur within the territorial boundaries of the locality, and this criterion may be satisfied even if the defendant is not physically present there.”

People v. Graham, 396 N.Y.S.2d 966 N.Y.Co.Ct.,1977 - In prosecution for murder in the second degree, kidnapping, and robbery, defendants filed motion to suppress certain tangible evidence seized pursuant to search warrants and also warrantless arrest and to suppress certain confessions or admissions. The County Court, County of Sullivan, Louis B. Scheinman, J., held that: (1) …, and (2) New York had greatest interest in case with respect to New Jersey searches and Florida arrest, searches, and confessions or admissions, and thus law of New York would be applied in deciding motions to suppress physical evidence. Motions denied.

Government Employees Ins. Co. v. Sheerin, 410 N.Y.S.2d 641 N.Y.A.D. 2 Dept.,1978 - Courts need not make sua sponte determination as to which law should properly apply in cases in which law of any one of number of states might arguably have application and adoption of New York law is not patently incorrect.

People v. Benson, 454 N.Y.S.2d 155 N.Y.A.D. 3 Dept.,1982 - Law of New York, and not Texas, governed application of Miranda to confession defendant made to New York police officers who interrogated defendant in Texas where the officers obtained the statement for use in New York proceeding emanating from violent crime in New York.

----------FEDERAL LAW-----------

18 USCS § 1030 Fraud and related activity in connection with computers (a) Whoever-- (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains— (C) information from any protected computer if the conduct involved an interstate or foreign communication;

[The statements between the numbered subsections are subjunctive. There’s a conjunctive connection between subsection 5A and subsection 5B. The reason why I’m harping on damages and aggregate damage from several bad acts is due to the following subsection (5B). I believe that subsection 5 is the most relevant part of the statute to the factual scenario that I want to analyze, but section (a)(2) is also arguable.]

(5) (A) (i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer; (ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or (iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and (B) by conduct described in clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted offense, would, if completed, have caused)-- (i) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $ 5,000 in value;

(c) The punishment for an offense under subsection (a) or (b) of this section is— [fine or jail time]

(e) As used in this section— (2) the term "protected computer" means a computer— (B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States;

USCS Fed Rules Crim Proc R 18 - Place of Prosecution and Trial

Unless a statute or these rules permit otherwise, the government must prosecute an offense in a district where the offense was committed.

[This federal section might be ambiguous, but I can only imagine that lawmakers have created other sections in federal law that take out the ambiguities like NY CLS CPL § 20.60 does for NYS law in terms of computer fraud that seemingly occurs in multiple locations. I haven't had the time to find it yet.]