The Lawbringer: A world without remedy
by Mathew McCurley 
Feb 18th 2011 at 1:00PM
One of the very basic tenets of our society and our social structure is that when we are wronged, there is remedy. If your car is totaled by a careless driver, you have recourse through insurance companies or the driver's own wallet. There's someone you can sue, usually, and get enough money to make you whole again. The thing you lost, your car, has a certain value. The money puts you back in the position you were before you were wronged.
Late last week, we learned about a startling occurrence in the games industry -- Crysis 2 was leaked. And not just any leak: Rock Paper Shotgun reported that not only was a developer build of Crysis 2 leaked with the full single-player content available, but also the multiplayer experience as well as a keystone master online authentication key, making CD key facilitation magnitudes easier for pirates. Leaks happen, but Crysis was mere weeks from release. The most interesting and potentially saddest aspect of this story is that when games leak out from the watchful gaze of their developers, there is little to no recourse for these companies on the scale that is required to be made whole.
This week, I'm going to talk about a world without recourse, the location of one of the game industry's biggest and scariest problems, the world of online activation, and how Blizzard's tight-lipped security still doesn't prevent leaks even as one of the biggest gaming concerns running now.
Crisis at Crytek
On Feb. 11, Rock Paper Shotgun posted a link to a thread on the Facepunch forums, claiming that an almost complete, potentially fully complete, version of Crytek's next flagship title Crysis 2, due out March 22, had been leaked to the internet. Not only was the full game leaked, but also the entire multiplayer experience as well as the keys to the castle, so to speak -- the master key for the online authentication, negating a good amount of the online authentication necessary to play the game legitimately. Torrent sites filled up with leaked copies. EA and Crytek issued a short response:
The damage is unknown, but it will be a lot more than monetary. Early copies of games that get leaked are hardly fully optimized or ready for consumer consumption, but in Crysis 2's case, being so close to release, we could potentially already have a gold copy out on the internet. In addition to hurting sales, a leaked copy of this magnitude could affect consumer expectations. Early reviews of an unfinished game could tear the hype out from under Crytek. EA investors could see this leak as detrimental to their involvement and funding of the game developer for future projects.Crytek has been alerted that an early incomplete, unfinished build of Crysis 2 has appeared on Torrent sites. Crytek and EA are deeply disappointed by the news. We encourage fans to support the game and the development team by waiting and purchasing the final, polished game on March 22. Crysis 2 is still in development and promises to be the ultimate action blockbuster as the series' signature Nanosuit lets you be the weapon as you defend NYC from an alien invasion. Piracy continues to damage the PC packaged goods market and the PC development community.
So your game has been leaked ...
What does a developer do when a game has leaked? EA and Crysis issued a response that asks the consuming public to wait for a final release, to support the publishers and developers who make great games happen. Back in 2003, Valve's long-awaited Half-Life 2 was leaked due to security issues on Valve's servers, with Gabe Newell asking forum-goers to help track down the offenders. In 2004, Valve and the FBI announced arrests in the leak, and in 2006, German citizen Axel Gembe was arrested and tried in Germany for the leak and other crimes. He got 2 years probation.
Containing a leak is basically the only course of action to take when something this massive happens. Your property has been stolen and released to the world. Copyrighted software source code has been taken from you and released illegally. Companies, developers and producers alike spring into containment mode. It isn't easy -- you all know how fast information spreads on the internet, even in massive, gigabyte form.
Not only do you want to contain the game itself but also bolster consumer confidence in your game. If you can't keep a tight lid on security before your game is even launched, how do you expect to meet the needs of consumers after release? Sadly, it's a problem that comes up with MMOs all the time, when a developer has beta testing in place that falls hard and fast once the open beta servers are activated. Consumer confidence in the game drops when an early build or unfinished server architecture fails, stopping hype in its tracks.
Damaged goods
When a game is leaked, what types of damage can be expected? Well, it's a lot more than financial, sadly. Even in the monetary realm, the damage is multi-faceted. First, you've got the potential loss of sales, boxed and downloaded copies that would have otherwise been sold to the public, if not for their ability to already download and play the game.
Second, you've got the cost of the containment. You can bet that employees from both EA and Crytek are working around the clock, not on their game but on the containment and management of the leak, checking systems, and working to shut down torrents.
Third, you've got the ancillary costs of recovery. Someone might get sued, but who? You've got lawyers and investigators to pay, especially if the leak is something huge.
Fourth, you've got advertising dollars already in a budget that now have to either be retooled or refunded due to the change in public perception and potential early reviews and sentiment that breaks about an unreleased title. This is all just scratching the surface.
Not all damage is money-related. What happens internally at Crytek, where a system-wide investigation gets to take place over who leaked what, where problems occurred, and how to prevent these types of problems from happening again. Because of the leak in an already volatile economy and industry, will people have to be let go because of the costs of the leaks? Will bonuses that would have otherwise been paid for record sales instead be turned into containment cash or new software to replace the online authentication key system? The cost of the loss of integrity is unfathomable.
Here's the crux of the problem -- who do you sue? Crytek and EA have little to no recourse in the event of a leak. When Half-Life 2 was leaked and the perpetrator eventually found, Valve didn't get any money out of him. The guy got 2 years of probation. Who could Crytek and EA sue?
They could sue the leaker, the main guy who cracked in to Crytek's internal FTP (if that's what happened), and sue him for everything he's got. But everything he's got isn't going to amount to anything near the actual damages Crytek will suffer. Does this hacker have millions stashed away for a rainy day judgment, just in case he gets caught? Highly unlikely.
Software infringers could be sued, like the torrent sites that host the leaked files, but these sites are mainly outside the United States or Germany, Crytek's headquarter nation. And how do you decide who to sue? The data collection alone would take time, money, effort, and manpower to complete. You don't see the fruits of your damage collection labor until well after the crime and damage occurs.
When you get right down to it, the level of financial and personal damage done to the studio is unrecoverable. This is all money lost, pure and simple, with little to no recourse. The only way to fully recover from a leak is to never have your software leaked at all. All press is good press to many people, but in the case of a game leak, people's knowing a hotly anticipated game is up for grabs online means more torrent activity.
Some have said that the download numbers haven't been too high with this particular leak, either because people just don't want to download the game because they would rather wait for the retail copy or because the file size is too large. The number of downloads, for the most part, doesn't matter. The potential to do damage is the problem -- 5,000 illegal downloads is still 5,000 illegal downloads. The damage is already done, no matter the number of copies downloaded. Crytek has to contain this leak as if everyone in the world is downloading its game in order to combat the damage.
Blizzard's secrecy and the online model
We talked about private servers a few weeks back, and I came to the conclusion that the ones that generate revenue and serve up illegal copies of WoW through stolen or fabricated server software hurt Blizzard's bottom line. Blizzard is one of the biggest game developers out there in terms of money and protection. It keeps its stuff under many locks and many keys.
Beta clients get leaked all the time with Blizzard. I distinctly remember a certain friend of mine with a certain Warcraft 3 disc that made the rounds in our dorm room back during my first year at Berkeley. We see Blizzard leaks all the time, so even one of the biggest and most secretive companies in the industry has issues with leaks. MMO-Champion's infamous Cataclysm leak, for instance, shocked the community, opening up a huge amount of Cataclysm alpha content to a world it was definitely not intended for.
Hype is a commodity, plain and simple. Blizzard's product secrecy supports a level of hype that needs to be maintained for such a successful company. Loyal fanbases love hype, for any product or company that is willing to feed it. I don't see this as a bad thing at all. I love hype. I love buying into hype. I have fun rooting for my products because in a world with so much choice, my brain likes having one thing to focus on instead of the multitude of choices that exist before me.
Information is awesome, of course, but at what price? The game will come out eventually, but information leaks versus full product leaks are two completely different monsters. Blizzard's information leaks, thankfully, haven't killed its hype machine or its willingness to engage in alphas -- they are crucial development stages. Crysis 2's leak will hopefully not be a factor in Crysis 2's success.
This is why online activation is here to stay. As long as there is piracy, we will have DRM and activation issues. No matter how many products or full versions get released through leaks or mistakes, one of the more concrete ways to make retail products manageable is to require some type of online authentication to play. It sucks. It completely sucks, especially for people with intermittent internet. For a multiplayer experience, you're going to be logging in anyway, so requiring authentication isn't that big of a deal.
Single-player content is another story. If Crysis 2 were a completely single-player affair, would the nature of this leak change things? Probably dramatically. Authentication keys can be changed -- it's expensive and time-consuming, but it's potentially fixable. How do you fix a single-player only leak that is the complete experience?
As long as people continue to break the law in regards to stealing and leaking copies of video games, you're going to see harsh activation. It sucks. I already said it sucks. But what is the alternative? Here are two hypothetical situations.
First, we get rid of all DRM and online activation. Stuff gets bought and leaked the day of release or even beforehand. Single-player content is freely available on the internet, and as piracy gets easier, more people get in on it. The more people pirate, the more a company has to spend to combat piracy, and the margins on AAA titles fall through the floor.
Second, let's hypothetically institute harsh DRM, combat leaks to the fullest, and make all games require some kind of server authentication, single- or multiplayer, regardless. Players get upset, intermittent internet users get frustrated, and game companies end up having to treat us all like thieves.
Do you think a transition to Battle.net for all of our accounts is just for functionality? Most likely not. I stated before that I believe Battle.net has a vast social future, combining all the good aspects of social networking and sharing into a comprehensive software suite of Battle.net profiles, guild/clan pages, and information sharing alike. Battle.net's ubiquity also serves to make piracy more difficult, creating an online layer to everything Blizzard makes. So far, it seems to be a good compromise.
Where is the line? I don't know. I've been thinking about it for a long time, and hopefully I'll put my own thoughts down for people to read. Right now, though, I'm thinking about leaks and damages, the insurmountable costs that are associated with this brand of video game piracy, and all I can think about are the people at Crytek scrambling to make this less of a disaster. At the very least, the people perpetrating this leak are disrespectful to the industry, as the remedies available during a leak of this magnitude can hurt a lot of people, even after Crytek still expresses its love of the PC community.
This column is for entertainment only; if you need legal advice, contact a lawyer. For comments or general questions about law or for The Lawbringer, contact Mat at mat@wowinsider.com.Filed under: Analysis / Opinion, The Lawbringer
Reader Comments (Page 1 of 4)
Forreststump Feb 18th 2011 1:26PM
As long as you have a segment of the population willing to leak/steal/pirate copyrighted material, strong measures must be taken, annoying as they are. Rationalize it all you want, but theft is theft, lipstick on the pig be damned - and the developers (or artists) are well within their rights to take whatever means necessary to safeguard their creations.
Dok Feb 18th 2011 1:36PM
I agree that copy protection steps can be reasonable and necessary. The problem I keep running into is the game publishers claim this is solely about "Un-Authorized Copying" which I believe is false.
Activation and "Must login to use" games are also very effective at shutting out the used game market. I am not talking about ebay burned and cracked copies but actual used games which are legal to resell and stop playing yourself. Like used books, CDs, DVDs and all the other material subject to copyright that has a legitimate used market.
Jeff Feb 18th 2011 2:11PM
But the problem remains that, to this day, there is no such thing as an "uncrackable" game. Extremely draconian measures may succeed in delaying piracy for a short while, but they will NEVER prevent it entirely. Thieves will steal. Period. That's a fact, it cannot be changed, and publishers/developers need to come to grips with it.
The longer they take to realize that, the longer we legitimate consumers have to cope with being treated like criminals by insane copy-protection measures like Ubisoft's "Must be online 100% of the time to play Single Player" system, which they are thankfully doing away with (Sort of).
All the while, pirates can play the game without those headaches. We pay $60 for the game and have to put up with a system that basically assumes we're criminals and requires constant verification that we aren't. They pay $0 and can just play the game with no headaches. How is that fair?
There are COUNTLESS examples of developers and publishers seeing extraordinary success with games that don't include any copy protection at all. Of course they'll still be pirated, but they won't be pirated any more or less than they otherwise would. The moral of the story is this: Extreme anti-piracy measures do absolutely nothing to pirates. They only hurt the legitimate consumers. Pirates just crack it and move on with their day.
MrLemurBoy Feb 18th 2011 2:28PM
Theft is, indeed, theft. But copyright infringement is not theft. The law itself states that. They may be similar, but there are differences between the two.
I do agree that developers and artists have the right to protect and safeguard the monopolies granted to them by the government, but it should be asked whether the methods they use to do so are actually in the best interests of the artists, as well as society.
There's not a simple black and white answer to this. There are many shades of grey in these circumstances.
theRaptor Feb 18th 2011 2:29PM
The only way to stop your creative work being "stolen" is to put it in a safe, fill the safe with concrete, and then drop it into the Mariana trench. Being over zealous with protection measures only annoys legit customers* (because the pirated version will have them stripped out).
Personally these days I don't pirate because most games aren't worth it (ie it takes me longer to download than to play), and I always paid for good games.
Look at Minecraft. It is an indy game that has sold millions of copies and is distributed as a .jar file (meaning the raw code can be pulled out, you don't even need to decompile it).
* I have had more problems with security measures on games I paid for then I ever had with pirated games back in the day.
Netherscourge Feb 18th 2011 2:43PM
This crap is killing the PC industry.
At least the console makers can identify and BAN whole consoles running mod chips from online access.
The PC is an open environment and it's just too easy to use it to pirate games. I don't blame anyone who creates single-player games to go 100% console exclusive. It's a proven fact you make more money, even with the licensing fees involved. to go console over PC.
Pirates are just making this happen a lot faster.
onetrueping Feb 18th 2011 2:50PM
I agree with Jeff. The fact is that piracy is a constant part of the internet (like porn), and will never be stopped, whatever draconian measures are employed. The more intelligent developers instead offer reasons to buy the game, such as online exclusives, quick patching, and social rewards like achievements. The more reasons there are to buy the game, the less sales are lost to the convenience of piracy.
DarkWalker Feb 18th 2011 3:51PM
"All the while, pirates can play the game without those headaches. We pay $60 for the game and have to put up with a system that basically assumes we're criminals and requires constant verification that we aren't. They pay $0 and can just play the game with no headaches. How is that fair?"
It's often worse, and I blame publisher greed for making it so.
Some games have different exclusive content when bought from different stores; the pirated version often has all those "exclusives", and often is the only way to have the exclusives from different stores, thus tempting even players that wouldn't think about pirating.
Some games have plenty DLC content, sometimes running into hundreds of dollars worth of content; the pirated version often offers the full compliment of DLC content, thus becoming a far more powerful lure for players.
There is also the problem with tiered launch dates and selective availability (which often makes fans in the last places to receive the game willing to get the pirated version for an early look), different versions (which is part of why I didn't get SC2, can't stand the dubbed game and translated UI from the version sold in my country), and so on.
Publishers need to avoid letting rough spots the pirated games can exploit to become more desirable. If the pirated game looks like a good value proposition, even if it was sold for the same price as the original game, something is very wrong.
BB Crisp Feb 18th 2011 4:17PM
@Jeff
All of the same could be said of any store that you walk into. "Extremely draconian measures may succeed in delaying shoplifting for a short while, but they will NEVER prevent it entirely. Thieves will steal. Period. That's a fact, it cannot be changed, and store owners need to come to grips with it." After all, what is the point in putting in all of these security cameras and guards if shoplifters will just figure out ways to compensate? Look for blind spots, find weak areas in security, etc.
Just because thieves will find a way around your security doesn't mean that the security itself is pointless. I have an alarm on my car. Do I think it would stop every potential thief? No, but it'll stop alot of them. And better security stops better thieves, but you can never expect to stop them all. Does that mean you shouldn't even try? A company choosing to completely forgo DRM or other security measures is akin to me never locking my car.
When I'm shopping in a store, I'm distantly aware of the fact that somebody is probably keeping an eye on me, but I deal with it. It's understood that they're watching me not because I'm a criminal, but because I *could* be a criminal. I don't feel like a criminal just because I know they're keeping an eye on me. I take it in stride and go about my business knowing that I'm doing nothing wrong. For them, it's a necessity to have a successful business. And as the article says, a game company can't even recover their losses as a store could. Frontline security is all they have. If I were in their situation, I would do the same.
Starsmore Feb 18th 2011 4:37PM
@BB Crisp
The point is that the "extreme draconian measures" are unnecessary.
That's not a car alarm on your car.
That's someone from the dealer demanding proof of ownership every time you...
a: Turn on the car (start the game)
2: Try to fill up the tank (save the game)
z: Look at the car (you get the idea)
That's buying a stereo from Best Buy, and having the Geek Squad have to come by when you want to turn it on.
This is what the software development industry is forcing upon us in response to piracy, that's what this draconian DRM equates to.
....which is what the pirates simply bypass.
So the argument is still true. The consumer pays $60 to be treated like a criminal.
BB Crisp Feb 18th 2011 4:55PM
I understand that people feel violated when they have to continually go through hoops just to prove that they're a legitimate owner of the software, but what else do you expect a company to do? Just say "oh well" when their software is being stolen and pretend it's not a problem?
I don't buy the whole argument that these security measures are completely pointless. If they were, the companies wouldn't use them. Security costs them time and money that they'd rather not have to spend. If using DRM costs them potential sales, they'd weigh that against the revenue they'd expect to lose by not having DRM. They're not doing it just to piss people off. They're doing it to protect their property and their bottom line. So many people seem to be absolutely convinced that these companies would be better off simply not using these security measures. I'm sure they've already thought of this and I'm sure that they think that idea sucks. If they thought it was doing their sales more harm than good, they obviously wouldn't do it.
cyanea85 Feb 18th 2011 5:49PM
Paradox Entertainment is an excellent example of a company that functions without draconian copy protection.
Registering a copy of the game online allows you access to their forums, their technical support, and their manuals (for none are packed with the games, and Paradox specializes in really complex strategy games that are...pretty difficult to figure out how to play without). Posting on the forums without registering is possible, but you're likely to get ignored by the community without the little icon under your name that says you owe the game.
Jeff Feb 18th 2011 6:48PM
@BB Crisp
Yes, that's exactly what I expect them to do. Anti-piracy measures don't stop anyone, or if they do, it's such a small amount of people as to be completely insubstantial. Big cracking groups do all the heavy lifting making a crack to break the copy protection, and then anyone who wants to pirate the game can do so trivially. Comparisons to physical brick-and-mortar retail don't work. Those measures ARE effective a large percentage of the time.
There is also, of course, the argument about whether or not software piracy even constitutes stealing in the first place. That leads to the argument about whether or not pirates would pay money for the game if they couldn't pirate it, and if the answer is no, does piracy constitute a lost sale? Software is digital, there are infinite copies. This is not true for physical goods in a store, so the two paradigms cannot be compared in any way.
I most definitely believe piracy is wrong and I do not support it one iota. Claiming it to be the same as stealing from a store or stealing a car though is fallacious.
Moreover, the fact remains that pirates have an infinitely easier time of it than legitimate consumers. If there was any data whatsoever to suggest that restrictive copy protection has any impact on piracy, it would make sense. But that data does not exist. In actuality, what little data there is might even suggest that the reverse is true: Strict copy protection could INCREASE piracy, either by driving would-be buyers away, or simply by irritating the cracking groups enough that they see it as a challenge. Take StarForce, a DRM solution implemented by several publishers (Most notably Ubisoft, notice a pattern there?) about 5-6 years ago. It was easily the most aggressive DRM solution yet, with legitimate purchasers of PC games like King Kong actually experiencing real, often irreversible damage to their CD/DVD drives as a result of StarForce. The pirates? They cracked StarForce after a few days and played the games without issue. This is an unusually extreme example, but it happened nonetheless.
Basically, by instituting these kinds of aggressive DRM solutions, publishers are operating under a "Guilty until proven innocent" type of thinking. In some cases, that's not even correct. In Ubisoft's case, it's more of a "Guilty whenever we aren't watching" situation.
I am very firmly of the belief that a AAA game with zero copy protection would sell just as well as it might with strict protection, if not better. I know I would be more inclined to buy a given game if I knew I didn't have a limited number of installs, or if I didn't have to be connected to the internet 100% of the time, etc. etc.
If publishers are hellbent on instituting some kind of copy protection, then the way they do it right now is absolutely not the right way. Right now, there is only incentive to pirate the game. You get a better experience with no strings attached. How about a system that offers incentive for playing a legitimate copy? BioWare tried something like this last year, with their Cerberus Network. Legitimate buyers of the game were given a code that would allow them to access a continually updated network of free extra content online, not available to players who didn't have such a code. This system in particular saw little use outside of a handful of weapons and a single mission pack, but the principle is sound.
Jake Feb 18th 2011 1:28PM
Then again, it's EA.
Dok Feb 18th 2011 1:29PM
I think Blizzard's use of battle.net for single player mode capable games is over the line. The reason I do not own SC2 is I will not support having to login and request "permission" to play the game. Sadly the people most effected by this are paying customers. Once the game is hacked to bypass the "login feature" then the only ones who suffer are the people who paid.
There is no reason I should need to connect to the Internet to launch a single player game after spending money on it. What if my Internet is out? I decide I can't afford Internet anymore and cancel it? Warcraft (World of) is only useful in the multiplayer sense so I have no issue there.
elvendude Feb 18th 2011 1:52PM
You don't actually have to log in to play Starcraft 2. You just use the guest feature. You don't get all the features if you don't log in (namely, achievements), but you do get the full single player game. Since achievements are my very nature social...I feel ok with that.
elvendude Feb 18th 2011 1:54PM
*by very nature. (WTB edit button and a real comment system.)
Also, just to reconfirm: Starcraft 2 is what I played during the week I was moving and had no internet at all. It is very much playable without an internet connection.
woshiernog Feb 18th 2011 2:29PM
You don't have to log in to play SC2. You just can't get get credit for epe- achievements. That would suck if you lost internet connection and wanted to play. That actually happened to me, but I still played and I figured if I really cared, I could get those achievements again.
onetrueping Feb 18th 2011 2:41PM
The way that Blizzard implemented SC2 is actually almost perfect. You have features you only get with a legitimate copy of the game, without requiring ridiculous DRM measures for those who would not like their computers bogged down. There is no real reason for downloading a pirated version, because the paid version has no drawbacks and multiple perks. Any sales "lost" to piracy were never going to be there in the first place.
Dok Feb 21st 2011 7:09AM
I guess I only have experience playing the SC2 beta so I had nothing more to base my opinion on. As long as single player mode doesn't require an Internet connection (or regular check-ins to verify I own the game) then I don't mind. I still think the legitimate resale market is the target of account based games though.