Do Not Feed The Troll – Online Property Destruction, Murder, and the CFAA

This blog has previously addressed the concepts of online vandalism through the posting of obscene material, and online assault, that is the act of making a user fear for the virtual safety of their avatar. But what about the outright destruction of property or avatar existence? Are there laws governing griefer’s behavior when it results in online destruction?

When a griefer intentionally and directly causes the destruction of objects in an online environment such as Second Life, they avail themselves of the Computer Fraud and Abuse Act. The Act has been previously addressed in this blog, but to reiterate the pertinent portion of the CFAA:

“[Whoever –] (5)(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer . . . shall be punished as provided in subsection (c) of this section.”

Subsection (c) of the CFAA goes on to provide for fines and in imprisonment if the law is violated. The imprisonment time ranges up to 5 years for violations of section (5)(a).

Under the wording of a law, if a griefer accesses an online environment such as Second Life and proceeds to destroy the creations or data of other users or Linden Labs, they stand to be prosecuted under the law. Clearly pursuit of griefers under the law does not happen often, or griefers would be more rare of a breed of computer abusers, like the hackers that the law was intended to target in the first place.

Analogs to the CFAA also exist in other countries and can be used to prosecute griefer related crimes. Take for example the story of the Japanese woman who virtually “murdered” another user’s avatar after their avatars were virtually divorced. Using the other users login information, she proceeded to delete his account in its entirety: http://cyb3rcrim3.blogspot.com/2008/10/virtual-divorce-virtual-murder.html The Japanese law the woman violated is known as the “Unauthorized Computer Access Law” Law No. 128 of 1999. In pertinent part, the law states:

“Article 3
2. The act of unauthorized computer access mentioned in the preceding paragraph means an act that falls under one of the following items:
(1) An act of making available a specific use which is restricted by an access control function by making in operation a specific computer having that access control function through inputting into that specific computer, via telecommunication line, another person’s identification code for that access control function (to exclude such acts conducted by the access administrator who has added the access control function concerned, or conducted with the approval of the access administrator concerned or of the authorized user for that identification code);
(2) An act of making available a restricted specific use by making in operation a specific computer having that access control function through inputting into it, via telecommunication line, any information (excluding an identification code) or command that can evade the restrictions placed by that access control function on that specific use (to exclude such acts conducted by the access administrator who has added the access control function concerned, or conducted with the approval of the access administrator concerned; the same shall apply in the following item);” http://www.npa.go.jp/cyber/english/legislation/ucalaw.html

The wording of the law is somewhat confused due to the provisional translation available at the website, but in this case the woman was prosecuted for what amounted to simply logging in as her virtual ex-husband in order to delete his account. Were she to be American, the woman could likely have been found to have violated the CFAA due to her destruction of the other users online property.

Another factor to consider regarding griefing violations under the law involves a less direct means of economic and property destruction within online environments. Before some of the object builder functionality was limited in Second Life, users were able to create self-replicating objects that could fill a server at an exponential rate. This growth would eventually cause the server to collapse under the system load created by the objects. http://www.theregister.co.uk/2006/11/24/secondlife_greygoo_attack/

As Second Life functions as a marketplace for many users, this sort of server crash would result in certain financial loss but individuals who rely upon Second Life for income, a sort of virtual world equivalent to shutting down a shopping mall. This economic loss could also be prosecuted under the CFAA.

The CFAA could be used extensively to fight griefing in online environments, at least those griefing acts that result in the destruction of economic property. That it is not lends to the fact that apathy is high in the virtual community and many users still do not view virtual property the same way as real world possessions. Perhaps as modern life becomes more integrated into virtual worlds this viewpoint will change.

Advertisements

~ by scottyufl on December 9, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: