All’s Fair in Love and WoW: Virtual Theft May Elude Real Life Prosecution
As we have consistently seen this semester, the real world is struggling to adapt and solve virtual issues. As virtual currency and virtual businesses thrive, so too has the occurrence of virtual theft, fraud and embezzlement. This post will examine not only how the global legal system has reacted to these virtual crimes, but will also look towards morality issues that exist solely in the context of MMO player on player theft.
Phishing scams on the internet are nothing new; many of us have known someone whose credit card information or identities were stolen through these types of malicious websites or simply clicking on a sketchy e-mail. With the surge in popularity of gaming and social networking sites (including every parent’s worst nightmare Habbo Hotel) hackers were able to change up their routine. By creating fake webpages that induced Habbo users to input their account information and passwords, the scammers were then able to access these accounts and separate users from their virtual property. Finnish police launched an official investigation in 2010 when user’s reported over €1000 of property lost, specifically virtual furniture which had been purchased or created by Habbo Hotel users.
Unlike phishing scams of the days of yore, which targeted easily quantifiable data like bank accounts and credit cards, virtual property unleashes a rash of new issues. The problem lies in the nature of the property stolen and as to whether or not that virtual property had real world value which may demand traditional tort recourse. For other players globally, the law normally provides no avenue of recourse for these types of thefts. Illustrative of so many users’ stories is Final Fantasy player Geoff Luurs experience when over $4,000 of his virtual currency and gods were stolen overnight. Even though the victim provided police with a probable lead as to who the perpetrator was, a friend who of Luurs, police refused to investigate the incident in any way. Instead investigators simply told the victim “[virtual items] are devoid of monetary value,” and therefore no crime had actually been committed against him. Putting aside the valuation issue for a moment, some argue treating virtual thefts as real world thefts would cause unnecessary strain on police. However, this argument falls flat because either theft of virtual property is a crime or it is not. The penile code doesn’t fluctuate based on how many law enforcement officers are available that weekend.
When faced with these kind of tacit dismissals of the wrongs which have been carried out against you, combined with the already devastating loss of an item which may have taken a player countless hours and days to obtain, it’s easy to see the frustration and fatalist mindset an individual in this position might have. Enter the Dragon Sword: a valuable ancient sword from the game Legends of Mir 3. This sword was loaned by one player to his friend on a temporary basis, but instead of returning the sword the borrower sold it on e-bay for a real world profit of about $870. Enraged, the player who had originally obtained the sword through painstaking gameplay attempted to file a police report with the Shanghai police, at which time the police told the victim that “no crime had been committed as there was no concrete evidence that could be presented.” Without any legitimate or lawful recourse available, the victim-turned-vigilante murdered his former friend over the virtual stolen sword.
One of the only cases in which real world prosecution came from a virtual theft was in a 2012 case in the Netherlands, which was ultimately upheld by the Dutch Supreme Court. However, before jumping to the conclusion that legitimate legal precedent has been set, it is important to look at the extremely sympathetic facts of the case and the paralleled real-world crime that was occurring during the virtual theft. The case involved a 13 year old boy who was beaten until he succumbed to the attackers demands: drop valuable items he had obtained in Rune Scape so that another player (one of the attackers) could pick them up.  It’s this real-world conduct that parallel the attack which both causes alarm and provides distinguishable grounds upon which other courts may rely in continuing to dismiss virtual theft.
Nevertheless, the Dutch Supreme Court did note the “virtual objects had an intrinsic value to the 13-year-old gamer because of ‘the time and energy he invested’ in winning them while playing the game.” Although imperfect at best, this tiny recognition by a high court does weigh in favor of those gamers who are without recourse in redressing the wrongs that have been done to them. This idea that virtual objects have value should not be a foreign or novel object. For instance, think about any type of collection or antiques; a painting doesn’t have true monetary value, no collection of goods does. Rather it has value because we give it value, because a collector values it based on its scarcity and would be willing to pay X amount for it. We impute intrinsic value into tangible real-world goods all the time. Should virtual goods be any different? Particularly when people are willing to lie, cheat, steal and even murder for them?
Yet even if society at large were willing to recognize a quantifiable value of virtual objects obtained in video games, should the virtual “theft” be categorized as such? Obviously not all cases are as clear cut as the Dutch case, but when there is no real world violence that supports the contention a crime has committed, should these acts be more readily defined as simple game play? In baseball, players “steal” bases all the time. This idea becomes all the more powerful when considered in the context of an MMO, where the defining nature of the game is to envelop oneself in a character and fantasy world so unlike the real world that traditional limitations no longer exist. Think no further than SWTOR; players have the option of playing as a Sith warrior, where evil choices are not only encouraged by required! If the MO of these games is to completely submerse oneself in an alternate reality, then how can developers or courts dictate proper online conduct that is in line with the character’s motivation?
The key issue is drawing the line between double crossing your enemy as part of the online game, and a real world crime. Should we hold the real world person reliable for something they did in the game under their gaming persona? Certainly the answer should be no. Consequently, Robert Carli of MIT’s Department of Electrical Engineering and Computer Science suggests that virtual property-based torts should take into account the world in which the player was playing in. However, it is my opinion that given the court’s lack of knowledge base in the virtual context this would be an unworkable option in practice. This past week, a sitting federal judge asked me what a blog was during an oral argument and then proceeded to analogize it to a cow dressed as a bison? To say the courts are unprepared to do a case-by-case analysis on the morality of game play in an MMO is an understatement. Furthermore, taking this idea to its ultimate conclusion, how would a court determine that it is without moral culpability for a “good” character to kill another inside the game but that stealing a player’s sword has gone too far?
Carli also suggests putting the onus on developers to provide more stringent rules on what is acceptable and unacceptable behavior inside their own game. Thinking back to the pornography discussion last week, particularly how some fields are able to be free of government regulation if they prove they are able to self-regulate, this idea may be better suited for the gaming community than giving free reign over to the courts decide what is and is not acceptable game play. As it stands, developers licensing agreements have only a broad ban on selling virtual objects obtained in the game for real world profit stating that in-game objects have no value.
However, these arguments and justifications do not apply universally. The standards which apply to constructs like Second Life are wholly different than the mythical worlds of WoW and Eve Online. SL was based on the concept that players could make a real world profit since the virtual money could be freely exchanged for real world currency based on a “market-determined floating rate.” As such Second Life is holding itself out as a sound business opportunity rather than a game whose sole purpose is entertainment and any money lost could be attributed as a cost of that entertainment. These fundamental differences, a focus on property trade rather than immersion in total fantasy, mean different player objectives and different standards regarding “socially” acceptable conduct. Thus, a theft in SL should be recognized as a virtual theft based on the standards with which the community imputes into the environment.
Similarly, a theft targeting Bitcoin—virtual currency with an exact, easily calculable real world exchange rate—should also have real world consequences. When an attacker compromised a Bitcoin user’s account, liquidating half a million dollars’ worth of assets in a firesale, this conduct was not more gameplay but a real-world theft. Bitcoin (BTC) began as a hacker-lead project to create an untraceable virtual currency that requires no central authority to keep up with auditing, or tracking, the money. Due to the dollar to BTC ratio ($18 in 2011) and the anonymity which defines BTC, the opportunity for fraud was ripe. The user, who had amassed 25,000 BTC, simply woke up one morning to find his account wiped and that the stolen BTC had already been transferred into real world currency (via Mt. Gox). Regardless of whether or not the BTC had been redeemed for cash, the anonymous user would have been unable to get the virtual currency back as BTC transactions are untraceable and irreversible. Consequently, “technically-minded” criminals are seeing BTC as a safe alternative to traditional forms of robbery. It’s tantamount to a bank vault with no live guards, no security cameras and no way to trace the cash.
But what about when these two avenues of thinking cross? When traditional ideas of embezzlement occur with virtual currency that was stolen by a user of an MMO? This was precisely the case when the CEO of Eve Online was caught essentially red-handed embezzling online credits (about $5100) from game depositors in order to pay his real world medical bills. Although this incident occurred in the context of an MMO it was not in the process of actual game play. Instead, the offender ran an in-game bank which took deposits for interstellar credits. Thus, one would think this conduct should be considered traditional embezzlement. Nevertheless, no prosecution or any attempts at prosecution were made. Instead the company fell back on the “game-play” theory, stating simply, “[y]ou are able to lose the things you have created. That’s what makes the world interesting.”
What’s concerning is the prevalence with which these virtual currencies are permeating our society and the lack of redress options available to those who have been cheated in the virtual world. Even non-gamers rely on virtual currency in the form of airline miles, credit card points, etc. Meaning that the possibilities are endless when hackers compromise companies like Microsoft, whose points can be redeemed for almost anything the heart desires. In the future, developers and smart business owners who intend to use virtual currency should be encouraged to make use of programs which prevent chargebacks, virtual asset theft, gold farming, code hacking and account takeovers, by identifying devices and shares their reputation including alerting businesses to real-time risk.
 Id. The term “phishing” is a play on words, making use of the fact that the scammers go fishing for information by way of fake webpages and essentially just wait for a user to bite—giving up valuable account information.
 Earnest Cavalli, Police Refuse to Aide in Virtual Theft Case, WIRED, Feb. 4, 2008, available at http://www.wired.com/gamelife/2008/02/police-refuse-t/.
 Roberto Carli, The Sword, the Thief and the EULA: a Virtual Property Crisis in Online Videogames, Massachusetts Institute of Technology (Dec. 1, 2007), available at http://groups.csail.mit.edu/mac/classes/6.805/student-papers/fall07-papers/games-property.pdf.
 Id. at 3.
 Online Game Theft Earns Real-World Conviction, The Telegraph (Feb. 1, 2012), available at http://www.telegraph.co.uk/technology/video-games/9053870/Online-game-theft-earns-real-world-conviction.html.
 See Cavalli supra 3. If the real issue hinges on people’s definition of “monetary value,” then what explains the dichotomy between acceptance of imputing value to tangible goods based on scarcity and value and using that same schema to impute value to virtual goods? Rather it may be society’s hang ups with legitimizing virtual economies altogether despite their widespread popularity.
 See Carli supra note 5.”The ability to become a different person and explore a different world is the defining characteristic of role-playing games.”
 See World of Warcraft’s EULA: “All title, ownership rights and intellectual property rights in and to the Game and all copies thereof (including without limitation any titles, computer code, themes, objects, characters, character names, stories, dialog, catch phrases, locations, concepts, artwork, character inventories, structural or landscape designs, animations, sounds, musical compositions and recordings, audio-visual effects, storylines, character likenesses, methods of operation, moral rights, and any related documentation) are owned or licensed by Blizzard. The Game is protected by the copyright laws of the United States, international treaties and conventions, and other laws. The Game may contain materials licensed by third parties, and the licensors of those materials may enforce their rights in the event of any violation of this License Agreement.” Id.
 Id. A market-determined floating rate is one that is stable and easily quantifiable, which goes to the sound business nature rather than purely entertainment value.
 Computers participating in the project must solve complex math problems and in turn earn Bitcoins, limiting the amount of currency in the circulation to those earned by these computers. The number of coins rewards as a result halves every four years to reduce hyperinflation and will max out at 21,000,000. Bitcoin Virtual Currency Suffers $500,000 Theft, ITProPortal (June 15, 2011), available at http://www.itproportal.com/2011/06/15/bitcoin-virtual-currency-suffers-500000-theft/.
 Timothy B. Lee, Hacker Steals $250K in Bitcoins from Onlice Exchange Floor, ArsTechnica (Sept. 4, 2012), available at http://arstechnica.com/tech-policy/2012/09/hacker-steals-250k-in-bitcoins-from-online-exchange-bitfloor/.
 Paul Smalera, Bank Theft Highlights Downside of Virtual Currencies, Business Insider (July 2, 2009), available at http://www.businessinsider.com/first-virtual-bank-fraud-ceo-steals-virtual-deposits-trades-for-real-cash-2009-7.
 Eyjolfur Gudmundsson, an economics adviser to CCP. Id.
 Robert Siciliano, Hackers Go After Points, Credits, and Virtual Currency, Infosec Island (April 25, 2011), available at http://infosecisland.com/blogview/13172-Hackers-Go-After-Points-Credits-and-Virtual-Currency.html.