Edward Castranova, best known for his work on economics on massive multiplayer online games write to his mailing list:
The Black Hat conference of computer security professionals, taking place in Las Vegas next week, sponsors a moot court called Hacker Court. This year, Hacker Court will try the case of a man accused of hacking into a MMOG server and destroying another player's digital gear. If prosecution can show that the damage exceeds $5000, it is a US felony.
Prosecution is being handled by Richard Salgado of the US Department of Justice. I will be testifying as an expert witness on valuation issues. An actual Federal judge will be presiding. The verdict might become an important historical marker in humans' migration into the machine.
More detail is available from the Black Hat Conference pages.
This is pretty neat. Hacking for money, identity-theft or banking transfers have gotten to be pretty routine work for real-world prosecutors and investigators. However, this is a different case because of 3 reasons:
- It is difficult to gauge the real value of the property allegedly destroyed. The main market for the this kind of stuff is on eBay, where it runs between 3 and 4 million dollars per year (courtesy of Julian Dibbell here and here). However, it is not at all clear that this is a real value to either the owner or the thief. In "our" world we establish value by following general valuations based on "real" market values and often add-on sentimental and historical value to the objects. It is unclear how to value items that someone acquired in a virtual game. Still, I do not think this is the most difficult issue. A fine in US currency could be used to repurchase all of this objects on an active eBay or some other market for Ultima Online (or some other online world). It has been established that destroying someone's information electronically is taken as destruction rather than a harmless prank.
- It is not really clear why a complain to the company that runs the game could not just result in restatement of this property. This is different from deletion of personal/company information by a hacker because it is possible to reinstate the user to a known state with relatively minimal effort. However, this is not all that different from catching an unauthorized fun transfer and reversing it. Whenever such a perpetrator is apprehended the punishment is primarily punitive (if funds were recovered) since there is not a particularly lasting result. I think that is pretty good parallel to base this aspect of the case on. Yes the victim can get property reinstated, but this is the kind of behaviour that we would like to punish, hence the trial and possible punitive damages.
On the other hand there used to be no laws for committing electronic-based crimes. Prosecutors argued and judges upheld parallels between such crimes and there purely physical counterparts. Stealing is stealing is stealing was the basic conclusion.
After some consideration I cannot see how this case is really different from any other hacking case. A user breaks into a server and destroys some information. Whether that information is easily re-instated is quite irrelevant. We can fairly easily value this gear based on an active market for such things and make the defendant pay to acquire it. The mental anguish of the victim can be evaluated based on valuations for all other things that hold emotional value - we do not hold that someone stealing a family photograph has committed a smaller crime than someone stealing an Ansel Adams masterpiece. There is certainly an novelty aspect to this, but I do not think it is such a difficult legal case. If anyone who reads this has a different, or more educated opinion, I would be happy to hear it.