Although Pokémon Go’s popularity continues to wane, the mobile game’s recent battle with PokéVision – the third-party Pokémon locator site – provides us with an important lesson on how the “game hack” can be a major threat to a game developers’ business and a high risk endeavor with significant legal consequences for game hack developers.
The innocent cheat codes of the Nintendo 64 era are child’s play compared to the highly sophisticated bots and game hacks of today’s mobile and online gaming era. Technology has revolutionized not only the way we play but how companies monetize and legally protect those games. This tectonic shift in the gaming business model provides game developers with more ways to assert their legal rights over game hack developers. In 1996, we definitely were not clicking “I agree” to lengthy terms of service before coasting down Rainbow Road and slinging banana peels on Mario Kart 64.
Historically, gameplay was finite and not nearly as manipulable as it is today. This meant that cheat codes came from users who beat a console game and shared their discoveries with others so that they could beat the game in record time. But today, game hacks are no longer based on sharing the fruits of the human experience. Rather, bots are creating superhuman results that manipulate game play, often at the expense of the game developer and to the financial benefit of the game hack creator. These bots are often based on the game developer’s API, violate the original game’s terms of service, and sometimes even use the game developer’s protected intellectual property in order to attract potential customers.
For those considering making a living out of creating “game hacks” – proceed with caution. Creating a game hack exposes creators to significant legal risks. Recent lawsuits show that one simple game hack bot for a game with a monthly service fee can yield a lawsuit with over a dozen viable legal claims and the potential to permanently shut down the “game hack” business.
In 2013 in Blizzard Entm’t Inc. v. Ceiling Fan Software LLC, the court issued a permanent injunction against Ceiling Fan Software’s World of Warcraft bot software that allowed users to engage in superhuman game play and exploit the game on the basis that Ceiling Fan Software violated Blizzard Entertainment’s World of Warcraft terms of service. Since the Blizzard case, a number of other lawsuits have been filed against “game hack” creators. Although the outcome of these cases is yet to be determined, one thing is clear: courts can, and will, shut down a game hack business that violates a game developer’s rights.
Now of course, classic gamers may be wondering how companies such as Galoob, maker of the “game enhancement” cartridge Game Genie for Nintendo Entertainment System (NES), legally manipulated game play in ways that seem similar to today’s hacks that are yielding lawsuits. Although the Game Genie allowed players to achieve superhuman capabilities not granted by regular game play (e.g., extra lives), the gaming business model in the 1990s was that of the cartridge and console. In other words, no terms of service, no player to player game play beyond the four allotted controllers, and no monthly service fees. Once the cartridge was purchased, hacks such as the Game Genie did not impact the game developer’s bottom line the way they do in today’s monthly subscription model where frustrated users stop playing the game (and paying the monthly fee) when they cannot compete with superhuman bots. The cartridge and console business model greatly limited game developer’s causes of action in a lawsuit – evidenced by the copyright infringement case Nintendo eventually filed, and lost, against Galoob. The modern gaming business model opens up a variety of causes of actions from breach of contract, to fraud, to violations of the Computer Fraud and Abuse Act.
So what are the common denominators for the types of “game hacks” that lead to a full blown lawsuit in today’s gaming world, versus a stern talking to? The short answer: when the hack or cheat undermines the game and its users in such a way that significantly impacts the creator’s business and game play, do not be surprised if you are served with a complaint. Reocurring themes in the recently filed “game hack” lawsuits include cheats or hacks where:
- The bot mimics human activity in order to deceive the game developer’s software, typically in a way that yields an abnormal outcome.
- Human players are undermined by a bot’s antics, causing players to stop using, and paying for, the game.
- The game developer’s intellectual property is being misappropriated (e.g., using trademarked terms in a domain name, reproducing game logos and/or screenshots)
- Game developers expend significant money to combat the bot’s interference. This includes increasing server capacity to accommodate strain on servers from the bot, identifying which players are using bots, and designing around the bots.
- The hacker websites convey no remorse for their disruption of game play and admit they are violating the terms of service.
And so, for those who want to create a “game hack” but do not want to be hailed into court, the less risky approach is to throw back to the original cheat code model: base it on the human experience. Although Niantic pulled the plug on PokéVision, other apps such as Poke Radar still exist notably because the tracking mechanism is based on user reports of Pokémon sightings – much like the cheat codes of the past where a user would share what he or she observed so that other users could find similar success.
But even this approach does not give you a guaranteed pass. Always be mindful of whether your “hack” – no matter how seemingly innocent – violates the game’s terms of service or the game developers intellectual property. No approach is full-proof, and developers should always consider conferring with counsel before proceeding with developing a game hack. Never underestimate the value of a lawyer power up.
Gabriella E. Ziccarelli is an intellectual property attorney at Blank Rome LLP in Washington, D.C., with previous experience working in-house at tech companies in Silicon Valley; her email is firstname.lastname@example.org.