Monday, February 4, 2008

February Update

Nothing much new to report here, but I will review the situation discussed in November, and relate a recent news article to the situation.

First things first. Blizzard has not yet changed the Warden since November, and the vulnerability described on this blog has not yet been exploited. It may never happen, but the possibility remains that a violation of privacy or something even worse could be injected with or without the company's knowledge (Blizzard would most assuredly argue against the possibility that it could happen without the company's knowledge, but as they say, where there's a will there's a way). But, they are certainly building confidence with the lack of changes for a few months. This still leaves the case open that I've brought up before, being that they may be going easy on Warden with the realization that it's only so effective while the community is keeping a watchful eye on it, and relying instead on measures that the community cannot so easily read.

Now, before I continue on to the news article, I want to stress that Warden is not a mechanism that protects Blizzard's copyright -- though they would like to make the argument against this as well (and are making this argument in MDY Industries, LLC v Blizzard). What Warden does is scan for various hacks and cheats, usage of which may cause them to take action against your account and remove access to their service (as per the EULA and Terms of Use), but does not constitute a copyright violation. The copyright is protected by their account system, which enforces that a legitimate copy of the game is being used to play on their servers (a concept proven in Blizzard v BnetD).

With that in mind, the article I want to mention, "Just say no to intrusive DRM" is about the Privacy Commissioner of Canada, Jennifer Stoddart. On January 18, 2008, Stoddart sent a public letter to the Canadian Minister of Industry "with respect to possible amendments to the Copyright Act." One of the fears specifically mentioned is essentially the same thing I mentioned here in November:

"Even if users do find out (and object), they wouldn't be able to strip the DRM or circumvent it because Prentice's bill will reportedly contain US-style anti-circumvention provisions."
What they're saying boils down to this: If Blizzard is somehow successful in court making the argument that Warden is copyright protection technology protected by the DMCA, then not only would I be criminalized as a Warden researcher providing anti-Warden technology, but the privacy rights of World of Warcraft players would be exploitable. In terms that the average MMO player should recognize, this could turn the tables from players using leet sploits to gain an in-game advantage, to the publisher using leet sploits to again a real life advantage, and this would be far more dangerous. Regardless of whether Warden itself is protected by the DMCA, the Privacy Commissioner is trying to prevent this sort of thing from happening by making sure protection of privacy trumps protection of Digital Rights Management.

So I will reiterate my earlier statements that transparency in Warden technology should be kept, so that privacy can be legitimately ensured by researchers like myself and the others that keep tabs on Warden. I'll also say one more time that Warden is not copyright protection technology, and it would be very detrimental should Blizzard prevail on that argument, and I'm afraid of the scope of the damage that would be done to the general software industry as a result.

But, like I said before, I don't necessarily think it's Blizzard we need to be afraid of. This type of thing could open the doors, just for example, for a nefarious organization to pose as a legitimate MMORPG provider and even create and maintain a real game, as a front for spyware that they could protect under the DMCA, for completely unrelated purposes. I'm not one to support conspiracy theories in general, but I believe that day is coming whether any of us like it or not. Why? Because it would work, because organizations have been doing it in other industries for years, because it could be immensely profitable, because many players will call the mere mention of the idea bullshit and voice support for the currently hypothetical organization... it's only a matter of time.