Donna Wentworth
( Archive | Home | Technorati Profile)

Ernest Miller
( Archive | Home )

Elizabeth Rader
( Archive | Home )

Jason Schultz
( Archive | Home )

Wendy Seltzer
( Archive | Home | Technorati Profile )

Aaron Swartz
( Archive | Home )

Alan Wexelblat
( Archive | Home )

About this weblog
Here we'll explore the nexus of legal rulings, Capitol Hill policy-making, technical standards development, and technological innovation that creates -- and will recreate -- the networked world as we know it. Among the topics we'll touch on: intellectual property conflicts, technical architecture and innovation, the evolution of copyright, private vs. public interests in Net policy-making, lobbying and the law, and more.

Disclaimer: the opinions expressed in this weblog are those of the authors and not of their respective institutions.

What Does "Copyfight" Mean?

Copyfight, the Solo Years: April 2002-March 2004

a Typical Joe
Academic Copyright
Jack Balkin
John Perry Barlow
Blogbook IP
David Bollier
James Boyle
Robert Boynton
Brad Ideas
Ren Bucholz
Cabalamat: Digital Rights
Cinema Minima
Consensus @ Lawyerpoint
Copyfighter's Musings
Copyright Readings
CopyrightWatch Canada
Susan Crawford
Walt Crawford
Creative Commons
Cruelty to Analog
Culture Cat
Deep Links
Derivative Work
Julian Dibbell
Digital Copyright Canada
Displacement of Concepts
Downhill Battle
Exploded Library
Bret Fausett
Edward Felten - Freedom to Tinker
Edward Felten - Dashlog
Frank Field
Seth Finkelstein
Brian Flemming
Frankston, Reed
Free Culture
Free Range Librarian
Michael Froomkin
Michael Geist
Michael Geist's BNA News
Dan Gillmor
Mike Godwin
Joe Gratz
James Grimmelmann
Groklaw News
Matt Haughey
Erik J. Heels
Induce Act blog
Inter Alia
IP & Social Justice
IPac blog
Joi Ito
Jon Johansen
JD Lasica
Legal Theory Blog
Lenz Blog
Larry Lessig
Jessica Litman
James Love
Alex Macgillivray
Madisonian Theory
Maison Bisson
Kevin Marks
Tim Marman
Matt Rolls a Hoover
Mary Minow
Declan McCullagh
Eben Moglen
Dan Moniz
Danny O'Brien
Open Access
Open Codex
John Palfrey
Chris Palmer
Promote the Progress
PK News
PVR Blog
Eric Raymond
Joseph Reagle
Recording Industry vs. the People
Lisa Rein
Thomas Roessler
Seth Schoen
Doc Searls
Seb's Open Research
Shifted Librarian
Doug Simpson
Stay Free! Daily
Sarah Stirland
Swarthmore Coalition
Tech Law Advisor
Technology Liberation Front
Siva Vaidhyanathan
Vertical Hold
Kim Weatherall
David Weinberger
Matthew Yglesias

Timothy Armstrong
Bag and Baggage
Charles Bailey
Beltway Blogroll
Between Lawyers
Blawg Channel
Chief Blogging Officer
Drew Clark
Chris Cohen
Crooked Timber
Daily Whirl
Dead Parrots Society
Delaware Law Office
J. Bradford DeLong
Betsy Devine
Ben Edelman
Ernie the Attorney
How Appealing
Industry Standard
IP Democracy
IP Watch
Dennis Kennedy
Rick Klau
Wendy Koslow
Elizabeth L. Lawley
Jerry Lawson
Legal Reader
Likelihood of Confusion
Chris Locke
Derek Lowe
MIT Tech Review
Paper Chase
Frank Paynter
Scott Rosenberg
Scrivener's Error
Jeneane Sessum
Silent Lucidity
Smart Mobs
Trademark Blog
Eugene Volokh
Kevin Werbach

Berkman @ Harvard
Chilling Effects
CIS @ Stanford
Copyright Reform
Creative Commons
Global Internet Proj.
Info Commons
IP Justice
ISP @ Yale
NY for Fair Use
Open Content
Public Knowledge
Shidler Center @ UW
Tech Center @ GMU
U. Maine Tech Law Center
US Copyright Office
US Dept. of Justice
US Patent Office

In the Pipeline: Don't miss Derek Lowe's excellent commentary on drug discovery and the pharma industry in general at In the Pipeline


« DRM Is Not a Contract, Part II | Main | Delicious »

October 14, 2005

I Spy With My Little EULA

Email This Entry

Posted by

You may recall that Blizzard is the videogame company that sued three software programmers for creating BnetD, a free, open source program that allowed gamers to play games they purchased with others on the platform of their choice. Blizzard claimed that the programmers violated several parts of the company's End User Licensing Agreement (EULA), including a provision on reverse-engineering. But it turns out that's not all that Blizzard's lawyers have inserted in the fine print. As Bruce Schneier reports, the company is also using its Terms of Use agreements to justify spying on gamers' computers.

Writes Greg Hoglund, co-author of Exploiting Software, How to Break Code:

I watched the [software] warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time. ...[The scanning] certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers.

As Schneier says, this is truly scary stuff. Yet even a few of the security-savvy readers at Schneier's weblog are downplaying its significance. Why? Annalee Newitz has a theory that rings true to me: people think of routine spying as normal.

Do you realize the government would have to have a warrant to get the kind of information Blizzard claims it has the right to suck out of your computer to stop cheaters? Doesn't that seem a wee bit wrong?

In a normal world, a sane world, people would be boycotting Blizzard for having the nerve to look through their kids' hard drives. They'd stop playing Blizzard games online and stick to LAN parties, where a bunch of people network their computers together for a group game that circumvents the Internet.

I think fans are still flocking to for two basic reasons. One, most probably don't realize Warden is spying on them (it's hard to blame them for not reading all the way through the stultifying terms-of-use page). And two, they've convinced themselves that surveillance is normal. Sure, games are supposed to be entertainment, but in reality they're just compressed, contained reflections of our everyday lives. It should be no surprise that, in an era when Americans submit to having their bags searched on the subway to get to work, they are willing to let corporations riffle through the entire contents of their personal computers so they can have a little fun.

If word gets out about this, it will no doubt register with more people that they need to read their EULAs, but the problem is much bigger than that. How many more of our rights will courts allow companies to click-wrap away? And how do we stop digital era privacy norms developing that let people accept things like the government demanding that ISPs and VoIP providers make Internet surveillance (even) easier, while claiming it has the right to turn our cell phones into location-tracking devices?

Comments (10) + TrackBacks (2) | Category: Privacy


1. Annalee on October 14, 2005 1:29 PM writes...

Speaking of weird things that we allow software companies to do to us, it looks like the latest version of Symantec's anti-virus software is nuking PSP hacks if it finds them on your PC. I hope somebody will investigate this.

Permalink to Comment

2. Randy on October 14, 2005 2:20 PM writes...

Show us proof. Some guy saying, I saw this, I saw that doesn't mean a thing. Sniffers have this feature called "logging". They produce, you guessed it, logs. Post some of these logs and we'll start to believe what you're saying. Otherwise, we'll just mark you down as someone stupid enough to name Office documents after account numbers and use financial institutions that put your SSN in post data.

Permalink to Comment

3. Italo Leonardo on October 14, 2005 4:22 PM writes...

They allow that I enter in this to talk, saying that close to the technological barbarity that is committed here in Brazil, where we have that to be "specialists" so that let us can identify the false products, of bad quality. E worse, is that we do not have nor where to complain.

Surely the exceptions exist.

Hasta Hotra!!!

Permalink to Comment

4. Seth Finkelstein on October 14, 2005 6:17 PM writes...

I've often said that the DMCA imposes requirements that would have people screaming in other contexts. The de facto ISP registration (for safe harbor from legal liability) would draw howls of outrage if the reason was "National Security".

But for "contract", we can be Bill Gates' towel boy

Permalink to Comment

5. Thumpah on October 14, 2005 10:25 PM writes...

Not only is Greg at least 3 to 4 months late to the party (Blizzard had full disclosure of this software on their official forums. The thread is still sticky, and is prominently displayed), but Annalee decided to throw fuel on the fire by taking her Chicken Little routine to her son, who has never played World of Warcraft, and has no idea of what this software does.

Please don't continue to spread this panic. Please let the level heads have their say. I'm seriously concerned now that this viral idiocy has spread to Pretty soon, the meatheads in the mainstream press will get hold of it, and finally someone in the Senate will start another stump speech about the evil of video games.

Permalink to Comment

6. drwex on October 15, 2005 8:12 AM writes...

So let's say it's true. Blizzard is spying on me. (Yes, me, I play those games and I'm talking about myself here.) Why don't I boycott Blizzard for this behavior? Value received and lack of comparable alternatives, I think.

I like playing these games. I have investments in the time and relationships built up within them. The ideal situation would be one in which I didn't have to trade off my privacy for commercial value but over the last two decades we've set up a social system in which that's the de facto exchange.

From supermarket cards on down, corporations have built systems, and habituated our society, to a model in which the atomic consumer's data are tokens of exchange for merchant value, whether in the form of discounts, access, or bald-faced terms of service. You may complain about this, and take individual action to circumvent or introduce friction into the system. But no pocket of rebellious sheep is going to change the direction of the vast flock.

I do not believe individual action is the appropriate response to this. What is necessary is legislation. Unless all companies are forced to compete on the same playing field there is too little incentive for one company to disadvantage itself by giving up these data. Anti-spyware legislation could fairly easily be extended to prohibit this kind of scanning practice, or to limit the collection of personally identifying data.

So I'll lobby for that, and in the meantime continue playing WoW.

Permalink to Comment

7. smoothie on October 17, 2005 10:21 PM writes...

As a long time player of Blizzard gamed and other online computer games, I have no problem with what Blizzard is doing - as long as they are only using the programs to stop cheating. Cheating is a big deal in on-line games, and it is really really easy to do in any on-line game and completely ruin it for everyone else. Players allow their computers to be scanned because they would rather play in a game that isn't ruined by cheaters than have a little more privacy but have their game ruined.

Permalink to Comment

8. J. Stanley on November 4, 2005 12:16 PM writes...

Randy: perhaps you're not familiar with how aptly named Windows is. Everything--every user interface element--is a window. This includes not only dialog boxes, but buttons, labels, text boxes, etc. If Warden is scanning window text, it could be gathering a LOT more information than you think.

Permalink to Comment

9. NCS on December 4, 2005 8:35 PM writes...

J. Stanley,
Your wrong,
you should do some more research.
Windows does NOT use IM for elements.
write a program and try gaining button names
using IM, you can't. Not that there aren't ways of gathering element names, but the point being, gathering window titles does not gather other elements.

Permalink to Comment

10. Marcus on October 18, 2006 10:59 AM writes...

Wow, good thing you inform us about this... not that it's news or anything...

Permalink to Comment


Listed below are links to weblogs that reference I Spy With My Little EULA:

I Spy With My Little EULA. Copyfight: from LilBambi's Blog :: Musings from a little deer?
I Spy With My Little EULA. Copyfight: You may recall that Blizzard is the videogame company that sued three software programmers for creating BnetD, a free, open source program that allowed gamers to play games they purchased with others on the plat... [Read More]

Tracked on October 15, 2005 9:52 AM

Verizon Wireless created quite a stir in the mobile industry with their recently updated EULA (end user license agreement) quoted below.  The bolded areas are emphasis from VZW exactly as posted on their site. (enter your area to view the text)Unl... [Read More]

Tracked on November 11, 2005 9:51 AM


Remember Me?


Email this entry to:

Your email address:

Message (optional):

Sherlock Holmes as Classical Fairytale
Trademark Law Includes False Endorsement
Kickstarter Math
IP Without Scarcity
Crash Patents
Why Create?
Facebook Admits it Might Have a Video Piracy Problem
A Natural Superfood, and Intellectual Property