Wednesday, February 29, 2012

Bitcoins and Prepaid Access Rules: Headed for a Collision

One of the challenges of the Web is making a business plan while wondering if it will stay legal. Technical adaptations outpace the glacial process of legal evolution. A program can be written and distributed in hours, but legal updates require either legislation or a precedential decision. This can be particularly befuddling when a new technical tool comes along. The options can be to make an investment now and risk spending money on something that may not be legal, or wait and miss an opportunity to get in on the ground floor.

The Financial Crimes Enforcement Network (FinCEN) within the Treasury Department took a large step towards closing a legal gap in issuing their new prepaid access rules, handily summarized in this excellent guide prepared by Pillsbury Winthrop Shaw Pittman LLP. All of the requirements detailed therein came into effect in late September of 2011, and the registration requirement goes into effect at the end of this March. To boil it down, the Treasury Department doesn’t like people using prepaid access (gift cards, e-wallets, virtual currency, etc.) to launder money or facilitate other crimes. Without this regulation, FinCEN is concerned people supporting illegal activities could continue to use these systems to ”clean” thousands of dollars a month. To slow down the flow, the new regulations require anyone who is providing prepaid access to register with the Federal government, maintain records of all transactions (including indentifying information of anybody participating), and put procedures in place to verify customers. There are exemptions to these requirements, primarily in limiting transaction values and/or keeping systems entirely “closed loop,” which would generally be more like a store-based gift card system.

The downside of this is easy to see: nobody in business is a huge fan of extra government involvement or additional administrative burden. This will require anyone in the business of prepaid access to register with the government, and keep robust records on their customers, including name, date of birth, address, and any identification numbers. Possibly even more onerous is the requirement to verify the identity of anyone participating in the prepaid access; that’s not necessarily an easy thing to do. Some businesses might argue that their very appeal to customers is the fact that their use is anonymous and outside the more typical, public financial systems.

Despite this burden, these regulations are, to some degree, a healthy measure for anyone providing prepaid access. Keeping records transactions and who is participating is generally not a bad idea, even if it does involve more work. For example, if a dispute arose, that information could be quite handy. However, not every potential customer may view these regulations in the same light. You might be annoying a customer who started using your prepaid debit card because he wanted a financial tool a bit more off the grid or for more limited places that he thought were less secure, like an ewallet. But (hopefully) nobody is choosing to offer that kind of tool specifically because it appeals to terrorists, drug cartels, and other bad people. There is always a fine line between prudent regulation to prevent bad things and Person of Interest/1984 surveillance.

Any regulatory scheme is not going to work all of the time. Criminals will use fake identities to make prepaid access work for them, but a five year transaction record creates the paper trail that will help law enforcement track illicit behavior. It makes sense to explicitly obligate people marketing prepaid access to build up infrastructure and policies preventing too-easy international transfers, or high volume swaps in a short period of time. Without a ramp up, there would never be usable data to track. The regulations also contain practical exceptions for health care flex-spending accounts, and “closed loop” programs like campus dining dollar accounts, defined-store gift cards, and transportation cards. These regulations have been, in many ways, sensibly written to limit the more obvious problems, while trimming the burden on things that are not inherently problematic.

One key detail is a pathway within the regulations left open to some of the potential regulatory burden is that you can make it impossible to be used before verification of customer identification information. So, if you created procedures and policies making it impossible for anyone to use your system without you first verifying their identity, you would be in compliance (though compliance is more complex than just this factor). The verification of that identity means that you would be, in a practical sense, cooperating with a lot of the regulation anyway: you would agree that you could verify who was participating. So if anything seemed fishy, law enforcement would again, be coming to you.

An interesting undercurrent to these issues is the odd case of Bitcoins. While frequently volatile, they made a solid push to some more stability at the end of the year. Of course, it shouldn’t be too surprising that Bitcoins are in legal limbo as Senator Charles Schumer discussed them along with online drug hub Silk Road last June. It is up for debate whether or not Silk Road actually does what it claims. But, it is unfortunate to see a cleverly engineered development like Bitcoins be publicly associated with something that exists to be shut down by government regulators. Many have speculated since the beginning that it was a matter of time before authorities dropped the hammer on the online currency. Any technical development that grew out of a distrust of regulation and central control ironically places itself in line for regulation and central control.

The argument ready for any Bitcoin advocate against applying the new regulations to the currency is that it’s not prepaid access at all: it’s a currency unto itself. The fluctuations in value could be interpreted to mean it is wholly unlike a system that depends on cash infusions and goes back to being cash, eventually. Bitcoins could stay Bitcoins forever. But it would be foolish to think that any government would consider Bitcoins a valid currency, especially since the anonymity built into Bitcoin makes it ripe for the money laundering concerns that prompted the Treasury to get serious on these issues. These are similar to the concerns we have seen with Linden Dollars in Second Life over the years. The challenge is first, that Bitcoins are de-centralized, unlike any other virtual currency presently in circulation. There is no one business entity propping this system up, meaning the way for regulators to try to wipe them out of existence won’t be as obvious. Most entities that accept Bitcoins as a valid form of payment are tiny web-only retailers that often use them to monetize web-services. Bitcoin users seem not the type to ever accept the reporting and registration requirements, so it would be reasonable to assume that any interaction of the government with the system would be try to wipe them out. But of equal concern is whom to apply the regulations to, since it is arguable there is no provider of prepaid access or seller or prepaid access under the Bitcoin system.

The group that should be most wary of Bitcoins is any retailer considering accepting them. A restaurant in Manhattan famously experimented with the idea last summer. (We called, and they do not take Bitcoins anymore.) While it could be a great way to get some geeks in your store and drum up some press about your business, it is frankly more trouble than it is worth. Bitcoins may be more stable than they have been in the past, but, as the article points out, you take a big risk on taking a hit if the value drops.

But Bitcoins are unlikely to be a majority of anyone’s balance sheet. The bigger problem is being associated with a currency that seems bound not to last much longer, at least in its current state. This issue is yet unsettled, but the government has made clear they’re in no mood to tolerate electronic tools that can be exploited for money laundering. Outside of these regulatory challenges, recent events indicate even more instability in the market. Bitcoin supporters suffered a heavy setback when exchange site Tradehill suspended trading after e-wallet service Paxum departed the Bitcoin market. For Paxum, the final straw was that their banking partners were deeply uneasy about who was pouring money into the currency and why. Paxum’s exit hurt Tradehill, and being defrauded for $100,000 by a payment processor did not help either. Who would be eager to dive into a market so fraught with instability?

Regulation takes time, but Bitcoins seem bound for the chopping block. Bitcoins aside, the progress in money transmission and prepaid access is not likely to stop, especially since it appears Facebook may be laying some groundwork in the payments space. Law of the Game will continue to follow these issues and keep you updated.

Zack Bastian is an official contributor to Law of the Game. A third year student at George Washington University Law, Zack works at the Woodrow Wilson Center's Science and Technology Innovation Program and is a member of the American Intellectual Property Law Association. The opinions expressed in his columns are his own. Reach him at: zack[dawt]bastian[aat]gmail[dawt]com.

Edited 3/3/2012 - Fixed Broken Links

Monday, February 27, 2012

Mass Effect 3 Kotaku Piece

I was interviewed for a piece on Kotaku today, which you should check out. It's amazing how many regulations are out there related to raffles and sweepstakes that most people don't consider when planning a contest. I'm glad that it seems that everyone involved with this were able to roll things back before anyone got into real trouble.

Wednesday, February 22, 2012

More on Kim Dotcom and the Fight Over Cyberlockers

In late January, Law of the Game took a look at Kim Dotcom and Megaupload. Bloomberg Businessweek released a superb profile of the file-sharing baron. It is worth checking out. The authors fill in Dotcom’s back story, and what a story! For example, the piracy bug bit him young: he was selling copies of computer games to friends before he reached junior high school. This was also not his first encounter with the wrong side of the law: he was convicted in 2002 of insider trading.

The article does not limit the narrative to Kim Dotcom’s, brazen, bizarre antics, although there are enough for a novel. They also include a discussion of whether or not the shutdown was overboard. The parties take the positions you would expect. Cary Sherman, Chairman & CEO of the RIAA calls the story a “powerful message” to infringers. Julie Samuels of the EFF says that creators are seeking to “stem the growth of new business models instead of using their time and energy to compete. They’re working to harm innovation and consumers and artists who are trying to find new ways to connect with those fans.” The authors also point out that there has never been a case of inducing copyright infringement reaching the level of criminal liability. To dig deeper, we will begin by examining one of the most famous inducement liability cases, consider how the available facts compare, and then comment on whether this case really is an attack on cyberlockers.

In 2005, the Supreme Court considered inducement liability for copyright infringement in MGM v Grokster. Grokster was a file-sharing utility, but unlike its predecessor Napster, it was built on a decentralized architecture where no central list of the files was kept. The software acted as a link between you and the user with the songs you wanted. Grokster, playing this passive role, did not have actual or constructive knowledge that infringement was taking place, nor did they materially contribute as users searched for the files. Grokster attempted to claim the Betamax defense, arguing that if the product was capable of substantial non-infringing uses, it could not give rise to contributory liability. Grokster is capable of non-infringing uses, and so the developers claimed they were not liable.

In rejecting that argument, the Court discussed inducement liability. If you distribute a product promoting that it can be used to infringe copyrights, it can be enough to show liability. Promotion of infringement has to be by either clear expression or other steps showing you meant to encourage it. Considering Megaupload, the indictment provides plenty of emails and more that scream inducement, like the incentive program. People have pointed out, that there is a big difference between civil and criminal cases. Jennifer Granick notes that secondary liability has never been enough to create criminal liability. [The pending Rojadirecta case has the Second Circuit considering that very issue. Can linking to an infringing stream be enough for a criminal offense?] The counterpoint to Ms. Granick, Derek Bambauer, says the principals look very guilty, but agrees an expansion of criminal liability is troubling. Ms. Granick also admits that there may be enough proof that Dotcom and his compatriots directly infringed enough to make secondary liability less of a problem.

We also must remember, a money laundering count was included in the indictment, but not fleshed out. The federal government has repeatedly (online poker shutdown, new pre-paid access rules, etc.) made clear they are concerned about technology supporting criminal enterprise. There may be evidence not yet public showing Megaupload “washing” dirty cash, providing heavy ammunition for the prosecution. Beyond that, there is no indication that the government has the intention or appetite for a broad offensive on cyberlockers. It is safe to assume that most companies offering cloud storage are not an insane, self-aware scam run by a James Bond villain. It is good that people are concerned and talking. Emphasizing the civil liberties at play is very important. The issue of what happens to the non-infringing files still on the Megaupload servers raises legitimate questions about the rights of people who were not using the service improperly.

It is possible that this is part of a large push against cloud services. But there is still a great deal we do not know about the Megaupload case. Until things become clear, we will be following closely.

Zack Bastian is an official contributor to Law of the Game. A third year student at George Washington University Law, Zack works at the Woodrow Wilson Center's Science and Technology Innovation Program and is a member of the American Intellectual Property Law Association. The opinions expressed in his columns are his own. Reach him at: zack[dawt]bastian[aat]gmail[dawt]com.

Tuesday, February 14, 2012

The Department of Justice’s New Interpretation of the Wire Act: A Green Light for Video Game Betting?

Last year was tough for online poker. A lot of people were swept away in poker’s surge in popularity in the early 2000s. A big part of the spike in was a new generation of players who cut their teeth playing online. You might remember Chris Moneymaker, the first World Series of Poker Champion to qualify from online tournaments. Some used the skills they picked up on the web to transition to the tables of Atlantic City, Vegas, and Reno. Others chose to focus on online play and made a healthy income doing so. The New York Times Magazine profiled one such prodigy, Daniel Cates in late March of last year. But the legality of online poker was suspect since the passage of the Unlawful Internet Gambling Enforcement Act (UIGEA) in 2006.

The Department of Justice put a stop to the boom when shut down the biggest and most lucrative poker sites just weeks after the article on Cates was released, including the UIGEA in the indictment. Full Tilt Poker, Poker Stars, and Absolute Poker, played a “game of cat and mouse” with the US Government, and did business here while operating offshore. They argued online poker was not gambling, but a “game of skill”. The Department of Justice was not persuaded: they quickly shut down domains, filed a civil lawsuit for money laundering, and froze company assets. With such a dramatic blow to the biggest outlets in the market, it was easy to assume online poker in the United States might not recover at all.

Maybe not. In a decision reached in September but made public in late December, the Department of Justice has made a dramatic reinterpretation of the Wire Act. According to the ruling, the law’s ban on betting crossing state or international borders now only applies to a “sporting event or contest,” not to online lottery tickets. Professor I. Nelson Rose made a great post summarizing why this matters for online poker. The Wire Act can be used against people who attempt to make cross-border bets on events. But a lottery is not a bet on a separate event: when you buy a ticket, you are wagering whatever you pay on winning the pot based on the numbers drawn, not something external. Instead, it’s a bet in the event. As Professor Rose points out, a bet placed during a poker game follows the same logic. When you wager money on your hand, you’re not betting on anything other than that round itself.

This likely will not mean that the lawsuit against the big poker sites is over with. The Federal Government has made clear they are concerned about technology facilitating illegality, like money laundering. It would be hard to believe that the Department of Justice would make such a sweeping show of force against those poker sites, then abandon the effort. It could mean that online poker could see a rebirth, provided players are in states where that sort of gaming is legal. Due to its checkered past, anybody considering getting into the business would “wait and see”, making sure they are on solid legal footing before putting down any serious investment.

What is particularly interesting to us at Law of the Game is that this could open the door for gamers to make legal bets on their own performance in online gaming tournaments. Players of games like Call of Duty: Black Ops can already wager points used to purchase new items and skills based on their performance in a given round. If it is legal, a player could place cash bets on how they might perform on a given round, or the entire tournament. Remember, it would be a bet in the event, not on. There are some important caveats to consider. It will be up to game companies whether or not this kind of infrastructure is set up. Some might not find it appropriate for a title, either because of the intended audience or the mechanics of the game. Companies would also need to consider whether they want to assume the burden of regulating betting on their game. The Department of Justice would want to make sure that online games were not being used to launder money, so they would expect gaming companies to take appropriate precautions: tracking bettors, making sure games are not fixed, and so on. Game companies have a vested interest in making sure that their product promotes fair competition, and no one wants to get caught up in illegality. That regulatory burden could provide a benefit.

Game companies would want a fee for their troubles. It could take the form of a temporally charged amount above and beyond the amount it costs for a subscription service like Xbox Live, or a per-bet percentage on every wager, win or lose. If the gambling systems on games became popular, this income stream could convince a company wary to dive in the market. A wagering system could extend the shelf-life of a game for quite some time. World of Warcraft just turned seven years old, but it is still generating income for Blizzard today. This is due in no small part to the subscriptions every player must buy. Subscription or transactional fees could be a powerful enticement to bring companies into the business.

This could also signal the return of integrated gambling models like we saw with Kwari, and an increase in 3rd party tournament sites, as we have previously discussed. It will be interesting to see if a proliferation of tournament sites puts their operators in conflict with the game developers/publishers, and what creative lawsuits may result. Online poker’s future is still an open question, and any type of betting on video games would probably be preceded by a more concrete development clarifying poker’s legality. But, as Professor Rose points out, there are not many federal regulations left prohibiting the interstate transactions involved in gambling. In fact, there have already been proposals, including one from Representative Barney Frank, to overturn the UIGEA, and move the industry to regulation and taxation on a nationwide level.

As budgets get tighter, there is always the lingering question of whether the previous moral objections to online gambling might give way to the very present opportunity to increase government revenue and create jobs. If companies can put in the time and effort to keep the competition fair and above board, we might be able to put cash down on our performance on Mario Kart. Which, reminds me: do not bet on a game of Mario Kart with Mark, it is a bad idea.

Zack Bastian is an official contributor to Law of the Game. A third year student at George Washington University Law, Zack works at the Woodrow Wilson Center's Science and Technology Innovation Program and is a member of the American Intellectual Property Law Association. The opinions expressed in his columns are his own. Reach him at: zack[dawt]bastian[aat]gmail[dawt]com.

Wednesday, February 8, 2012


Sorry for the dust, but Law of the Game has been due for a bit of a clean up.  Parts of the template have become outdated, some links are no longer valid, and the organization needed some tweaking.  I believe I've fixed most of the issues, but if you run across something that still isn't working, please pardon the mess.

There's also substantially more social media integration now active on the site, so enjoy!

Tuesday, February 7, 2012

Could Trolling Land You in Court? Dallas Law Firm Sues To Find Out.

One of the hallmarks of the internet has been the ability to remain relatively anonymous. This anonymity is not absolute, but if you are reasonably tech-savvy, there are ways to broadcast your views and shield your identity. When these measures enable someone to criticize an oppressive government or discuss controversial views, it is easy to see how valuable this protection can be. Speech that otherwise might get you fired, hurt, or arrested can be broadcast to the world. The value of some speech, especially political, is high, and well defined under First Amendment jurisprudence. It is a core right, but not as limitless as some might think.

Less appealing and of lower value is the time-honored internet tradition of trolling, ranging from hilarious to deplorable. Just visit the comments section of any YouTube video to see what we mean firsthand. Homophobia, racism, sexism, and plain old disgusting things run rampant, and there are too many commenters making too many comments to police it all. But trolling is often in the eyes of the beholder. What might be a reasonable statement to you could be harmful to the business of the entity the comment is targeted at. How do you tell the difference between the two, and more importantly, how does the law?

The Lenahan Law Firm of Dallas, Texas, incensed by an anonymous online review, has begun an exploration of the issue by suing the poster for defamation. Because they have not identified the defendant, they plan on subpoenaing Google for his information. This case presents many different issues, so we will unpack some of the bigger ones, and then discuss how it could be relevant in the gamespace.

What is defamation? It is the communication to a third party of false information intended to injure the reputation of a party. The specific type of defamation in this case would be libel, as it is written. The Second Restatement of Torts sheds a little more light on the issue, calling defamation a communication that “tends to so harm the reputation of another as to lower him in the estimation of the community or deter third persons from associating or dealing with them.”

What was the offending statement in the eyes of the Lenahan Law Firm? The anonymous poster “Ben” created a Google Review saying, “Bad experience with this firm. Don’t trust the fake reviews here.” Each sentence, depending on the facts, could be considered libel. If “Ben” had never retained Lenahan, claiming he had a bad experience would be a false statement.

Even if he had, claiming that the positive reviews were “fake” could also be false. If Lenahan can prove their good reviews came from real clients, they could show this easily. Both statements, depending on how a fact finder weighed their impact on Lenahan’s business, could be the type that could “deter third persons from associating or dealing with them.” That is, someone who saw the post could decide that retaining the firm is a bad idea.

What about getting access to “Ben” for the lawsuit? This is complicated. One case that involved a similar situation was Sony Music Entertainment vs Does 1-40, from the Southern District of New York in 2004. Sony discovered multiple individuals trading copies of their copyrighted recordings, and decided to do something about it. To find out the identity of the individuals, they subpoenaed internet service provider Cablevision for their customer records.

In their decision, the court noted that the First Amendment interests of the anonymous individuals had to be balanced against Sony’s need for disclosure. In granting the subpoena, the court identified five important factors. First, there had been a concrete showing by Sony of copyright infringement. Second, the subpoena was specific. Third, there was no other way for Sony to learn the identities of the defendants. Fourth, the information was central to Sony’s case. Finally, the Cablevision subscribers had little expectation of privacy in distributing copyrighted songs without permission.

So how might this method of analysis apply to Lenahan’s subpoena? We must remember that this is a different jurisdiction and a Texas court would be under no obligation to treat Sony as binding precedent. But, that case does directly deal with the issue of when and how you can get to the information an anonymous party, so it is worth considering.

On some of the factors, Lenahan has a strong argument. The subpoena is specific, there is no other way for them to determine the identity of “Ben”, and the information is central to Lenahan’s case. The two remaining factors are more problematic. Because of the facts of the case, there has yet to be a concrete showing by the plaintiff of libel. This could be possible for at least part of the statement if Lenahan can show that their positive reviews were created by real clients.

What might be more difficult would be showing that “Ben” had no expectation of privacy in posting his negative review of Lenahan. In Sony, it was easy for the court to conclude that no one could reasonably expect their privacy to be protected while they illegally downloaded songs. But America has a long tradition of protecting anonymous, critical speech. As far back as the Federalist Papers, citizens have enjoyed an exceptionally broad right to speak their minds without signing their name. As we noted above, that protection is stronger in the political arena.

It could be very hard for Lenahan to show “Ben” did not have a reasonable expectation of privacy in posting his negative review. He could still have matters pending with the firm, and fear they would look for revenge if he included his name. None of this should be taken as a conclusive statement that Lenahan cannot get to this information. The more they are able to make a showing that the statement was libel, a court might be persuaded the First Amendment interest of “Ben” speaking freely is overwhelmed by the defamatory nature of his comments.

But, Lenahan is in a difficult position. ISPs like Google have often resisted such subpoenas because they want to protect their business. They might worry customers will choose not to use their services, like Google Reviews, for fear of being sued. Depending on how they look at it, Google could push back hard against the request for the poster’s identity.

How might this case apply to the gamespace? What if a developer, infuriated by an anonymous review of a game that they felt mischaracterized their work, sued for libel and subpoenaed for the poster’s identity? If the developer can show the reviewer complained about features that were not part of the game, it could rise to the level of defamation. There is an oft discussed concern in the potential conflict of interest of professional game reviewers.

This is part of the reason that non-professional reviews are worth discussing. If you believe anonymous, unpaid reviews are inherently more honest, then the issue is clear. If a developer could demonstrate the review could discourage people from buying the game it would improve their case, even if the statements were generally true. A fear of lawsuits might discourage some from reviewing. But, there is precedent to suggest this is unlikely, and one of them involves Barbara Streisand.

In 2003, Barbara Streisand sued photographer Kenneth Adelman for posting aerial photos of her home as part of an environmental survey of the California coast. The lawsuit backfired. What was previously an obscure photo in a collection of hundreds became widely reprinted and discussed. The celebrity had brought the case to court in order to protect her privacy, but ended up making the offending photograph extremely famous.

Her case was dismissed, and the “Streisand Effect” was born. It remains a cautionary tale to anyone who tries to lasso the power of the internet. Any legal outcome becomes irrelevant if your lawsuit draws attention to exactly what you are attempting to hide. The court of public opinion in the electronic age does not obey defined rules of procedure. Anyone seeking legal relief involving the web would do well to consider this reality in their decision making.

The Lenahan Law Firm believes their customer base from online reviews is significant, and it is absolutely their right to try to protect it. But by bringing this suit, they have made it into a news story, albeit not one as large as the Streisand Effect. They may believe the case is worth the trouble, and that an anonymous party impugning their online reviews is a serious harm to their business. But they have cast a spotlight on “Ben,” and an issue that might have faded away is now news in the legal community. It remains to be seen how the issue will be settled.

The online presence of gamers is much larger than the number of people seeking legal services. If there has been a little bit of discussion on the Lenahan Law Firm, a suit against an anonymous game reviewer would generate a mountain of conversation. What was a frustrating and annoying review that dropped out of sight could instead become a popular post on Digg and Fark.

This drives home the thought process that underlies any lawsuit. A cost-benefit analysis has to be part of the decision. Maybe the review was false, discussed features that were not part of the game, and could dissuade people from purchasing your product. But anyone can post an online review easily, and a lawsuit might put a spotlight on something that could be quickly forgotten. If Lenahan’s lawsuit succeeds, we will know whether it was worth the trouble.

Zack Bastian is an official contributor to Law of the Game. A third year student at George Washington University Law, Zack works at the Woodrow Wilson Center's Science and Technology Innovation Program and is a member of the American Intellectual Property Law Association. The opinions expressed in his columns are his own. Reach him at: zack[dawt]bastian[aat]gmail[dawt]com.

Sunday, February 5, 2012

Piece on IndustryGamers

I was recently featured in an interview on IndustryGamers regarding the recent social games "infringement" issues (Zynga/Nimblebit, SpryFox/LOLApps, etc.).