Spies Like Us? The Law and Blizzard's Warden

Game maker Blizzard is facing a flurry of complaints from certain sections of the online community over anti-cheat software built into World Of Warcraft. The program, called "The Warden", essentially sniffs out evidence of cheat and hack programs on a player's computer, allowing Blizzard to identify cheats and terminate their accounts.

Cheating is a big issue in online games, as Blizzard knows from bitter experience. The problem for Blizzard is that they are naturally reticent about explaining exactly what the Warden does and how it works, in order to try and keep ahead of the game. They have, however, made it absolutely clear that the Warden does not gather any personally identifiable information about players, and that the only purpose for collecting data is to look for cheat programs.

So far, so reasonable. Or is it?

The Electronic Frontier Foundation, the US based digital rights activists, have branded the Warden "spyware" and claimed that it is a "a massive invasion of privacy". Blizzard's defence of the Warden - that it doesn't collect personal information, that everyone else is doing it and that Blizzard have the right to do this in the World of Warcraft End User Licence Agreement - cuts no ice with the EFF. They argue that players have to take Blizzard's word for it on the non-collection of personal data, that no-one reads the EULA for the games they play anyway, and even if they do, few understand the legalese.

So is it spyware? And if it is, what's the problem?

"Spyware" is generally used to describe a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of the computer's user. And it's illegal under English law. Under the rather outdated Computer Misuse Act 1990, a person commits an offence if he causes a computer to perform any function with intent to secure access to any program or data held in any computer, where that access is unauthorised and he knows at the time that this is the case.

There are also data protection and privacy issues to consider. The Data Protection Act 1998, provides a set of rules for processing, disclosing and using personal data. In general, informed consent from the individual will be sufficient to permit processing of personal data. A lack of consent will in most cases, make the processing of personal data unlawful. Under the Privacy and Electronic Communications Regulations 2003, a person is not allowed to use an electronic communications network to gain access to information stored in the terminal equipment of a subscriber or user unless the user is provided with clear and comprehensive information about the purposes of the access to that information and is given the opportunity to refuse access.

So are Blizzard on the wrong side of the law? Well, no. The Warden is clearly not "spyware" in the traditional sense of the word - there is nothing malicious about it and access is specifically authorised by the EULA. So computer misuse can be ruled out. As no personal data is being processed by the Warden, there should be no issues under the Data Protection Act, and as for the Privacy Regulations, again, clear and comprehensive information is given in the EULA and subscribers have the chance to refuse access by clicking "No" to acceptance of Blizzard's terms of use (which means, of course, that they cannot play the game).

The fact that this is contained in the EULA which few people actually read, is not really an issue. The enforceability of "click wrap" EULAs is often debated, but given the regularity with which WoW players are asked to accept Blizzard's terms of use, and the rather more reader-friendly way in which they are written, any challenge on these grounds would, I suspect, have a murloc's chance in Azshara of succeeding.