Game maker Blizzard is facing a flurry of complaints from certain sections of the online community over anti-cheat software built into World Of Warcraft. The program, called "The Warden", essentially sniffs out evidence of cheat and hack programs on a player's computer, allowing Blizzard to identify cheats and terminate their accounts.
Cheating is a big issue in online games, as Blizzard knows from bitter experience. The problem for Blizzard is that they are naturally reticent about explaining exactly what the Warden does and how it works, in order to try and keep ahead of the game. They have, however, made it absolutely clear that the Warden does not gather any personally identifiable information about players, and that the only purpose for collecting data is to look for cheat programs.
So far, so reasonable. Or is it?
The Electronic Frontier Foundation, the US based digital rights activists, have branded the Warden "spyware" and claimed that it is a "a massive invasion of privacy". Blizzard's defence of the Warden - that it doesn't collect personal information, that everyone else is doing it and that Blizzard have the right to do this in the World of Warcraft End User Licence Agreement - cuts no ice with the EFF. They argue that players have to take Blizzard's word for it on the non-collection of personal data, that no-one reads the EULA for the games they play anyway, and even if they do, few understand the legalese.
So is it spyware? And if it is, what's the problem?
"Spyware" is generally used to describe a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of the computer's user. And it's illegal under English law. Under the rather outdated Computer Misuse Act 1990, a person commits an offence if he causes a computer to perform any function with intent to secure access to any program or data held in any computer, where that access is unauthorised and he knows at the time that this is the case.
There are also data protection and privacy issues to consider. The Data Protection Act 1998, provides a set of rules for processing, disclosing and using personal data. In general, informed consent from the individual will be sufficient to permit processing of personal data. A lack of consent will in most cases, make the processing of personal data unlawful. Under the Privacy and Electronic Communications Regulations 2003, a person is not allowed to use an electronic communications network to gain access to information stored in the terminal equipment of a subscriber or user unless the user is provided with clear and comprehensive information about the purposes of the access to that information and is given the opportunity to refuse access.