|
Home
 About Us
Legal Services
CSR
Knowledge Base
Publications
News
Recruitment
Contact Us
|
 |
|
|
|
30 Old Burlington Street
London W1S 3NL
Tel: (+44) 020 7468 2600
Fax: (+44) 020 7437 8216
|
|
|
|
|
 |
|
|
|
|
| Piracy
Begins at Home
(featured in Develop Magazine)
Brian Miller
|
|
INTRODUCTION
The UK's public is one of the top ranked computer game players in the world, falling closely behind the USA and Japan. The games industry here generates approximately £1 billion's worth of computer games sales annually and it is estimated that it loses approximately £3 billion every year to software piracy.
It is well known to many gamers, developers and publishers that there is an Internet ‘underground' devoted to games. It is an underground society devoted to taking a game, disabling any copy protection and then posting it online. The lure of a gamer getting a game a month or even earlier before it is officially released and at a fraction of, or often at no cost, is often too much of a temptation to ignore, resulting in an increasingly buoyant underground market.
WHO IS RESPONSIBLE FOR LEAKING GAMES?
It is widely believed that pirates working legitimately at the very heart of the industry are responsible for the greatest source of pirated software.
It was reported recently in MCV (the weekly games industry publication) that an anonymous ‘warez' (generally used to describe cracks, patches, keys, and key generators, or just about anything that will let people use software without having to pay for it) insider admitted that pirated games are often sourced from employees of a games developer. The individual claimed, "In order to be able to feed up to date software onto the web, the warez groups need to have access to a network of reliable suppliers of master CDs. These people can be developers who were involved in designing the software, beta testers, staff within the publishing companies or even someone who works in the production company that burns the CDs and packages them for retail….These people remain entirely anonymous. Only selected members of any particular warez group actually know who they are." There is even talk that a copy of every desirable game arriving at the warehouses of at least one of the major games retailers appears on one of the employee's desks for replication and/or uploading to the web within one hour.
Peter Moreland, designer of the game, ‘Gangsters: Organized Crime' has been reported as saying "If people at developers are doing this then the developer has a problem…… All of our development staff are paid bonuses according to sales of the products they work on, that's a pretty good incentive to keep the product out of the hands of the pirates." Well, maybe.
In defence of attributing blame to developers, it should be noted that during the lifespan of a game at a developer's studio, it will be mainly incomplete, with incorrect logo screens or animations or legal screens, along with debug and cheat modes still enabled. It is therefore thought that, as the final release build of a game only exists at a developer's studio for a few hours before it is submitted to the publisher, the problem may lie with the publisher, testers, manufacturers or retailers of the game. Publishers also have access to the master copy of the game after the game has been submitted for manufacture (usually by the publisher).
Whether publishers, developers, testers, manufacturers or retailers are responsible for leaking games, it is likely that they are being leaked by employees within the industry, either by disgruntled ones seeking revenge on their employer, or simply out of the desire to be known within the warez community as being first to the post for any particular title.
HOW CAN A GAME BE PROTECTED?
There are a number of ways by which a game can be protected, although no system is one hundred percent foolproof:-
(1) By adopting copy protection solutions such as Sony's SecuROM. This allows developers and publishers to help protect their software against CD-R burning, recording onto hard disk, distribution over the Internet and professional piracy by mass replication of CD-Roms. The technology involves a combination of an electronic keycode applied to each disc and sophisticated encrypted software used for differentiating an authentic CD-Rom from a pirated disc. Another copy protection product is Settec's Alpha-ROM. Settec claims that if an unauthorized user attempts to copy an Alpha-ROM protected CD by adopting one of their methods, then either the CD cannot be copied at all or even if it is copied, the program will not launch or run.
(2) By ensuring that the software is encrypted using software encryption utilities such as DESlock. Such an application can be used to encrypt any .EXE, .COM or .DLL files. Once protected, the application will not run without the correct DESkey being present.
(3) By embedding a digital watermark, all kinds of media ranging from games, photographs on the Internet, DVDs etc can be protected. Sony, Hitachi, IBM, NEC and Pioneer have all joined forces to streamline their efforts in the development of digital watermarking. The companies aim to provide such features via electronic watermarking technology that permits the copyright owner to specify whether content can be freely copied, can only be copied once, or cannot be copied at all, therefore encouraging the owners to provide consumers with a variety of content. These companies had particular concerns over the advent of recordable DVDs, but the same concerns equally apply to computer games.
(4) By fingerprinting the software, a unique code is embedded, which identifies both the game and the employee it was given to. However, it only protects the game during part of the development process and arguably not for the most crucial part, the transition to the publishing stage, as it is believed by many in the industry that it is during this period that games are leaked.
The copy protection methods above, however, do not always help when it comes to dealing with the increasing desires of game developers and publishers to publish games on the Internet. In order to protect the game, copy protection is added, but has proved to be inadequate. However with new copy protection products being launched onto the market as noted above, this may be set to change. Although some games are not cracked and released because of their large size, such as Baldur's gate, others are being constantly cracked. One means, therefore, of protecting a game is to ensure that the game is of a sufficiently large size as to deter a cracker, because the download time becomes excessive, particularly if using a 56k dial-up modem.
Some programmers have developed a new layer of protection to slow down the games pirates. Richard Darling, creative director of Codemasters Software, is developing software to work with games such as Operation Flashpoint. This is a system whereby, when games are copied, they will degrade over time resulting in some features of the game not working. Worryingly, Intel's Architecture manager in Scandinavia told the Danish newspaper, Politiken: "Anything is possible with software. Any code can be hacked."
Although none of these methods is yet foolproof and their development is constantly subject to the interference of continued piracy and hacking by third parties, there is a concerted effort to address the increasing problem of loss of revenue due to piracy.
WHAT STEPS CAN BE TAKEN TO ENSURE THAT A DEVELOPER'S STUDIO IS SECURE?
Plugging Exit Points
Every developer's studio will have security loopholes, but the aim must be to minimise the potential risks of a security breach. THQ President Brian Farrell said, "Of course, there are security loopholes, but this is also true of the music and film industries. We are trying to minimise this as much as possible, but we don't have a concrete solution to the problem. We can't always be sure of keeping a game 100 per cent watertight before the release date." Ideally the developers working in the development studio should be working in a rigorously controlled secure environment that provides detailed guidelines to its employees. Clearly, all access to equipment that can facilitate the copying of software should be disabled, such as CD-Rom writers, floppy discs and ports for connecting external storage devices. Where testing of games is involved, all CD-Rom drives should be locked and the master kept under the strict control of the studio manager or other responsible individual. Access to the Internet should be barred to prevent uploading of a game, or if access is given, a firewall in place that prevents files in excess of a certain size such as 1MB.
Access into and out of the developer's studio should also be closely monitored, to ensure that only authorised personnel enter the studio. Ideally, metal scanners should be placed next to all entrance and exit points in the building to ensure that employees are not taking out unauthorised materials such as CD-Roms. Materials used in the mastering and processing stages should be those which contain metal so that they are detected by the scanners. Such steps could be incorporated within the employees' handbook, so that if the employee were to do any of the prohibited acts, the employer would have a contractual claim in damages against the employee for breach of contract, together with a right to dismiss anyone summarily for committing any one from a list of carefully defined offences.
Contractual Obligations
A useful means of contractually protecting a game from being leaked by either party to a development and publishing agreement, is to insert a provision in the agreement governing the relationship between the parties by obliging each party and all of its employees to adopt agreed security procedures (which could also be set out in the contract). If it can be proven that the game was leaked as a result of one of the parties not following such procedures, the other party would have a claim in damages for breach of contract or be obliged to pay a penalty specified in the contract. Whilst this is probably relatively new ground for most publishing and development agreements, there is no reason why such clauses could not be implemented if all the parties are in agreement.
Copyright
Computer piracy is the unauthorised reproduction of a copyrighted work without the consent of the copyright holder. The content of a computer game is likely to be protected by copyright, which is governed by the Copyright, Designs and Patents Act 1988. Accordingly, if a pirate makes a copy and issues copies to the public, even anyone owning copies and knowingly making use of the computer game will be infringing the copyright in the game and may be committing a criminal offence. Therefore, anyone buying pirated software is also at risk of arrest and prosecution. Warnings to this effect could therefore be inserted both in the start up/final screens of a game and also in a game developer's contract of employment.
Trade Marks
The original game title may contain unregistered or registered trade marks. Registered trade marks are governed by the Trade Marks Act 1994 and unregistered trade marks are protected by the common law of passing off. If the game is copied, any trade mark owner's rights will have been infringed, and each will have a potential action against the infringer. Again, warnings to this effect should be placed in startup/final screens and also in the developer's contract of employment.
Confidential Information
If a disloyal employee has leaked confidential information, such as the code of a computer game belonging to the employer, he may be liable for breach of confidential information under common law or for breach of contract (there will usually be confidentiality clauses in the individual's contract of employment where such a contract exists).
Computer Misuse
If titles have been copied by a disloyal employee from a developer's or publisher's IT system, any person may have committed one or more of the following criminal offences under the Computer Misuse Act 1990:
1. ‘Unauthorised access to computer material' will be proven if the person intends to secure access to a program or data held in a computer and knows at the time that the act committed is unauthorised (section 1).
2. ‘Unauthorised access with intent to commit or facilitate commission of further offences' (section 2).
3. ‘Unauthorised modification of computer material' which principally governs the spreading of computer viruses. (section 3).
If convicted, each offence carries a penalty of a fine or upon a summary conviction up to 6 months imprisonment or on conviction on indictment up to 5 years imprisonment.
THE WAY FORWARD
The revenue being potentially lost by developers and publishers mean that this is one game they can not afford to lose. Software piracy ultimately affects the players themselves, for if developers and publishers are losing out on potential revenue, the quality and range of games being published is likely to suffer. But how can this problem be resolved? It has been shown that it is not possible to point the finger at only one group: the problem lies within all sectors within the industry. All employers and employees within the games industry must therefore familiarize themselves in detail with the issues and do all they can to stamp out the problem.
Security breaches could be minimised by adopting stringent security guidelines for use by employees, such as the copy protection solutions for CD-Roms and for files uploaded to the Internet, as well as ensuring that all software is encrypted, that the games are fingerprinted and that digital watermarks are embedded into the game. From a legal perspective, developers and publishers should ensure that their respective contracts are protective of their interests in accordance with the above guidelines. At the end of the day, if all parties concerned in the development and manufacture of a computer game do not follow one or more of the security measures suggested above, it is virtually impossible, even for the party taking adequate precautions, to prove that the breach of security was due to the defaulting party's lack of security. Even if all parties implement security measures such as fingerprinting and digital watermarking, it is virtually impossible for one party to show that the code was not leaked from its own building by one of its members of staff, unless it can prove categorically that it has implemented the hardware security measures outlined above (see ‘Plugging Exit Points') and that such measures are one hundred percent foolproof. Notwithstanding all of the above, there is a perception within the industry that the implementation of security measures such as fingerprinting and digital watermarking give the impression that the company concerned is professional and takes security seriously. It is therefore a worthwhile activity.
As this is an industry wide problem, the industry must continue to work together in the fight against piracy through organisations such as ELSPA, BIMA, TIGA and FAST who have for some time now been waging war against the bootleggers and more recently, pursuing on-line infringers. It is further proposed that such organisations should enter into negotiations (to the extent they have not already) with first party manufacturers, such as Sony and Microsoft, to see if adequate measures can be put in place to limit the amount of leakage of masters at testing centres and manufacturing plants. For it is only if all these channels are covered can the industry be sure that it is doing all it can to wipe out piracy.
|
|
|
