Pokemon Company Threatens Pokemon Go API Creator With CFAA Lawsuit
from the because-of-course dept
Is there no goodwill that the Pokemon Company's lawyers won't step in and kill off? With the popularity of Pokemon Go, some third parties had started trying to develop some services to go with it, and as part of that, a few have tried to create Pokemon Go APIs. A user going by the name Mila432 had created an unofficial Pokemon Go API in Python, and posted it to GitHub. If you go now, you may notice that the Readme now reads:see you in court nianticlabs, with love from russia xoxoThat's because the Pokemon Company (not the game developer Niantic, but rather the Nintendo subsidiary that owns a piece of Niantic along with all the Pokemon rights) sent Mila432 a legal nastygram claiming that the creation of the API could violate the Computer Fraud and Abuse Act (CFAA). Mila432 posted screenshots to Reddit. We have all the screenshots posted at the end of this post. The letter first claims that creating this API is a violation of Pokemon's Terms of Use as well as Pokemon Go's Terms of Service. But, more importantly (and ridiculously) it claims a violation of the CFAA -- a law we've discussed many times before, mainly for it being the one law "that sticks" when no law was actually broken, but you've done something people dislike "with a computer." Here's what Pokemon's lawyers have to say:
Additionally, your actions with respect to the Mila 432/Pokemon_Go_API potentially violate the federal Computer Fraud and Abuse Act ("CFAA"), a statute that prohibits the unauthorized access of servers and access which exceeds authorization, as well as similar state statutes. And your inducement of others to violate numerous terms of service provisions violates the CFAA. While notice is not a prerequisite to liability, Pokemon hereby puts you on notice that you are barred from accessing Pokemon servers or infrastructure, and barred from facilitating access by others. Any continued access, whether directly or at your direction or on your behalf, will be unauthorized.See that language right there, about putting Mila432 "on notice" and saying that s/he is barred? That's straight out of the very recent Facebook v. Power.com decision in California, where the court ruled that once a company (in that case, Facebook) had sent a cease-and-desist notice, any further access was a CFAA violation. We were troubled by that ruling, and the use of it here further illustrates how problematic it was.
Now, yes, you can argue that unauthorized APIs can cause problems for games -- and that's true. Of course, it can also help make them more compelling by allowing others to build on the game and add more value. But, wherever you come down on that debate, going legal seems pretty silly. Niantic, for its part, had simply gone the technology route of limiting access to third-party servers, to deal with some quality of service problems created by such third parties accessing its system. That is, rather than totally freak out about such APIs, it noted the actual problem (overloaded machines) and sought to fix it through technology.
It's just the Pokemon company that took it up a few unnecessary notches to pull out a big gun like the CFAA. But, I guess, how can I be surprised? This is the same company that legally fucked over a party by Pokemon fans at PAX last year, suing the people who organized it.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: api, cfaa, pokemon, pokemon go, terms of service, threats
Companies: niantic, nintendo, pokemon company
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
https://github.com/Mila432/Pokemon_Go_API/commit/f5289b6d80a33809e29d3c776ddf9132f0100895
then my guess is that is was a bot.
Walk logic, catch pokemon automatically, drop if bag is full all reads like some program you run on whatever to play the game for you.
While I do agree that CFAA is a bit weird to fight an API, the Pokemon Go guys did ban people for GPS spoofing. I guess if Blizzard can sue bot makers so can these guys.
[ link to this | view in chronology ]
Re: Re:
Yes it was a bot, I should have read the rest of the update:
https://www.youtube.com/watch?v=rtGyUPhrGY0
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Google and Oracle had a dust-up over APIs. Google argued that an API is purely functional and, as such, is not copyrightable. Oracle differed in that they could copyright the "Structure, sequence, and organization" of the API for Java. First judge said no. Appeals judge said you can. First judge replied, OK, you can copyright it, but others can use it under Fair Use.
[ link to this | view in chronology ]
I wonder if the lawyers get xp per lawsuit..
[ link to this | view in chronology ]
related?
https://plus.google.com/u/0/+CyrilPreiss0/posts/LJqHh3WmUQ4 (G+ link)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
If someone else "actually does collect them all", how are you harmed?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Bots
Whatever they're doing to nobble the API for the trackers isn't affecting bots - and that does suck if you're trying to play the "right" way.
[ link to this | view in chronology ]
Re: Re:
The app itself is free but uses micro transactions. You use real money to buy in-game coins then use coins to buy items to advance in the game.
But, you can earn some coins in the game for free. If you have GPS spoofing technology, you can manipulate the game to get a lot of coins. Obtaining for free what other players have to pay for.
You can also quickly obtain and hatch a large number of eggs, without buying incubators.
[ link to this | view in chronology ]
Re:
I will admit, the number of botters may be ruining the game by creating server instability, but even that isn't preventing people from playing. What I will defend, are the people providing a beneficial service for everyone, such as PokeVision.com. They have a much better tracking system, that does get abused (I.E. bots), but at least it provides a positive experience for anyone who uses it.
[ link to this | view in chronology ]
Re: Re:
1. Limiting the number of requests per client/account per second
2. Restricting account creation by phone number/email address
3. Limiting the number of events such as level up
etc.
It seems that the service is designed in a way that they need to keep the API secret to keep it secure. If so, too bad. Security by obscurity don't work
[ link to this | view in chronology ]
Response to: Anonymous Coward on Aug 5th, 2016 @ 7:48am
[ link to this | view in chronology ]
Re: I fully support Niantic in their decision...
2. How does their actions "ruin" the games for others? It's not like there is a finite supply of Pokémons in the world.
[ link to this | view in chronology ]
Re: Re: I fully support Niantic in their decision...
[ link to this | view in chronology ]
Re:
You do realize most of this article is not about Niantic, but Pokemon Company which went way beyond what Niantic did?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Pokemon/nintendo/niantic could do this very easily. they chose not too, they chose poorly
[ link to this | view in chronology ]
Location services ON...app will start
BLOCK gps for the app you can then happily change your location with various floating apps....and slide across the world at the speed of sound collecting as you go!
[ link to this | view in chronology ]
In FB vs Power, I felt (and still feel) that FB behaved more or less correctly - and that the CFAA was used in more or less the way such laws should be used: to protect both the service and its users from harm.
Now we have that exact judgment seemingly being used to try and protect a game from cheaters. My feelings are annoyingly ambivalent here.
On the one hand: the objectionable service is apparently a cheat-bot and I really, really want to just say "fuck 'em, they deserve what they get". I have no shred of sympathy for those individuals and organisations who fuck up games for everyone else.
On the other hand, it's the bloody CFAA being invoked, a ridiculously aggressive law that is profoundly not the right tool for the job. It's just too heavy-handed, by far.
The only thing I'm certain of is that America needs better laws.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Either way, it would be possible for them to do this by blocking the "write" functionality of the API without shutting down the "read" functionality as well. As of this week, they've attempted to shut down both.
It's here that I suspect they're doomed to failure, as a practical matter if nothing else. With the official removal of the tracking feature that worked only briefly at launch, millions of players (including myself) have found the searching elements of the game to be roughly akin to stumbling around in the dark. Enough of these players have found their interest revitalized by the mapping features which the API makes possible that this is looking like the opening salvo of a long and tedious arms race.
In the meantime, yes: shutting down API will be a blow to the bots -- though it will have no effect on GPS spoofing, which is a much bigger problem for competitive gameplay than tracking could ever be.
[ link to this | view in chronology ]
okokoko
a true gamer would not want to play the game using a bot
[ link to this | view in chronology ]
great
I fully support Niantic in their decision to fight back against the hackers. They are ruining the game for everyone else who plays legit and in my opinion if you are cheating then you deserve to have your falsely acquired assets wiped and pokemon go hack download online for free .
[ link to this | view in chronology ]