Proctorio's Anti-Cheating Software Exposes Students To Hackers Say Dutch Education Officials

from the well-duh-[but-in-Dutch] dept

Spyware is spyware. It doesn't matter who's deploying it. Proctorio -- the snitchware maker that helps schools keep tabs on distance learners -- has made headlines here for abusing the DMCA to silence security researchers who found flaws in the remote surveillance software. Bogus claims were filed and Proctorio is currently being sued by the EFF and one target of its censorial bullshit.

It was only a matter of time before someone took advantage of the omnipresent anti-cheat spyware, which takes control of students' cameras and microphones to keep an eye on them as well as track their internet activity to ensure they aren't searching the internet to find answers to tests. That's a lot of centralized power enabled by expansive, mandatory permissions. It was bound to be exploited sooner or later. And sooner was the most likely outcome, considering Proctorio sometimes seems more interested in silencing critics than addressing the harms its software poses.

RTL News reports that students in the Netherlands may have been working with compromised computers for months, thanks to exploitation of Proctorio's anti-cheat software.

Many tens of thousands of Dutch students have been easily hacked for months because their education forced them to install insecure anti-cheat software. Malicious persons could therefore gain access to their online accounts and peek in with their webcam.

This might jeopardize Proctorio's contract with schools in the country which, all things considered, will harm no one but Proctorio. Pretty tough to find any tears to shed for a company that greets reports of security flaws with DMCA notices and legal threats. But students in the Netherlands aren't happy with the tradeoff educators are making to reduce cheating.

"It is shocking that we were so easily hacked by Proctorio," said Manish Jhinkoe-Rai, president of the student council of the University of Amsterdam (UvA). The National Student Union (LSVb) wants the online privacy and security of students to be better protected: "And that we are no longer forced to use this kind of unsafe software", says LSVb chairperson Ama Boahene.

Well, it's not all that shocking. This was an inevitability. A large user base, software with extensive permissions, students prevented from taking steps to secure their devices due to the demands of school and anti-cheat software, a company that retaliates against security researchers… it's all a malicious hacker's dream come true.

What's not clear from this report is how many students were hacked or what damage hackers may have caused beyond surreptitiously surveilling students and their online activities. But there's a lot that's tempting to hackers. Here's how the setup works when students are taking exams, according to a Netherlands-based computer science Ph.D candidate.

Before you are allowed into the exam, Proctorio will have you enable your webcam and microphone. It closes all open tabs in the browser. It also uses the screen-sharing functionality in Chromium, originally built for video calls, to record your screen. You will have to show a photo ID to the webcam to identify yourself. Following this, you will be asked to take your webcam and film your entire room to prove you are alone, that your desk is clean and that you haven’t stuck sticky notes out of view of the webcam. After this, you can take the exam, during which the microphone and webcam will continue to record you.

Even when Proctorio is not in active use, it still provides an attack vector for malicious hackers.

[The Proctorio hack] is a so-called universal cross-site scripting attack (UXSS). In such an attack, a criminal can execute code on every website you visit and, for example, intercept passwords or modify the recipient of a money transfer. The leak is usually in the browser or a browser plugin you are using.

Experts suggest students uninstall the Proctorio extension when not needed and reinstall prior to tests. But students using school-supplied devices may not have that option, which means the attack vector is always present, even if it isn't currently active.

To its credit, Proctorio has made some efforts to patch reported flaws. But it continues to demand an insane amount of access to students' computers. And for what ends? To ensure a few people won't cheat on tests? The tradeoff in security seems completely out of whack. Hackers could leverage Proctorio to snoop on students' online activities, harvest passwords from accounts, grab photos of their IDs, and engage in surreptitious recordings.

Students in the Netherlands are demanding a return to open book tests using physical books. Due to COVID-related complications, in-person testing is limited. But allowing students to work with offline testing materials would shut down this attack vector. If the end result is a few cheaters getting away with cheating, that would make COVID-affected schooling no different than the schooling that preceded it.

Even if more students would cheat on tests given the opportunity presented by distance learning, what's the loss to society? If the information is important enough students will have trouble proceeding in life after a couple of years of testing. The only losers are the students who failed to learn. If they move through life without difficulty even without mastering this information, it only raises questions about the value of this information, rather than the students' unwillingness to sacrifice time and energy studying information with extremely limited value.

Proctorio is perhaps no more intrusive than it has to be to achieve its stated aims. But that's not a vindication of its demands from users and their devices. It's an indictment. If students can be trusted with distance learning but not distance testing, the educational system needs to do more than allow a third-party to create enticing, hackable holes for malicious people to exploit.

Filed Under: cheating, hacking, spyware, students, surveillance
Companies: proctorio

Dartmouth's Insane Paranoia Over 'Cheating' Leads To Ridiculous Surveillance Scandal

from the this-is-dumber-than-it-looks dept

The NY Times had an incredible story a few days ago about an apparent "cheating scandal" at Dartmouth's medical school. The problem was, it doesn't seem like there was any actual cheating. Instead, it looks like a ton of insane paranoia and an overreliance on surveillance technology by an administration which shouldn't be in the business of educating kindergarteners, let alone med students. We've had a few posts about the rise of surveillance technology in schools, and its many downsides -- and those really ramped up during the pandemic, as students were often taking exams from home.

So much of the paranoia is based on the silly belief that if you don't have everything crammed totally into your head, you haven't actually learned anything. Out here in the real world, it seems like a more sensible realization is that if you teach people how they can look up the necessary details when they need them, you've probably done a good job. Yes, there may be some exceptions and some scenarios where full knowledge is important. But for most things, the ability to know how to find the right answer is a lot more important than making sure trivial details are all remembered and can be regurgitated on an exam. Indeed, studies have shown repeatedly, that trying to cram the details into your head for an exam often means they don't stick in long term memory.

In short, this type of insane test taking tests people on exactly the wrong thing, and instead encourages the kind of behavior that leads to worse outcomes in the long run.

But the situation at Dartmouth is -- believe it or not -- even dumber. 17 Dartmouth medical students have been accused of cheating -- but those accusations were based on a tool that is not designed to spot cheating. It was based on Canvas, a popular platform for professors to post assignments and for students to submit homework through. And here's what happened, according to the NY Times:

To hinder online cheating, Geisel requires students to turn on ExamSoft — a separate tool that prevents them from looking up study materials during tests — on the laptop or tablet on which they take exams. The school also requires students to keep a backup device nearby. The faculty member’s report made administrators concerned that some students may have used their backup device to look at course material on Canvas while taking tests on their primary device.

Geisel’s Committee on Student Performance and Conduct, a faculty group with student members that investigates academic integrity cases, then asked the school’s technology staff to audit Canvas activity during 18 remote exams that all first- and second-year students had taken during the academic year. The review looked at more than 3,000 exams since last fall.

The tech staff then developed a system to recognize online activity patterns that might signal cheating, said Sean McNamara, Dartmouth’s senior director of information security. The pattern typically showed activity on a Canvas course home page — on, say, neurology — during an exam followed by activity on a Canvas study page, like a practice quiz, related to the test question.

“You see that pattern of essentially a human reading the content and selecting where they’re going on the page,” Mr. McNamara said. “The data is very clear in describing that behavior.”

The audit identified 38 potential cheating cases. But the committee quickly eliminated some of those because one professor had directed students to use Canvas, Dr. Compton said.

In emails sent in mid-March, the committee told the 17 accused students that an analysis showed they had been active on relevant Canvas pages during one or more exams. The emails contained spreadsheets with the exam’s name, the test question number, time stamps and the names of Canvas pages that showed online activity.

If you just read that, it might sound like at least some evidence that those students were doing something they weren't supposed to be doing (even if you think the rules are dumb). But, even that seems to not be accurate. There are some of us (and I am guilty of this) who rarely, if ever, shut down tabs that have important tools or information for our work. Plenty of students are the same, and likely leave Canvas open all the time. And that's what many of the students have claimed.

Geisel students said they often had dozens of course pages open on Canvas, which they rarely logged out of. Those pages can automatically generate activity data even when no one is looking at them, according to The Times’s analysis and technology experts.

School officials said that their analysis, which they hired a legal consulting firm to validate, discounted automated activity and that accused students had been given all necessary data in their cases.

But at least two students told the committee in March that the audit had misinterpreted automated Canvas activity as human cheating. The committee dismissed the charges against them.

In another case, a professor notified the committee that the Canvas pages used as evidence contained no information related to the exam questions his student was accused of cheating on, according to an analysis submitted to the committee. The student has appealed.

The school's paranoia over this went further. When it confronted the 17 students, it more or less pressured them into pleading guilty rather than fighting their case:

Dartmouth had reviewed Mr. Zhang’s online activity on Canvas, its learning management system, during three remote exams, the email said. The data indicated that he had looked up course material related to one question during each test, honor code violations that could lead to expulsion, the email said.

Mr. Zhang, 22, said he had not cheated. But when the school’s student affairs office suggested he would have a better outcome if he expressed remorse and pleaded guilty, he said he felt he had little choice but to agree. Now he faces suspension and a misconduct mark on his academic record that could derail his dream of becoming a pediatrician.

“What has happened to me in the last month, despite not cheating, has resulted in one of the most terrifying, isolating experiences of my life,” said Mr. Zhang, who has filed an appeal.

The article notes other students were told they had 48 hours to respond to charges -- and that they weren't provided the evidence the school supposedly had on them, while also being pressured to admit guilt:

They said they had less than 48 hours to respond to the charges, were not provided complete data logs for the exams, were advised to plead guilty though they denied cheating or were given just two minutes to make their case in online hearings, according to six of the students and a review of documents.

There are just layers upon layers of ridiculousness here. Not only is it bad pedagogically to teach this way, it's dangerous to engage in this kind of surveillance (in the middle of a pandemic, no less), and to just build up an entire atmosphere of mistrust.

EFF did a long and detailed post on this in which they note that the data in question could not have shown cheating, and arguing that these students have been denied basic due process.

But after reviewing the logs that were sent to EFF by a student advocate, it is clear to us that there is no way to determine whether this traffic happened intentionally, or instead automatically, as background requests from student devices, such as cell phones, that were logged into Canvas but not in use. In other words, rather than the files being deliberately accessed during exams, the logs could have easily been generated by the automated syncing of course material to devices logged into Canvas but not used during an exam. It’s simply impossible to know from the logs alone if a student intentionally accessed any of the files, or if the pings exist due to automatic refresh processes that are commonplace in most websites and online services. Most of us don’t log out of every app, service, or webpage on our smartphones when we’re not using them.

Meanwhile, the student free speech advocacy organization FIRE has been demanding answers from Dartmouth as well. To make matters worse, FIRE noticed that Dartmouth recently hid its "due process policies" from public view (convenient!):

We also asked why the college appears to have recently password-protected many of its due process policies. Of course, doing so conveniently hides them from the scrutiny of the public and prospective students who might be curious whether they will have rights — and what those rights might be — if they matriculate at Dartmouth.

And, of course, all of this could have been avoided if Dartmouth wasn't so overly paranoid about the idea that medical students might (gasp!) be able to look up relevant information. When I go to a medical professional, I don't necessarily need them to have perfect recall of every possible symptom or treatment. What I hope they're able to do is use their knowledge, combined with their ability to reference the proper materials, to figure out the best solution. Perhaps I should avoid doctors who graduated from Dartmouth if I want that.

Filed Under: cheating, exams, medical students, surveillance, trust
Companies: canvas, dartmouth

EFF, College Student Sue Proctorio Over DMCAs On Fair Use Critique Tweets Of Software

from the failing-grade dept

Late last year, while the COVID-19 pandemic was gearing up to hit its peak here in the States, we wrote about one college student and security researcher taking on Proctorio, a software platform designed to keep remote students from cheating on exams. Erik Johnson of Miami University made a name for himself on Twitter not only for giving voice to a ton of criticism Proctorio's software has faced over its privacy implications and inability to operate correctly for students of varying ethnicities, but also for digging into Proctorio's available source code, visible to anyone that downloads the software. But because he posted that code on PasteBin to demonstrate his critique of Proctorio, the company cried copyright infringement and got Twitter to take his tweets down initially as a result, before they were later restored.

But if Proctorio thought that would be the end of the story, it was wrong. The EFF has now gotten involved and has filed a lawsuit against Proctorio in an effort to end any online harassment of Johnson.

The lawsuit intends to address the company’s behavior toward Johnson in September of last year. After Johnson found out that he’d need to use the software for two of his classes, Johnson dug into the source code of Proctorio’s Chrome extension and made a lengthy Twitter thread criticizing its practices — including links to excerpts of the source code, which he’d posted on Pastebin. Proctorio CEO Mike Olsen sent Johnson a direct message on Twitter requesting that he remove the code from Pastebin, according to screenshots viewed by The Verge. After Johnson refused, Proctorio filed a copyright takedown notice, and three of the tweets were removed. (They were reinstated after TechCrunch reported on the controversy.)

In its lawsuit, the EFF is arguing that Johnson made fair use of Proctorio’s code and that the company’s takedown “interfered with Johnson’s First Amendment right.”

“Copyright holders should be held liable when they falsely accuse their critics of copyright infringement, especially when the goal is plainly to intimidate and undermine them,” said EFF Staff Attorney Cara Gagliano in a statement.

Frankly, it's difficult to understand what Proctorio's rebuttal to any of that would be. What Johnson did with his tweets and the replication of the source code that was the subject of his criticism is about as square an example of Fair Use as I can imagine. The use was not intended to actually replicate what Protctorio's software does. Quite the opposite, in fact. It was intended as evidence for why Proctorio's software should not be used. It was limited in its use as part of a critique of the company's software. And it was decidedly non-commercial in nature.

In other words, it was clearly an attempt by Proctorio to silence a critic, rather than any legitimate concern over the reproduction of the source code, which is again freely available to anyone who downloads the browser extension. It's also worth noting that there is a pattern of behavior of this sort of thing by Proctorio.

Proctorio has engaged critics in court before, although more often as a plaintiff. Last October, the company sued a technology specialist at the University of British Columbia who made a series of tweets criticizing the platform. The thread contained links to unlisted YouTube videos, which Proctorio claimed contained confidential information. The lawsuit drew ire from the global education community: hundreds of university faculty, staff, administrators, and students have signed an open letter in the specialist’s defense, and a GoFundMe for his legal expenses has raised $60,000 from over 700 donors.

It's the kind of behavior that doesn't end just because some tweets get reinstated or there is a modicum of public outrage. Instead, it takes a concerted effort by groups like the EFF to force a corporate bully to change its ways. Given Proctorio's bad behavior in all of this, let's hope the courts don't let them off the hook.

Filed Under: bogus copyright claims, cheating, copyright, copyright as cenosrship, criticism, dmca, erik johnson, remote exams, software
Companies: eff, proctorio

Anti-Cheat Student Software Proctorio Issuing DMCA Takedowns Of Fair Use Critiques Over Its Code

from the fail dept

As we've discussed before, the COVID-19 pandemic has forced many educational institutions into remote learning and with it, remote test-taking. One of the issues in all of that is how to ensure students taking exams are doing so without cheating. Some institutions employ humans to watch students over video calls, to ensure they are not doing anything untoward. But many, many others are using software instead that is built to try to catch cheating by algorithmically spotting "clues" of cheating.

Proctorio is one of those anti-cheat platforms. The software has been the subject of some fairly intense criticism from students, many of whom allege both that the software seems to have trouble interpreting what darker-skinned students are doing on the screen and that it requires a ton of bandwidth, which many low-income students simply don't have access to. Erik Johnson, who is a student and security researcher, wanted to dig into Proctorio's workings. Given that it's a browser extension, he simply downloaded it and started digging through the readily available code. He then tweeted out his findings, along with links to Pastebin pages where he had shared the code he references in each tweet. Below are some of the tweets that you can reference for yourself.

It's important to note that these tweets are part of a regular string that Johnson has put out critiquing the way Proctorio functions. In other words, due to all the consternation over how Proctorio works among students, this is public criticism from a security researcher showing his work from source code that literally anyone can see if they download Proctorio. And, while you can see the tweets above currently, Proctorio initially had them taken down via DMCA takedown requests.

Those three tweets are no longer accessible on Twitter after Proctorio filed its takedown notices. The code shared on Pastebin is also no longer accessible, nor is a copy of the page available from the Internet Archive’s Wayback Machine, which said the web address had been “excluded.”

A spokesperson for Twitter told TechCrunch: “Per our copyright policy, we respond to valid copyright complaints sent to us by a copyright owner or their authorized representatives.”

Johnson provided TechCrunch a copy of the takedown notice sent by Twitter, which identified Proctorio’s marketing director John Devoy as the person who requested the takedown on behalf of Proctorio’s chief executive Mike Olsen, who is listed as the copyright owner.

When asked to comment at the time, Proctorio noted that just because anyone can see the code by downloading the software doesn't mean reproducing it is not a copyright violation. And that's true, although quite a stupid bit of copyright enforcement. What Proctorio didn't mention is that this sort of critique and use of copyrighted content in furtherance of that critique is precisely what Fair Use is meant to protect. That the company clearly did this as a method for getting some critical tweets taken down also went unmentioned.

“This is really a textbook example of fair use,” said EFF staff attorney Cara Gagliano. “What Erik did — posting excerpts of Proctorio’s code that showed the software features he was criticizing — is no different from quoting a book in a book review. That it’s code instead of literature doesn’t make the use any less fair.”

“Using DMCA notices to take down critical fair uses like Erik’s is absolutely inappropriate and an abuse of the takedown process,” said Gagliano. “DMCA notices should be lodged only when a copyright owner has a good faith belief that the challenged material infringes their copyrighted work — which requires the copyright owner to consider fair use before hitting send.

Which is probably why Twitter eventually reinstated Johnson's tweets in their entirety, although the message sent to him was that it did so because Proctorio's DMCA notice was "incomplete". Whatever the hell that means. You sort of have to wonder if the incomplete-ness of the notices would have been discovered if Johnson and the EFF hadn't kicked up a shitstorm about it.

Meanwhile, because of course, a lot more people know about the criticism of Proctorio thanks to its efforts to try to silence criticism. Isn't there a moniker for that?

Filed Under: anti-cheat, cheating, dmca, erik johnson, proctoring, remote learning, remote test taking, security research, software
Companies: proctorio, twitter

As More Students Sit Online Exams Under Lockdown Conditions, Remote Proctoring Services Carry Out Intrusive Surveillance

from the you're-doing-it-wrong dept

The coronavirus pandemic and its associated lockdown in most countries has forced major changes in the way people live, work and study. Online learning is now routine for many, and is largely unproblematic, not least because it has been used for many years. However, online testing is more tricky, since there is a concern by many teachers that students might use their isolated situation to cheat during exams. One person's problem is another person's opportunity, and there are a number of proctoring services that claim to stop or at least minimize cheating during online tests. One thing they have in common is that they tend to be intrusive, and show little respect for the privacy of the people they monitor.

As an article in The Verge explains, some employ humans to watch over students using Zoom video calls. That's reasonably close to a traditional setup, where a teacher or proctor watches students in an exam hall. But there are also webcam-based automated approaches, as explored by Vox:

For instance, Examity also uses AI to verify students' identities, analyze their keystrokes, and, of course, ensure they're not cheating. Proctorio uses artificial intelligence to conduct gaze detection, which tracks whether a student is looking away from their screens.

It's not just in the US that these extreme surveillance methods are being adopted. In France, the University of Rennes 1 is using a system called Managexam, which adds a few extra features: the ability to detect "inappropriate" Internet searches by the student, the use of a second screen, or the presence of another person in the room (original in French). The Vox articles notes that even when these systems are deployed, students still try to cheat using new tricks, and the anti-cheating services try to stop them doing so:

it's easy to find online tips and tricks for duping remote proctoring services. Some suggest hiding notes underneath the view of the camera or setting up a secret laptop. It's also easy for these remote proctoring services to find out about these cheating methods, so they're constantly coming up with countermeasures. On its website, Proctorio even has a job listing for a "professional cheater" to test its system. The contract position pays between $10,000 and $20,000 a year.

As the arms race between students and proctoring services escalates, it's surely time to ask whether the problem isn't people cheating, but the use of old-style, analog testing formats in a world that has been forced by the coronavirus pandemic to move to a completely digital approach. Rather than spending so much time, effort and money on trying to stop students from cheating, maybe we need to come up with new ways of measuring what they have learnt and understood -- ones that are not immune to cheating, but where cheating has no meaning. Obvious options include "open book" exams, where students can use whatever resources they like, or even abolishing formal exams completely, and opting for continuous assessment. Since the lockdown has forced educational establishments to re-invent teaching, isn't it time they re-invented exams too?

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Filed Under: cheating, covid-19, education, surveillance, testing

Epic Games Settles With Cheating Minor To End Lawsuit

from the game-over dept

Update: The original post, retained below, included an error referencing a previous Techdirt article that was about a different case with a different minor in a dispute with Epic Games. While that case dealt with a defendant referred to in court documents only as "C.R.", this case dealt with a defendant referred to in court documents only as "C.B.". I apologize for the error, although the rest of the content in the post remains relevant. Additionally, the case against "C.R." is ongoing.

At long last, the PR nightmare for Epic Games is over. Kind of. You will recall that the company went on a lawsuit blitz over those that develop and/or promote cheats for Epic's hit game Fortnite. While one can understand that the company was salty over cheat enablers for its online shooter, given that disruption by cheaters makes the game less fun and therefore less popular, the fact is that Epic also fought this battle on claims that such cheats violate copyright and the license provided by the game's Terms of Service. These are claims that need to be tested, and hopefully defeated, in court, because they are a twisting of copyright law into the worst kind of pretzel.

One of the cheaters Epic sued, at the time without knowing so, was a 14 year old minor. That young man also appears to have been both rude and brazen throughout the lawsuit process, which at various points involved his mother trying to get the court to dismiss the case and Epic arguing that indeed a minor can enter into a ToS contract with the company. The fact that Epic pushed this so hard and for so long was fairly bizarre, given just what a PR nightmare suing a minor over this sort of thing should have been.

Well, that nightmare is now over, as there is reportedly a settlement between the two parties.

With both sides choosing not to back off, the lawsuit seemed destined for a drawn-out fight. But it didn’t get to that. Behind the scenes, the parties came together to settle their differences without court intervention. This has now resulted in a settlement that’s formalized through an order of approval by the court.

With help from pro bono attorneys and his mother Kari as a General Guardian, C.B. reached a confidential settlement with Epic Games. It’s unclear whether there is a damages amount involved, but both sides have dropped their (counter)claims, effectively ending the dispute.

All claims of what might be in the settlement are pure speculation. That said, it's tough to imagine the young man's family accepting any crippling damages, if any money was exchanged at all. Far more likely is that the settlement includes a promise by the minor to no longer engage in any of the behavior Epic found troublesome and perhaps some legal fees.

Frankly, anything beyond that would be more PR trouble for Epic.

Filed Under: cheating, copyright, fortnite
Companies: epic games

Billy Mitchell Threatens To Sue The Guinness World Record Folks For Removing His Records

from the not-how-it-works dept

Last time we wrote about Billy Mitchell -- a man who appears to be famous for playing video games and pissing people off -- he was losing his legal fight against Cartoon Network for having a character that was a parody of Mitchell named Garrett Bobby Ferguson on its "Regular Show." The court was not impressed.

The GBF character resembles Plaintiff because both have long black hair and a beard. GBF also has a similar backstory to Plaintiff’s portrayal in The King of Kong, in that both held records at video games, and both are portrayed as arrogant yet successful, beloved by fans, and willing to go to great lengths to maintain their titles. But while GBF may be a less-than-subtle evocation of Plaintiff, GBF is not a literal representation of him. The television character does not match the Plaintiff in appearance: GBF appears as a non-human creature, a giant floating head with no body from outer space, while Plaintiff is a human being. Nor does GBF’s story exactly track Plaintiff’s biographical details. GBF holds the universe record at Broken Bonez; Plaintiff held the world record at Donkey Kong. GBF attempts to maintain his universe record through crying and lying about his backstory; Plaintiff maintained his world record by questioning his opponent’s equipment and the authenticity of his submission of a filmed high score. Plaintiff himself acknowledges that GBF is not a literal representation of him when he states that “[t]he actions of this character . . . make me look like some sort of monster, or creature, with no heart or decency. This is simply not me.”

The court also noted that, unlike Mitchell, when Ferguson lost his video game record "the character literally explodes, unlike Plaintiff." So there's that.

Apparently, in early 2018, there was a big controversy when Twin Galaxies, who tracks video game records (including for the Guinness Book of World Records), stripped Mitchell of his various records after claiming that an investigation showed evidence that Mitchell did not follow the rules. The Guinness folks later removed Mitchell's records as well, and later included Mitchell in a section called "The Records That Never Were":

Now, a year and a half later, Mitchell had a law firm send a threat letter to both Guinness and Twin Galaxies, demanding a retraction. There's also the, um, 156-page "evidence pack." Notably, despite the legal threat letter demanding a "retraction" for "their defamatory statements made against him," nowhere in the letter does it lay out which specific statements are actually defamatory. That's kind of a key thing that you're supposed to do if you have a legitimate claim of defamation. What actual statements the letter does mention don't seem to come close to the standard for defamation. Instead, Mitchell's lawyers are nitpicking about Guinness' specific word choice. For example:

Notably, Guinness World Records then published its 2019 Gamer’s Edition Book (see Figure 1). Titled “THE RECORDS THAT NEVER WERE,” Guinness World Records specifically cites the disqualification of Billy Mitchell’s “highest score on PAC-Man and the first perfect score on PAC-Man.” Following that, Guinness stated that Mitchell’s “submitted scores were obtained while using MAME.” In this statement, not only did Guinness World Records assert that Mitchell’s records, specifically his Pac-man records, “NEVER WERE,” but its use of the generalized phrase, “submitted scores,” also asserted that all his achievements were obtained while using MAME. These statements are factually false.

Defamation has to be pretty specific. Merely using a "generalized phrase" that might imply a conclusion that is different than what you want is not defamatory. The letter also demands that every record Mitchell had be restored, and insists that only partially restoring the scores won't be enough to avoid litigation:

This request for retraction is for all of Billy Mitchell’s records; a partial retraction will not suffice. Both Twin Galaxies and Guinness World Records must retract their claims impugning Mitchell's scores publicly, so the damages done to him will finally begin to reverse. There was a press release against Billy Mitchell, and there must be a reciprocal release in his favor.

Each corporation has a 14-day deadline to review the information and issue the retraction, or we will resort to legal recourse, our final option.

But, uh, not giving you a world record is not defamatory. What would they be suing over? I don't see what kind of legal claim there might be. There are also at least some questions about the statute of limitation. The Guinness World Record people are based in NY. The Twin Galaxies boss appears to be in California -- both of which have a 1-year statute of limitations for defamation. Of course, it's possible that he could file elsewhere with a longer statute of limitations. Either way, it's difficult to see what's defamatory here, or what the actual legal claims are. We'll wait and see what is said in response and if any litigation is actually filed.

Filed Under: billy mitchell, cease and desist, cheating, defamation, opinion, records, threats, video games
Companies: guinness world records, twin galaxies

Epic Accuses Cheating Minor Of Continuing To Promote Cheat Software Even After Lawsuit

from the minor-problem dept

Over the past year or so, we've been discussing Epic's somewhat strange ongoing legal dispute with a minor from Illinois over cheating software he developed for Fortnite. Epic initially went after a host of so-called cheaters for developing these tools, claiming that they were violating both copyright and TOS agreements for the game. It found out later that one of these targets was a minor. Instead of backing off in any respect, even after the child's mother petitioned the court with a letter asking it to dismiss the case as the minor can't have entered into a TOS agreement, Epic has since pressed the throttle to go after a child.

This, as I argued at the time, should have been a PR nightmare for Epic. However, after the minor retained a proper non-maternal lawyer and put in a proper motion to dismiss, Epic contends that the minor continued both cheating in Fortnite as well as promoting his cheating software through alternate channels. If that's truly the case, it paints the teen in a much less flattering light.

While plenty of kids would be terrified facing a lawsuit like this, CBV didn’t appear to be impressed. In a YouTube video where he explained the situation last month, the 14-year-old said that he wouldn’t make Fortnite videos anymore. However, he was far from apologetic.

“Fuck epic games. I mean, at least they can’t come after my channel anymore. I’m never gonna make another video. But if they really want to come at my neck for 100 Mil then they can just fuck their brand on their own,” CBV said.

Among other things, the game publisher points out that CBV didn’t halt his cheating activities after the lawsuit was filed. On the contrary, Epic claims that the defendant made another cheating video on a separate channel and registered a new domain to sell cheats.

“Defendant continues to develop and sell cheat software specifically targeted at Epic and Fortnite. Indeed, Defendant has created a new website located at <NexusCheats.us>, a domain name Defendant registered on August 1, 2019,” Epic writes.

While that looks bad, it also doesn't really effect the minor's central argument, which is that the kid was a minor and couldn't have entered into the TOS contract. Still, the courts tend not to look to fondly when the defendant is going around continuing the same activity that landed him in a lawsuit to begin with. Especially when said defendant is publicly spouting off like this.

All of that, again, is merely flavor for Epic's argument that even as a minor the TOS agreement is valid, primarily as the minor "benefited" from agreeing to the TOS, which in this case meant accessing the game.

“His arguments that he is immune from those consequences, including his claim that this Court does not have jurisdiction over him because ‘he’s a kid,’ are without merit,” Epic tells the Court.

According to Epic, not all contracts with minors are automatically void. There are exceptions, which it believes apply here. In addition, this “infancy defense” doesn’t apply, because the alleged cheater also reaped the benefits of these agreements. According to Epic’s response brief, the defendant was well aware of the potentially illegal nature of his activities – after being sued, banned and targeted with repeated DMCA notices – but he continued nonetheless.

None of this changes the reality that Epic is pursuing full force its questionable claim that cheating violates copyright against a teenager. This should still be a situation where PR overrides any legal merit and results in Epic settling this and moving on.

But the defendant appears to be undermining that calculus by spouting off.

Filed Under: bad actors, cbv, cheat tools, cheating, copyright, fortnite, video games
Companies: epic

South Korea Continues To Criminalize Behavior Around Online Gaming At The Behest Of Video Game Industry

from the give-me-a-boost dept

While we've spent some time here talking about the emergence of eSports and online gaming generally, it's safe to say that South Korea was one of the trailblazers in this space. This has led to a remarkable ecosystem in the country for online gaming and competitive gaming. But it's also led to South Korea introducing some fairly problematic laws at the request of the gaming industry. For instance, criminalizing cheating in online gaming is very much a thing in South Korea, though this is actually done by making it illegal to break a game's ToS, which nobody reads.

Now, however, South Korea is going a much more targeted and direct route by criminalizing "boosting", the practice of experienced players of a particular game contracting their services to help less-able gamers to climb the level ranks.

An amendment has passed in Korea’s National Assembly that could charge players found guilty of boosting with a two-year suspended prison sentence and a fine up to $18,000 (20 million won), according to Korean news site Inven.

The law, an amendment to the Game Industry Promotion Act, was first proposed in June 2017. Working with game developers in the country, the government will target boosters and boosting companies that charge for rank inflation across a number of games, including Overwatch and League of Legends.

This is yet another one of those situations where it's important to fight off the initial normal reaction, which is typically to decide that anything that negatively impacts those cheating within online games is just fine. There is such a thing as overkill, in other words, and assessing five-figure fines for the crime of playing an online game for somebody else so the game thinks he or she is better at it then they actually are should certainly fall into that category.

This isn't to say that boosting isn't a problem for these online ecosystems of course.

Boosting is a problem in games that rank players by skill; artificially inflating one’s rank disrupts the normal flow of play. The business of boosting is complex and far-reaching. A number of Overwatch League players have been punished for past boosting in the league’s first season. Philadelphia Fusion player Kim “Sado” Su-min was suspended for 30 games for the practice, while Son “OGE” Min-seok sat out four gamesfor boosting. Blizzard continues to issue large scale bans against boosters nearly every month.

The problem is that these developers are outsourcing the enforcement of their own platforms to the South Korean government, often to the tune of large sum fines and potential jail time. Does nobody else remember when we were kids and couldn't pass a level in a game, so we handed the controller to an older sibling to get past it for us? That's essentially what this is, with the big difference being that doing so effects the experience and rankings of everyone else playing as well. That's certainly annoying, and no doubt a problem.

But worthy of this kind of litigation? It's hard to make sense of that argument.

Filed Under: behavior, boosting, cheating, criminalize, south korea, video games

Denuvo Announces Plan To Fail To Combat Online Game Cheaters After Failing To Stop Piracy With Its DRM

from the fail-train dept

For years now, we have discussed Denuvo's reputation sliding from being once thought of as the potential ender of video game piracy to just another DRM corpse fit for the funeral pyre. Despite this precipitous fall, we also discussed a few months back that the company had been bought by another security company, Irdeto. While the announcement of the deal was generally bizarre, with Irdeto referring to Denuvo as the "world leader" in gaming security, we mentioned at the time that Irdeto is mostly invested in anti-cheating platforms for online gaming. It seemed likely that Irdeto thought that Denuvo's tech might somehow fit into that chief offering.

And now, with an announcement from Irdeto, it indeed seems that Denuvo is pivoting to combating online cheating.

Today, Iredeto announced that they’re joining the Esports Integrity Coalition (ESIC). And perhaps more importantly, Denuvo will soon launch its own anti-cheat technology to help solve this problem.

“Denuvo’s Anti-Cheat technology, which is soon to be launched as a full end-to-end solution, will prevent hackers in multiplayer games from manipulating and distorting data and code to gain an advantage over other gamers or bypass in-game micro-transactions,” the company says.

On the one hand, look, cheaters in online games suck out loud. These cheaters break the online gaming experience for all the non-cheaters out there. Perhaps more importantly, anti-cheating software is going to become a very real market ripe to be exploited, given the explosive growth in competitive online eSports and online gaming in general. If any company or group of companies could manage to end this infestation for gamers, they'd deserve a hero's parade.

On the other hand: this is Denuvo. Few companies have rivaled Denuvo's boisterous claims and posture coupled with the failure of its product. It would be very easy to change out the references to anti-cheating software in the Irdeto quote above and replace them with references to Denuvo's DRM and map that onto how Denuvo talked about its DRM product but a few years ago. Same promises, different product. I can only assume that anyone partnering with Irdeto for Denuvo anti-cheating software are basing that decision more on the reputation of Irdeto than Denuvo.

I have no idea if Denuvo will be successful in stamping out online gaming cheating. But, given the company's history of failure, I know where I'd place my chips if put to a bet.

Filed Under: cheating, drm, piracy, video games
Companies: denuvo, irdeto