PayPal send out emails about policy updates. Here is one of them:
There’s a few strange things going on.
1) I’m not in Singapore but get sent their Singapore address.
2) They link to their site when they could have just said “go to PayPal’s website”. Getting people into the habit of clicking on links asking them to log in, especially ones with weird extensions doesn’t seem good.
3) If you’re going to include a link, at least link to the changes. Why do I have to log in and go to notifications to see them?
4) On the same note, why aren’t the changes just included in the email to begin with?
Here’s one of the changes listed in notifications:
It is the whole PayPal User Agreement. What has changed? Who knows.
To their credit, a more recent January change just has the part of the policy that has changed.
Jagex, the makers of RuneScape are suing Impulse Software et al. in relation to their sale of bot software that effectively plays the game for a person without needing much human interaction. It’s part of their crackdown on bots; Jagex claims using bots to play violates their rules, is unfair to other players and ruins the game.
As part of the Impulse court case, Jagex subpoenaed Google and PayPal seeking further information about email addresses, YouTube accounts and PayPal accounts.
The information provided by PayPal included personal information on 70,000+ customers who had bought Impulse’s bot software.
An “outside counsel eyes only” protective order was issued for the information PayPal provided, which meant that the information couldn’t be shared with Jagex employees. Jagex didn’t seem to be happy with this though, so in a different court (U.S. District Court for the Central District of California) and using the same legal counsel, on July, 1, 2011, they subpoenaed for the same information in a different case, Jagex Limited v. John Does, and were allowed to share the results with their employees.
[Quotes used in this post are mainly from a PDF of the case that used to be available at http://www.mediafire.com/?ba2nu8puj96tq5b]
“[The] Plaintiff and its counsel misrepresented the scope of this pending lawsuit by stating that the action involved ‘a developer and seller of Bot software.’ The Notice failed to state that Plaintiff already accused Defendants of having used one or more Bots to allegedly circumvent Jagex’s automated technological measures thus making Defendants a party to both suits.” “Plaintiff and its counsel also failed to inform the court in the Central District of California (CDC) lawsuit of this Court’s Protective Order.”
“Even though Plaintiff and its counsel were bound by the Protective Order entered by this Court and were fully aware that Defendants’ customer information was CONFIDENTIAL-OUTSIDE ATTORNEY’S EYES ONLY, using the subpoena power of the Central District of California, Plaintiff’s counsel undertook a calculated clandestine action to serve a subpoena on PayPal to obtain Defendants’ customer information and turned Defendant’s customer information over to its client who then misused the information.”
On October 25, 2011, Jagex sent out a mass email, presumably to those whose information they gained from the PayPal subpoena:
[The forum post is now gone, probably because the very fact that they have to clarify the legitimacy of an email shows that it wasn’t a very effective cease and desist notice.]
26-Oct-2011 06:44:16 Last edited on 26-Oct-2011 06:49:30 by Mod Timo
As a part of the update some people will have received the following e-mail communication:
We have strong evidence that you may have purchased and used botting software in the past, specifically ibot software.
Botting and the cheating it brings is destroying your game, violates Jagex’s rights under the Digital Millennium Copyright Act (DMCA), and any player that continues to engage in botting activity has no place in our community.
As part of bot nuke week we are offering you a 1 time amnesty and settlement lifeline, which is a chance to reform and change your ways. We’d like you to contribute to the community in a positive way, to compete on a level playing field as everyone else does and play in the true spirit of the game, with integrity. All of your accounts, main and otherwise, are now on our watch list and will be monitored for the use of ibot and all other inappropriate third-party software. Regardless of who you are or how long you’ve been with us, if you decide to cheat and bot ever again we will have no hesitation in: (1) permanently removing your account from our wonderful community in order to protect Jagex’s rights under the DMCA, and (2) naming you as a defendant in Jagex Limited v. John Does, which is a lawsuit based on DMCA violations that is currently pending in the U.S. District Court for the Central District of California (Civ. Action No. SACV11-00969-CJC).
Please note that this amnesty and settlement offer is protected under Fed. R. Evid. 408. If you ignore our offer and instead continue use botting software, we reserve our rights to pursue statutory damages against you for between $200 to $2,500 per act of past, present, and/or future botting in accordance with 17 U.S.C. 1203(c)(3).
We do hope you make the morally sound and lawful choice of turning your back on bots. We look forward to seeing you in game having fun in a way that is true to the spirit of fair play and respectful to your fellow players.
Yours sincerely, Mark Gerhard
I can confirm that this is an official statement from Jagex to the recipient. Please note that there are no website links in the main body of the e-mail. Should you receive any e-mails that contain the above text with website links or additional information, they are likely to be phishing e-mails and should be ignored.
Kind regards, Mod Timo
Jagex cross referenced those subpoenaed email addresses with their own records, and the next day began sending the same message through the internal Jagex messaging system to individual players.
Interestingly, Jagex recently started giving an increase in bank space, where a player stores items in the game, as an incentive for registering your email address with your account (when RuneScape started, email addresses weren’t required).
Although Jagex claims RuneScape has a large adult player base, it is almost certain that minors received the messages as well. They’re full of legal jargon and are similar to the extortionate letters the music industry (or their lawyers) send. It strikes me as unethical to send threats like that to children.
If Jagex are confident in their bot detection system, how about instead of going from one extreme: no action “we’re watching you”, to another: legal action, they use their in-game powers and just ban accounts if the re-offend. Legal action seems like an unnecessary and scaremongering threat.
Privacy and a chance to response to the subpoena
“In the cases cited by Plaintiff… the individuals… were given a specified amount of time to object to the subpoena through a Motion to Quash and/or Motion to Dismiss… The first time Defendants and their customers learned of the CDC lawsuit is when their customers began receiving a copy of an email from Jagex on October 25, 2011 followed by the message post on October 26, 2011.”
The forum posts I’ve read support this.
Jagex’s counsel say “it was and is our understanding that PayPal would have notified the account owner(s) of the account(s) associated with any email address in the subpoena in order to provide that account owner(s) an opportunity to address the subpoena, prior to releasing the requested information or documents.”
“You know that PayPal did not notify my clients of the pending subpoena in the Boston suit when you served the first subpoena without first noticing Defendants’ attorneys. Therefore, to now state that Banner and Witcoff understand/understood that PayPal would notify the Defendants is suspect.”
“This lawsuit’s different”
Jagex disagree that they’re focusing on Impulse Software’s customers and say they just want to “identify [our] own customers who [we] believe may be in violation of S1201(a)”.
“Your claim that the John Doe action does not involve our clients is illusionary at best. Not only did [you]… seek to obtain permission to subpoena my clients’ records from PayPal, but the identification of the Doe’s in the Complaint filed described my clients as well.”
“Under the discovery requirements in our pending case and the Local Rules… you had a duty to inform us of the John Doe action… Even when we sent you a letter inquiring about a Press Release issued by Jagex suggesting a violation of the Protective Order, you consciously omitted disclosure of the John Doe action.”
The suggestion of the protective order violation comes from this paragraph:
“We are constantly looking into ways of making the game experience the very best possible for all of our players and as part of our on-going programme to rid the game of bots, Jagex is actively pursuing companies that support the macroing market as well as those who bot. As such we are currently pursuing various bot developers through multiple legal channels, although sadly we cannot yet disclose the full details of our actions for legal reasons. Separately, as part of normal legal process and procedure, we have also taken steps to acquire the details of all players who have purchased bots. Once we have the information regarding the players involved we will take action specifically to ensure that these players are not compromising the game’s integrity through the use of a third party programs.”
This is turning into a very interesting case. Maybe it’s not the best time for business for Impulse Software, but if they come out of this in one piece this could turn into the best advertising money can’t buy.