A few months ago, I wrote about a case involving a man making t-shirts parodying the NSA’s seal (https://nicoterablawg.wordpress.com/2013/11/06/security-agency-trademarks-and-fair-use/). That case involved a graphic artist named Dan McCall making a t-shirt using the NSA’s seal and the NSA claiming trademark protection of that seal. The NSA recently admitted that McCall was correct. The shirt did represent a parody and thus received the appropriate First Amendment protection (http://arstechnica.com/tech-policy/2014/02/its-ok-to-parody-the-nsa/).
As many gamers know, there was a big debate that erupted this week over Valve’s use of VAC (Valve Anti-Cheating) services on their Steam software distribution platform. Some users posted on Reddit that they’d discovered that VAC pulls a great deal of information from the user’s computer. Namely, the user accused VAC of pulling the computer’s DNS cache entries (http://www.reddit.com/r/GlobalOffensive/comments/1y0kc1/vac_now_reads_all_the_domains_you_have_visited/). The DNS (Domain Name System), to put it simply, assigns a website a name that the system can read and recognize. Websites normally possess a number, called an Internet Protocol (IP) address, that operates as the address for a particular website. Since people generally have trouble remembering long strings of numbers, DNS provides a much easier method of internet navigation. For example, you can reach Google’s homepage through either http://www.google.com (DNS) or type in Google’s IP (http://220.127.116.11/). The user’s computer stores the DNSs of sites the user has visited in the DNS cache. As a result, Reddit users were accusing Valve’s VAC service of recording every website a user visited.
In response, Valve owner and CEO Gabe Newell posted that, while Steam did possess this capability, they invoked it rarely (http://www.reddit.com/r/gaming/comments/1y70ej/valve_vac_and_trust/). Newell insisted that they only pulled the DNS cache if the user visited a website known to host for purchase cheating software (for example, a program called an aimbot that allows the user to get a headshot every single time in Counter-Strike). VAC would check the computer’s server logs for contact with servers known to host cheating software, specifically looking for the software’s attempt to contact its host server. If VAC discovered such a log entry, the service would then pull the DNS cache in order to verify the use of the cheating software and ban the player. Newell stated that Valve has banned 570 users through this method. Newell also stated that this method of tracking cheaters was no longer active, since Valve has to cycle its methods of catching cheaters frequently.
The legal issue here is relatively simple. Valve can acquire consent to these actions through their terms of service. The larger issue is whether they should conduct such actions. Newell’s response stresses, correctly, the fine line that Valve must walk to make such a system work. If there were no anti-cheating countermeasures in place, users would likely quit using steam out of frustration. It is no fun to play a game when other users have an unwarranted advantage over others, but a company should maintain some respect for the user’s privacy. Even better, a degree of openness with customers never hurts. Newell responded quickly to redditors’ accusations of privacy violations and explained how and why his system pulled DNS cache information. That acted as a much better method of assuaging firms than better contracting could provide.