Crisis at Crytek
On Feb. 11, Rock Paper Shotgun posted a link to a thread on the Facepunch forums, claiming that an almost complete, potentially fully complete, version of Crytek's next flagship title Crysis 2, due out March 22, had been leaked to the internet. Not only was the full game leaked, but also the entire multiplayer experience as well as the keys to the castle, so to speak -- the master key for the online authentication, negating a good amount of the online authentication necessary to play the game legitimately. Torrent sites filled up with leaked copies. EA and Crytek issued a short response:
Crytek has been alerted that an early incomplete, unfinished build of Crysis 2 has appeared on Torrent sites. Crytek and EA are deeply disappointed by the news. We encourage fans to support the game and the development team by waiting and purchasing the final, polished game on March 22. Crysis 2 is still in development and promises to be the ultimate action blockbuster as the series' signature Nanosuit lets you be the weapon as you defend NYC from an alien invasion. Piracy continues to damage the PC packaged goods market and the PC development community.
The damage is unknown, but it will be a lot more than monetary. Early copies of games that get leaked are hardly fully optimized or ready for consumer consumption, but in Crysis 2
's case, being so close to release, we could potentially already have a gold copy out on the internet. In addition to hurting sales, a leaked copy of this magnitude could affect consumer expectations. Early reviews of an unfinished game could tear the hype out from under Crytek. EA investors could see this leak as detrimental to their involvement and funding of the game developer for future projects.
So your game has been leaked ...
What does a developer do when a game has leaked? EA and Crysis issued a response that asks the consuming public to wait for a final release, to support the publishers and developers who make great games happen. Back in 2003, Valve's long-awaited Half-Life 2
was leaked due to security issues on Valve's servers, with Gabe Newell asking forum-goers to help track down the offenders. In 2004, Valve and the FBI announced arrests in the leak, and in 2006, German citizen Axel Gembe was arrested and tried in Germany for the leak and other crimes. He got 2 years probation.
Containing a leak is basically the only course of action to take when something this massive happens. Your property has been stolen and released to the world. Copyrighted software source code has been taken from you and released illegally. Companies, developers and producers alike spring into containment mode. It isn't easy -- you all know how fast information spreads on the internet, even in massive, gigabyte form.
Not only do you want to contain the game itself but also bolster consumer confidence in your game. If you can't keep a tight lid on security before your game is even launched, how do you expect to meet the needs of consumers after release? Sadly, it's a problem that comes up with MMOs all the time, when a developer has beta testing in place that falls hard and fast once the open beta servers are activated. Consumer confidence in the game drops when an early build or unfinished server architecture fails, stopping hype in its tracks.
When a game is leaked, what types of damage can be expected? Well, it's a lot more than financial, sadly. Even in the monetary realm, the damage is multi-faceted. First, you've got the potential loss of sales, boxed and downloaded copies that would have otherwise been sold to the public, if not for their ability to already download and play the game.
Second, you've got the cost of the containment. You can bet that employees from both EA and Crytek are working around the clock, not on their game but on the containment and management of the leak, checking systems, and working to shut down torrents.
Third, you've got the ancillary costs of recovery. Someone might get sued, but who? You've got lawyers and investigators to pay, especially if the leak is something huge.
Fourth, you've got advertising dollars already in a budget that now have to either be retooled or refunded due to the change in public perception and potential early reviews and sentiment that breaks about an unreleased title. This is all just scratching the surface.
Not all damage is money-related. What happens internally at Crytek, where a system-wide investigation gets to take place over who leaked what, where problems occurred, and how to prevent these types of problems from happening again. Because of the leak in an already volatile economy and industry, will people have to be let go because of the costs of the leaks? Will bonuses that would have otherwise been paid for record sales instead be turned into containment cash or new software to replace the online authentication key system? The cost of the loss of integrity is unfathomable.
Who do you sue?
Here's the crux of the problem -- who do you sue? Crytek and EA have little to no recourse in the event of a leak. When Half-Life 2
was leaked and the perpetrator eventually found, Valve didn't get any money out of him. The guy got 2 years of probation. Who could Crytek and EA sue?
They could sue the leaker, the main guy who cracked in to Crytek's internal FTP (if that's what happened), and sue him for everything he's got. But everything he's got isn't going to amount to anything near the actual damages Crytek will suffer. Does this hacker have millions stashed away for a rainy day judgment, just in case he gets caught? Highly unlikely.
Software infringers could be sued, like the torrent sites that host the leaked files, but these sites are mainly outside the United States or Germany, Crytek's headquarter nation. And how do you decide who to sue? The data collection alone would take time, money, effort, and manpower to complete. You don't see the fruits of your damage collection labor until well after the crime and damage occurs.
When you get right down to it, the level of financial and personal damage done to the studio is unrecoverable. This is all money lost, pure and simple, with little to no recourse. The only way to fully recover from a leak is to never have your software leaked at all. All press is good press to many people, but in the case of a game leak, people's knowing a hotly anticipated game is up for grabs online means more torrent activity.
Some have said that the download numbers haven't been too high with this particular leak, either because people just don't want to download the game because they would rather wait for the retail copy or because the file size is too large. The number of downloads, for the most part, doesn't matter. The potential to do damage is the problem -- 5,000 illegal downloads is still 5,000 illegal downloads. The damage is already done, no matter the number of copies downloaded. Crytek has to contain this leak as if everyone in the world is downloading its game in order to combat the damage.
Blizzard's secrecy and the online model
We talked about private servers a few weeks back, and I came to the conclusion that the ones that generate revenue and serve up illegal copies of WoW
through stolen or fabricated server software hurt Blizzard's bottom line. Blizzard is one of the biggest game developers out there in terms of money and protection. It keeps its stuff under many locks and many keys.
Beta clients get leaked all the time with Blizzard. I distinctly remember a certain friend of mine with a certain Warcraft 3
disc that made the rounds in our dorm room back during my first year at Berkeley. We see Blizzard leaks all the time, so even one of the biggest and most secretive companies in the industry has issues with leaks. MMO-Champion's infamous Cataclysm
leak, for instance, shocked the community, opening up a huge amount of Cataclysm
alpha content to a world it was definitely not intended for.
Hype is a commodity, plain and simple. Blizzard's product secrecy supports a level of hype that needs to be maintained for such a successful company. Loyal fanbases love hype, for any product or company that is willing to feed it. I don't see this as a bad thing at all. I love hype. I love buying into hype. I have fun rooting for my products because in a world with so much choice, my brain likes having one thing to focus on instead of the multitude of choices that exist before me.
Information is awesome, of course, but at what price? The game will come out eventually, but information leaks versus full product leaks are two completely different monsters. Blizzard's information leaks, thankfully, haven't killed its hype machine or its willingness to engage in alphas -- they are crucial development stages. Crysis 2
's leak will hopefully not be a factor in Crysis 2'
Online authentication is here to stay
This is why online activation is here to stay. As long as there is piracy, we will have DRM and activation issues. No matter how many products or full versions get released through leaks or mistakes, one of the more concrete ways to make retail products manageable is to require some type of online authentication to play. It sucks. It completely sucks, especially for people with intermittent internet. For a multiplayer experience, you're going to be logging in anyway, so requiring authentication isn't that big of a deal.
Single-player content is another story. If Crysis 2
were a completely single-player affair, would the nature of this leak change things? Probably dramatically. Authentication keys can be changed -- it's expensive and time-consuming, but it's potentially fixable. How do you fix a single-player only leak that is the complete experience?
As long as people continue to break the law in regards to stealing and leaking copies of video games, you're going to see harsh activation. It sucks. I already said it sucks. But what is the alternative? Here are two hypothetical situations.
First, we get rid of all DRM and online activation. Stuff gets bought and leaked the day of release or even beforehand. Single-player content is freely available on the internet, and as piracy gets easier, more people get in on it. The more people pirate, the more a company has to spend to combat piracy, and the margins on AAA titles fall through the floor.
Second, let's hypothetically institute harsh DRM, combat leaks to the fullest, and make all games require some kind of server authentication, single- or multiplayer, regardless. Players get upset, intermittent internet users get frustrated, and game companies end up having to treat us all like thieves.
Do you think a transition to Battle.net for all of our accounts is just for functionality? Most likely not. I stated before
that I believe Battle.net has a vast social future, combining all the good aspects of social networking and sharing into a comprehensive software suite of Battle.net profiles, guild/clan pages, and information sharing alike. Battle.net's ubiquity also serves to make piracy more difficult, creating an online layer to everything Blizzard makes. So far, it seems to be a good compromise.
Where is the line? I don't know. I've been thinking about it for a long time, and hopefully I'll put my own thoughts down for people to read. Right now, though, I'm thinking about leaks and damages, the insurmountable costs that are associated with this brand of video game piracy, and all I can think about are the people at Crytek scrambling to make this less of a disaster. At the very least, the people perpetrating this leak are disrespectful to the industry, as the remedies available during a leak of this magnitude can hurt a lot of people, even after Crytek still expresses its love
of the PC community.
This column is for entertainment only; if you need legal advice, contact a lawyer. For comments or general questions about law or for The Lawbringer, contact Mat at firstname.lastname@example.org.