Friday, October 24, 2008

Virtual Divorce = Virtual Murder

You’ve probably seen the news stories about the recent virtual murder in Maple Story, a Second Life-style MMORPG.

According to these stories, a 43-year-old Japanese woman was “so angry” about being divorced by her virtual Maple Story husband she murdered his avatar. The news stories say the virtual murderess – a piano teacher in the real world – was furious because he divorced her “without a word of warning.”

How did she kill him, you ask? In some worlds -- like Second Life -- that could be quite difficult; I don’t know if killing “real” avatars is a standard part of Maple Story or not. I checked out the game’s North American (English) portal, but I couldn’t find an easy answer to that question.

My guess is that you can’t just kill another avatar, a theory I base on the method the piano teacher used to kill her faithless avatar spouse. According to news stories, she got him to tell her his Maple Story username and password when they were happily conjugal and when he divorced her, used that information to log into his account and kill him off, virtually, of course.

I find the “victim’s” response interesting: He went to the police in Sapporo, where he lives, and complained about his virtual ex-wife’s killing his avatar. I wonder how he phrased his complaint: Did he complain of virtual murder . . . or of a loss of virtual property? (I wonder if he could argue that her killing his avatar constituted a threat . . . on the premise that it implicitly communicated her intent to do something similar to him in the real world? I truly doubt that argument would fly, but it’s a thought.)

The police, naturally, didn’t go with virtual murder (or a loss of virtual property, for that matter). Instead, they arrested her on suspicion of illegally accessing a computer and manipulating electronic data; the news stories say that if she were charged with and convicted of this offense, she could face up to 5 years in prison or a $5,000 fine.

The charge would be brought under Japan’s Unauthorized Computer Access Law (Law No. 28 of 1999). You can find an English version of it here. Article 3(1) of the Act first states that “[n]o person shall conduct an act of unauthorized computer access.” It then defines “unauthorized computer access” as
(1) An act of making available a specific use which is restricted by an access control function by making in operation a specific computer having that access control function through inputting into that specific computer, via telecommunication line, another person’s identification code for that access control function (to exclude such acts conducted by the access administrator . . );

(2) An act of making available a restricted specific use by making in operation a specific computer having that access control function through inputting into it, via telecommunication line, any information (excluding an identification code) or command that can evade the restrictions placed by that access control function on that specific use (to exclude such acts conducted by the access . . .);

(3) An act of making available a restricted specific use by making in operation a specific computer, whose specific use is restricted by an access control function installed into another specific computer which is connected, via a telecommunication line, to that specific computer, through inputting into it, via a telecommunication line, any information or command that can evade the restrictions concerned.
Unauthorized Computer Access Law, Article 3(2). The Act defines “access control function” as a function that is
added, by the access administrator governing a specific use, to a specific computer or to another specific computer which is connected to that specific computer through a telecommunication line in order to automatically control the specific use concerned of that specific computer, and that removes all or part of restrictions on that specific use after confirming that a code inputted into a specific computer having that function by a person who is going to conduct that specific use is the identification code. . . .
Unauthorized Computer Access Law, Article 2(3). It defines “identification code” as a code that is granted to someone (known as “authorized user”) who has been
authorized by the access administrator governing a specific use of a specific computer to conduct that specific use, or to that access administrator (hereafter . . . authorized user and access administrator being referred to as “authorized user, etc.”) to enable that access administrator to identify that authorized user, etc., distinguishing the latter from another authorized user, etc.; and that falls under any of the following items or that is a combination of a code which falls under any of the following items and any other code:
(1) A code the content of which the access administrator concerned is required not to make known to a third party wantonly;
(2) A code that is compiled in such ways as are defined by the access administrator concerned using an image of the body, in whole or in part, of the authorized user, etc., concerned, or his or her voice;
(3) A code that is compiled in such ways as are defined by the access administrator concerned using the signature of the authorized user, etc., concerned.
Unauthorized Computer Access Law, Article 2(2). Finally, the Act defines “access administrator” as “a person who administers the operations of a computer (hereafter . . . “specific computer”) which is connected to a telecommunication line, with regard to its use (limited to such use . . . hereafter referred to as “specific use”). Unauthorized Computer Access Law, Article 2(2).

I must admit, I find the language of the Act a little hard to follow; it’s more technically grounded than the language you see in comparable U.S. statutes. It looks to me, though, like the charge against the piano teacher would properly be brought under Article 3(1) (which outlaws unauthorized access) coupled with Article 3(2)(1) (which defines “unauthorized computer access” as inputting someone else’s identification code in order to make a computer or computer system do what you want it to do).

I don’t see any requirement in the Act that the unauthorized computer access have caused “damage,” which is a requirement under the general federal cybercrime statute, 18 U.S. Code § 1030. Section 1030(a)(5)(B) makes it a federal crime to intentionally access a computer “without authorization, and as a result of such conduct, recklessly” cause “damage.” The statute defines “damage” as “any impairment to the integrity or availability of data, a program, a system, or information”. 18 U.S. Code § 1030(e)(8).

The piano teacher’s conduct would certainly constitute a U.S. federal crime under this statute because she (i) intentionally accessed a computer (the Maple Story computer and, specifically, her virtual husband’s account on that system) and (ii) caused damage (killing his avatar certainly qualifies as impairing the availability of data or a program). As I said, I don’t know if damage is a requirement under the Japanese statute; it is not required under some U.S. state unauthorized access statutes, on the theory that simply getting “into” a computer system without being authorized to do so is a crime, a virtual analogue of trespass. I suspect the damage element may come into play if and when the lady is being sentenced.

Last year I did a post on virtual murder in which I speculated on whether CONSENSUAL virtual murder in online worlds might someday be criminalized. As I explained there (and explain in a law review article that should be published soon), I don’t think it should be a crime, just as I don’t think any consensual acts that take place in a purely virtual world should become the focus of real-world criminal law. As long as it’s consensual, it’s part of a game and I don’t see why anyone should care (regardless of how bizarre the conduct becomes).

This case, though, raises a different issue, equally interesting. Should we make it a crime to commit real murder (nonconsensual murder) in virtual worlds? Let’s assume for the sake of analysis that the man whose avatar was killed in Maple Story won’t be able to resuscitate it; he’ll have to start over with a new avatar. Not being a serious gamer, I’m not sure how important that is; I know it can be very important in goal-directed games like World of Warcraft, and it looks a like Maple Story might be one of those.

For the purposes of analysis, again, let’s assume he DID lose a great deal when he lost that avatar; he lost, say, skills and property he will have to work very hard in-game to restore. The question, as far as criminal law is concerned, is should we treat this just as a type of unauthorized access w/damage (what some U.S. states define as aggravated hacking) or should we go further and treat it as analogous to a real world crime like theft or even murder?

It couldn’t be theft because she didn’t take the property we are assuming his avatar acquired during its brief lifespan; if we’re trying for a property crime analog, it would have to be some kind of property damage offense. As to whether we should create a crime of virtual murder – avatar murder – I really don’t know. I suppose the answer to that question will depend on how much time we come to spend in virtual worlds; if we come to spend a great deal of our time in these virtual environments – so that we invest much of our personal, emotional and professional lives in them – we might decide some virtual analog of murder is essential.

Can you imagine the dialog if and when this woman goes to prison? “What’d you do? I killed an avatar.” Chicago comes to Second Life.


David A. Schumann said...

No intent to be flippant, but, would justice be done be "resurrecting" the avatar victim (if possible), charging the virtual murder the costs, and "imprisoning" her avatar (that is, life without access to Second Life)? Its possible that a virtual "imprisonment" (limited access to a prision like atmosphere) would punish someone like her (apparently more involved in the game world than the real world) more than a physical prison - and its more likely that a court would hand down such a sentence than actual physical imprisonment.

Susan Brenner said...

It's been done, in at least a couple of instances.

In Roma Victor, they have used virtual crucifixion as a punishment for players who violate their rules . . . and may still do so. It's a creative way of banning or suspending a player who's gotten into trouble. If you google Roma Victor and crucifixion, you'll find stories about it.

And for a while, Second Life used a virtual cornfield to do the same thing . . . rule violators' avatars were stuck in a cornfield while on suspension. I think the idea came from a Twilight Zone episode in which a kid with extraordinary abilities sent people and animals he didn't like to a cornfield (as a graveyard, I think).

Susan Brenner said...

Thanks, Barbara . . . I'm glad you like the blog.