Advocate General at the ECJ on the admissibility of cheat software
For many years, I had the opportunity to accompany one of the best-known automation bots for online games all the way to the Federal Constitutional Court. This case, which involved Bossland’s “Honorbuddy” for the game World of Warcraft, is an example of how complex and far-reaching the legal issues surrounding cheat software can be. The legal dispute between Bossland and Blizzard, the manufacturer of World of Warcraft, dragged on over several instances and raised fundamental questions about the relationship between copyrights and rights of use, the protection of business models and the scope of injunctive relief.
Now, more than a decade later, the Advocate General at the European Court of Justice (ECJ) has also addressed the issue and expressed his opinion in his Opinion on whether the use of cheat software in online computer games is generally permissible. The background to this is a referral from the Federal Court of Justice (BGH), which has referred questions on cheat software to the ECJ with the aim of finding out whether the mere overwriting of variable values in the working memory of a computer program already constitutes a copyright infringement. This question was also relevant in the Bossland v. Blizzard case, but was not conclusively clarified at the time.
At the end of April 2024, the Advocate General issued his eagerly awaited opinion. In it, he takes the view that the mere change of variable values in the working memory does not constitute an unauthorized modification of a computer program within the meaning of copyright law. He thus goes against the previous case law of the Federal Court of Justice and proposes a more user-friendly interpretation that also leaves room for modifications and creative uses.Although the Advocate General’s recommendation is not binding on the ECJ, in practice the judges often follow his legal assessment. Should the ECJ agree with this view, this would have far-reaching consequences for the permissibility of cheat tools and mods in computer games. Game manufacturers would then find it much more difficult to take action against providers of such software if it only accesses the working memory and leaves the program code itself untouched. This would strengthen the legal position of users and third-party providers and could lead to more competition and innovation in the field of game modifications.
Content of the Advocate General’s opinion
The Advocate General recommends that the ECJ answer the BGH’s questions to the effect that the mere alteration of variable values in the working memory of a computer program does not infringe the scope of protection of the program within the meaning of Directive 2009/24/EC and does not constitute a modification within the meaning of copyright law. He argues that only the value of the variables that the program takes into account to perform various tasks changes. However, the source code and the structure of the program itself remain unchanged.
The Advocate General emphasizes that the protection of computer programs serves to protect program authors from unauthorized reproduction and distribution of “pirated copies”, but should neither hinder the development of competing or compatible software nor restrict the use by legitimate users in the private sphere. He refers to the recitals of Directive 2009/24/EC, which make it clear that copyright protection for computer programs should not lead to the creation of monopolies for ideas and principles on which a program is based, and consequently copyright protection is limited to forms of expression that enable the complete or partial reproduction of the computer program, i.e. ultimately the object and source code. Pure manipulation of variable values in volatile working memory is not covered by this. Otherwise, the scope of protection would be overstretched and users’ rights would be disproportionately restricted. The Advocate General also draws parallels with the case law of the ECJ in the area of interfaces and interoperability. There, the Court ruled that the functionality of a computer program and the programming language are not covered by copyright protection (Case C-406/10 – SAS Institute).
The reproduction of a program code or the translation of the code form may also be permissible if they are indispensable in order to obtain the information necessary to establish the interoperability of an independently created program with other programs (Case C-476/17 – Voss).If these principles are applied to the present case, there is much to suggest that the mere modification of variable values in the working memory does not constitute an act of use relevant to copyright. The Advocate General therefore advocates a cautious interpretation of Directive 2009/24/EC that does not overstretch the protection of computer programs and leaves room for competition, innovation and creative uses.
Significance for IT security research
The Advocate General’s opinion not only has implications for cheat software in games, but also indicates a fundamental statement that all software whose content intended for modification is temporarily modified in the working memory is permissible under copyright law. This could help IT security research in particular when analyzing software, as buffer overflow-based “attacks”, for example, would be expressly permitted for investigation.
As long as there is no completely secure software, the best possible provision of information about vulnerabilities is an important factor for the stability of the information society. Security researchers are dependent on a legal framework that allows them to investigate potential vulnerabilities and exploits without making themselves liable to prosecution. This also includes the possibility of manipulating program sequences and analysing how changed variable values affect the functioning of software, and the coordinated and responsible detection and disclosure of IT security vulnerabilities is not an insurmountable problem. Coordinated Vulnerability Disclosure or Responsible Disclosure is a mechanism designed to reconcile the interests of science, society and product stewards. Security vulnerabilities are first reported confidentially to the manufacturers and only published after a reasonable period of time has elapsed to fix them, giving the manufacturers the opportunity to develop and provide security updates before the vulnerabilities can be exploited by attackers. At the same time, it creates incentives for security researchers to handle their findings responsibly and not to publish exploits carelessly. This is because premature disclosure of security vulnerabilities can entail considerable risks for the affected systems and their users.
However, successful Coordinated Vulnerability Disclosure also requires manufacturers to work cooperatively and transparently with security researchers. This includes taking reported vulnerabilities seriously, rectifying them promptly and informing the public about the measures taken. Unfortunately, practice shows that this is not always the case and some manufacturers try to conceal security vulnerabilities or intimidate those who discover them, making it all the more important that the legal system supports security researchers and makes it clear that the analysis of software vulnerabilities is generally permissible as long as it is not abusive. The Advocate General’s opinion could send an important signal that the integrity and security of IT systems is a valuable asset that must not be jeopardized by excessive copyright claims, because ultimately all parties involved benefit from a robust and trustworthy IT infrastructure. Manufacturers can use the findings of security researchers to improve their products and minimize liability risks. Users can rely on the fact that any vulnerabilities discovered are promptly rectified and their data is secure. And society as a whole benefits if critical infrastructures and sensitive information are better protected against attacks. It is to be hoped that the ECJ will take up the Advocate General’s considerations and create a balanced legal framework for IT security research with its decision. Only if the legal rules of the game are clear and innovation-friendly can security researchers develop their full potential and make an important contribution to digital security.
Influence on the gaming industry
Should the ECJ follow the Advocate General’s recommendations, this would have far-reaching consequences for the gaming industry. Video game manufacturers would then no longer be able to take action against cheat software providers so easily as long as they only access the working memory and leave the source code untouched. This could stimulate competition in the field of game modifications and add-on programs. At the same time, developers would have to consider how to implement restrictions and game mechanics that cannot be easily circumvented by external tools. There may also be increased pressure to offer cheat functions officially as options or mods in order to maintain control. Game publishers often argue that cheats compromise the integrity of the gaming experience and create unfair competition between players. On the other hand, there are many gamers who see cheats and mods as a creative way of customizing a game. The ECJ’s decision could therefore lead to a readjustment of the relationship between game manufacturers, cheat providers and gamers.
On the one hand, publishers would have to accept that they cannot prevent every change to the gaming experience by third parties. They may be forced to offer more modding interfaces and customization options to keep users engaged. On the other hand, cheat developers have to be prepared for the fact that their tools are legal, but not necessarily desired. They might have to do more to convince people that their offerings enrich the gaming experience and do not destroy it. Ultimately, it will be important to find a balance of interests between the players involved. Game manufacturers have a legitimate interest in ensuring that their products are used fairly and as intended. They invest a lot of money and work in development and have to protect their revenues. Cheats and hacks can undermine this business model by falsifying game content or circumventing payment barriers. On the other hand, players have an interest in being able to use the games they have purchased as they wish within the framework of the law. They want to live out their creativity, personalize the gaming experience and network with other gamers.
Mods and additional tools can help to increase long-term motivation and tap into new target groups. It can also be enriching for the gaming culture as a whole if users not only consume games, but actively help to shape them. It will be interesting to see how game manufacturers and cheat providers will react to a possible liberalization by the ECJ. It is conceivable, for example, that publishers will increasingly rely on server-based games and cloud gaming in order to retain control over the gaming environment. They could also try to offer cheat functions as paid DLCs and thus monetize them. Cheat developers, on the other hand, could focus on marketing their tools as creative modding platforms that respect and enhance the original game. Ultimately, it will depend on all parties involved approaching each other and looking for constructive solutions. Because one thing is clear: the passion and commitment of the players are the basis for the success of the gaming industry. If this energy can be channeled positively and transformed into fruitful cooperation, everyone can benefit in the end – game manufacturers, cheat providers and, above all, the gamers themselves.
Comparison with previous judgments
The Advocate General’s assessment contrasts with previous rulings by German courts. In 2012, the Regional Court of Hamburg affirmed an infringement of competition law through the distribution of bots in preliminary injunction proceedings between game manufacturer Blizzard and cheat provider Bossland (LG Hamburg, decision of 12.06.2012, ref. 312 O 322/12). The court considered the use of bots to be a violation of Blizzard’s terms of use and thus a deliberate obstruction of competition.
In another case, the Higher Regional Court of Dresden ruled in 2015 that the distribution of bots constitutes a copyright infringement (OLG Dresden, judgment of 20.01.2015, Ref. 14 U 1127/14). The court considered the bots to be an impermissible modification of the game software, as they interfered with the program flow and changed the code. In addition, the bots would circumvent Blizzard’s technical protection measures, which is a copyright infringement in its own right.
In 2017, the Federal Court of Justice took a position against Bossland in an appeal case (BGH, judgment of 12.01.2017, ref. I ZR 253/14). This involved the bots “Honorbuddy” and “Gatherbuddy 2”, which were used in World of Warcraft. The BGH confirmed the rulings of the lower courts and saw the cheat bots as both an anti-competitive obstruction and a copyright infringement through unauthorized modification and circumvention of technical protection measures. Bossland was therefore ordered to cease and desist and pay damages.
However, this BGH ruling concerned different bots than those now assessed by the ECJ Advocate General. While “Honorbuddy” and “Gatherbuddy 2” intervened deeply in the game mechanics and also circumvented protective measures, the bots relevant in the preliminary ruling proceedings are apparently limited to the manipulation of variable values in the working memory. In this respect, the cases are not readily comparable.
It will be interesting to see whether the ECJ will follow the Advocate General’s reasoning and thus deviate from the previous line of the German courts. Such a decision could lead to a standardization of the previously inconsistent case law and create more legal certainty for cheat developers and game manufacturers.
However, the Advocate General’s opinion also raises new questions. It therefore remains unclear where exactly the boundary between permissible changes to variable values and impermissible reworking of the program code lies. It is also unclear to what extent technical protection measures of the game manufacturers are to be taken into account and whether their circumvention can constitute an independent copyright infringement.
Overall, the controversial discussion about cheat software shows that copyright law is facing new challenges in the digital age. It is important to find an appropriate balance between the interests of rights holders, users and the general public. The technical characteristics of computer programs and the importance of interoperability and competition must also be taken into account. It remains to be seen how the ECJ will rule and what consequences this will have for the gaming industry. However, it is clear that the legal framework for cheats and mods will remain an exciting and controversial topic in the future. Ultimately, it will be important to find a fair balance of interests that safeguards the rights of all parties involved and at the same time leaves room for innovation and creative development.
Points of criticism and counter-opinions
Conclusion and outlook
It remains to be seen how the ECJ will position itself. In any case, the decision has the potential to have a lasting impact on the legal framework for cheat tools, mods and game modifications. On the one hand, it is about protecting the creators and the integrity of the gaming experience, and on the other, about user freedom and lively competition. The ruling could also provide important impetus for IT security research, and the case of Blizzard v. Bossland is a good example of how complex and protracted such disputes can be. It may take a rethink on the part of game manufacturers and legislators to find an appropriate balance of interests. Instead of banning every change, official interfaces for modding and creative game design could be a way forward.
At the same time, players must be effectively protected against fraud and unfair practices. As a lawyer with over a decade of experience in copyright and competition law as well as in drafting contracts for the gaming industry, I can say that the upcoming ECJ decision will be of great practical relevance. In my career, I have had the opportunity to participate in many highly complex court cases on cheat software and game modifications, including the Blizzard vs. Bossland case before the Federal Court of Justice, where I have found that it is often difficult to find a balance between the legitimate protection interests of game manufacturers and the freedom rights of users. The legal situation has so far been anything but clear, leading to lengthy and costly legal disputes.
A clarifying decision by the ECJ could provide more legal certainty here, although even the ECJ will not be able to clarify all the details. It will continue to be a task for national courts, legislators and, not least, the games industry itself to develop practical solutions that are in the interests of the players. We should also keep an eye on the opportunities and potential of mods and user-generated content, which can be an important driver of innovation. in my view, it would be desirable if game publishers and cheat developers were to engage in more dialog with each other instead of just fighting in court. If we succeed in defining common standards and rules of the game that promote creativity and competition without opening the floodgates to infringements of the law, a great deal would already have been gained. However, this also requires the courage to question old ways of thinking and break new ground
I will continue to monitor developments and report on the final decision of the ECJ. It is to be hoped that the judge’s ruling will provide a good basis for further discussion. As an expert in legal issues relating to gaming and e-sports, I will continue to closely accompany and support the industry in the future. Because one thing is certain: the issue of cheating will be with us for a long time to come.
