Next time
There will just be a line on page 96 of the EULA allowing them to use computer resources for "auxiliary purposes"
US regulators have smacked games biz ESEA with a $1m fine for surreptitiously installing a Bitcoin miner in its software. The settlement was announced on Tuesday and means ESEA gaming will pay the state of New Jersey $325,000 of its $1m fine upfront, and the rest will be scrubbed if the company has a clean record for the next …
The ability to trace rolled-out modules to clearly specified requirements (known as "traceability" since the early 80s or so) really never caught on, right? Well, if you don't have one, you can at least plausibly deny everything. "Our Software Assurance is shit, honest m'lord".
I wonder WHAT ELSE is in that gaming software.
Why punish a company for a criminal act by one of its employees?
The company might have been made to pay restitution to that employee's victims, but a purely punitive fine to a company whose management and stockholders were not culpable makes no sense. At least in the absence of any finding that they were negligent in supervising the employee in question.
"Though this was an effective mea culpa, the state regulators have decided to make an example out of the company, and so have fined it almost a hundred times the value of its ill-gotten funny money."
It wasn't their funny money though; it was a rogue employee that did it. If you want to make an example, then go after him. Oh, that is right, you would get hardly anything as he doesn't have deep pockets.
Imagine having a top 10 free android game and implementing this in a version update. The processing power may be small, but on millions of devices chipping away? Or maybe introduced as firmware updates on millions of routers worldwide. Maybe the big companies have been embedding similar code in lots of software/firmware for other tasks for years. Ever had windows processess that overutilize the cpu for no good reason or routers that keep rebooting from overheating? (cue spooky sinister music :-) ).
Bitcoin mining profitability pretty much boils down to the cost of the electricity you use to run whatever hardware your mining on.
People who pay for their 'leccy have moved to FPGA and now ASICS for this reason.
Since its the customers footing the electric bill GPU mining would still have been worth it for the rouge dev had he gotten away with it.
A half-baked, zero substance idea invented by 2 greedy All-Americans without any way of investigating who's profiting (2 greedy All-Americans aside) from criminal activities.
(See El Reg article http://go.reg.cx/news/28Pm about a Police Department that paid a Bitcoin ransom)
I'd be interested in knowing exactly how this was illegal.
I mean, I've read the settlement and it goes on about them spying on customers (which this apparently wasn't) and it being a botnet (which it is - if you accept wikipedia's definition[1], but then is presumably just there to sound threatening). As clearly stated in the article, it looks like the announcement is full of misinformation.
Perhaps the issue was simply doing something they didn't mention in the licencing agreement. Many programs get run without any licencing even being seen. Online games, even advertising on web-pages. I'm sure I've seen web-pages which try to do useful stuff for the host in the background. It seems a pretty grey area.
It seems to me that ESEA have been quite unfairly treated. Although maybe they shouldn't have agreed to the settlement. Could they have agreed the wording of the announcement as part of the settlement?
[1] "A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks." Presumably all the @home style systems qualify.