Author’s Note: This an excerpt from an early draft of a paper I am currently writing.
Applying property rights to virtual resources is often justified by arguing that property rights will allow consumers and users to better protect their interests online and in online games. Garrett Ledgerwood, in Virtually Liable, argues “[a] court’s recognition of property rights makes users better off by increasing enforcement rights in virtual property.”1 In Virtual Property, Joshua A.T. Fairfield outlines the emergence of property rights in virtual items through cases involving theft in China,2 Korea,3 and Taiwan.4
The implicit argument is that users need property rights in their virtual resources in order to protect their interests against others who might gain unauthorized access to accounts and steal virtual stuff. This makes sense when you place virtual resources into a property paradigm. A hacker’s actions in this situation parallel those of a burglar or thief if virtual resources are considered property. Therefore, it is only natural to presume criminal and civil remedies for property theft will also be the best solution for protecting a user’s interest in his virtual resources.
What happens if we remove virtual resources from a property paradigm? These presumptions, and the implicit argument they support, lose their strength. I have already explored what kind of results might occur in a situation where virtual resources are ‘stolen.’5 That paper concluded that the benefits imagined by virtual property advocates are illusory in practical application. In fact, extending property rights to virtual resources harms the very resources and worlds these advocates seek to protect.
So how can user’s best protect their interests in online resources? Two areas of law provide protections in different circumstances. The first is contract law, which provides remedies for those who buy and sell virtual resources. The second, and the one addressed in this essay, is privacy law, which provides remedies for harm to an individual’s persona and sense of self.
There are two types of privacy rights available in the United States. First, the right to privacy against government intrusion is guaranteed by the Fourth Amendment and Supreme Court cases such as Griswold v. Connecticut.6 Second, the right to privacy against the intrusions of private citizens is not guaranteed by Constitutional law, but it is supported in most states through common law developments. 7 This article is concerned with this second right to privacy – the so-called “right to be let alone.” 8
The common law began to slowly develop the four classic types of privacy outlined by Prosser in his 1960 Privacy article. These four types of privacy are as follows:
[1.] unreasonable intrusion upon the seclusion of another . . . ;
[2.] appropriation of the other’s name or likeness . . . ;
[3.] unreasonable publicity given to the other’s private life . . . ; [and]
[4.] publicity that unreasonably places the other in a false light before the public . . . .9
II. Privacy applied to electronic communication and information
Unreasonable intrusion into seclusion or solitude, the first type of privacy listed above, fits hacking and virtual resource theft the best. The act must be intentional,10 it must intrude into something that is actually private,11 and it must be highly offensive to a reasonable person.12 Additionally, Prosser noted that “[t]he principle was . . . soon carried beyond . . . physical intrusion.”13
This right to privacy has already extended to the online realm. The Third Circuit found the unauthorized opening of another’s email violated this right. 14 The court stated that “private individuals . . . have a reasonable expectation that their personal mail will not be opened and read by unauthorized persons.”15
Similarly, the District of Columbia Court of Appeals has recognized, in dicta, the potential for “conduct giving rise to unauthorized viewing of personal information such as . . . Social Security number[s]” to be an intrusion into seclusion and violation of privacy.16 The case was dismissed on separate grounds, however. 17
III. The Common Law of Privacy and Online Worlds
Extending the common law of privacy to protect virtual resources in online worlds is a logical extension of these laws. It may even be argued that the law of privacy does not need to extend to online worlds, for it already applies. The two cases above highlight the natural fit of privacy laws to electronic forms of communication and information storage.
Hacking into another’s online account is an intentional act. This act intrudes upon a private area of the victim’s life. Further, unauthorized account access can be viewed as highly offensive to a reasonable person. This offensiveness only increases if the unauthorized access resulted in the loss of a victim’s gaming characters, equipment, or game currency. Therefore, the hacking and taking of online resources satisfies this privacy tort’s elements.
IV. How changing the way we view virtual resources clarifies the benefits of using privacy law
Viewing online resources in a property paradigm does not work. It fails to provide the benefits property advocates seek while actually harming the resources they seek to protect. Online resources should instead be viewed as extensions of the person rather than as property.
Virtual resources are bound up intimately with our selves. We invest time, emotion, and money in creating ephemeral representations and persona to be viewed by other members of online worlds. There is nothing tangible, but the value is real and important. This value is tied to our person, our privacy, and our reputation.
Viewed this way, privacy common law is the logical choice for protecting user’s interests in their virtual resources. Prosser viewed the tort of intrusion into seclusion as protecting a primarily mental interest.18 In fact, Prosser outlined how Ohio substituted this privacy tort for the tort of intentional infliction of emotional distress. 19
Viewing the harm caused by hacking into a victim’s online account as emotional and private will make more sense to law enforcement, the courts, and the public than trying to extend property protections to virtual resources. More importantly, these protections arguably already exist. Privacy law naturally works in situations where a victim’s online account and resources have been compromised, whereas property law must be reshaped and loose itself from its natural underpinnings — the existence of a tangible, stolen ‘thing.’
Privacy law will provide users the legal ability to enforce and protect their interests in virtual resources. This legal ability already exists and does not require reshaping an area of law in order for it to apply. Property law, however, will need to fundamentally change in order to apply to virtual resources. More importantly, the available remedies in privacy law provide users with the similar or superior outcomes as compared to property law protections. This is coupled with none of the detrimental side effects associated with an adaption and application of property law to virtual resources and virtual worlds. Therefore, privacy law provides the most efficient means of protecting a user’s interests in his virtual resources.
- Garrett Ledgerwood, Note, Virtually Liable, 66 Wash. & Lee L. Rev. 811, 850 (2009). [↩]
- Joshua A.T. Fairfield, Virtual Property, 85 B.U. L. Rev. 1047, 1084 (2005) (examing the Chinese case Li Hongchen v. Beijing Arctice Ice Technology Development Co., a case involving a dispute arising out of a third party stealing Li Hongchen’s account). [↩]
- Id. at 1088 (detailing the Korean system of dealing with the theft of virtual property). [↩]
- Id. at 1086 (highlighting the protection of electronic records in Taiwan under the law of theft). [↩]
- John William Nelson, The Virtual Property Problem: What property rights in virtual resources might look like, how they might work, and why they are a bad idea, 41 McGeorge L. Rev. (2010) (forthcoming), available at http://ssrn.com/abstract=1469299. [↩]
- Griswold v. Connecticut, 381 U.S. 479 (1965). [↩]
- William Prosser wrote the foundational survey of the U.S. common law of privacy. See William L. Prosser, Privacy, 48 Cal. L. Rev. 383, 389 (1960). [↩]
- First articulated by Warren and Brandeis in their famous article. See Samuel Warren & Louis Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890). [↩]
- Restatement (2d) of Torts § 652A. Cf. William L. Prosser, Privacy, 48 Cal. L. Rev. 383, 389 (1960) (listing the four types of privacy as “1. [i]ntrusion upon the plaintiff’s seclusion or solitude, or into his private affairs . . . [;] 2. [p]ublic disclosure of embarrassing private facts about the plaintiff . . . [;] 3. [p]ublicity which places the plaintiff in a false light in the public eye . . . [;] 4. [a]ppropriation, for the defendant’s advantage, of the plaintiff’s name or likeness.”). [↩]
- Restatement (2d) of Torts § 652B. [↩]
- Meaning that the matter or thing intruded upon can not be in the public domain. See Restatement (2d) of Torts § 652B; see also Prosser, Privacy, 48 Cal. L. Rev. 383, 391 (1960) (“[i]t is clear also that the thing into which there is prying or intrusion must be, and be entitled to be, private”). [↩]
- Restatement (2d) of Torts § 652B. [↩]
- Prosser, Privacy, 48 Cal. L. Rev. 383, 390 (1960) (noting its use against eavesdropping, peering through windows, revealing bank account information, and more). [↩]
- Vernars v. Young, 539 F.2d 966, 969 (3rd Cir. 1976). [↩]
- Id. [↩]
- Randolph v. ING Life Ins. & Annuity Co., 2009 WL 1684470, *5 (D.C. Cir. 2009).) The alleged disclosure of personal information in Randolph involved electronic means. ((Id. [↩]
- Id. [↩]
- Prosser, Privacy, 48 Cal. L. Rev. 383, 392 (1960). [↩]
- Id. at 390. [↩]