- Other Criminal Liability of Warez Trading
- Criminal Copyright Prosecutions of Warez Traders
- Casualties in the War Against Warez
- Appendix: Publicized Convictions Under the No Electronic Theft Act
Other Criminal Liability of Warez Trading
Congress has created several new intellectual property crimes in the past decade, giving the U.S. government more tools to prosecute warez traders than were available during LaMacchia's prosecution. Therefore, even if the government cannot or doesn't want to prosecute a warez trader for copyright infringement, the trader may not be off the hook.1 Alternatively, the government may bring multiple charges against a defendant to increase the defendant's incentives to plead guilty.2
In 1998, Congress passed the Digital Millennium Copyright Act (DMCA) prohibiting the circumvention of technological measures that effectively control access to a copyrighted work3 and the making of or trafficking in a device that circumvents such technological measures.4 Punishments for the first offense include imprisonment of up to five years and a fine of up to $500,000.5
Every major warez distribution group has at least one cracker who specializes in disabling or bypassing copyright-protection devices.6 The cracker's behavior should violate the DMCA, and other group members can be prosecuted as conspirators or aiders/abettors. While there are some exceptions to the law,7 these exceptions are very technical in nature, and a typical warez trader cannot credibly argue that the exceptions apply.
The Computer Fraud and Abuse Act (CFAA),8 historically designed as an anti-hacking statute, has become a general-purpose federal anti-trespassing law applicable to warez trading in at least two ways.
First, the CFAA criminalizes accessing computer systems without authorization to obtain information,9 a provision that could apply to illegitimately obtaining warez from a copyright owner's computer system. For example, the CFAA may have been violated when a PWA group member allowed other members to take software from Microsoft's internal computer network.10 Punishment for the first offense can include imprisonment of up to five years and a fine if the act was committed for commercial advantage or private financial gain, if the taken information's value exceeded $5,000, or if the act furthered other crimes or torts (such as copyright infringement).11
Second, the CFAA criminalizes accessing computer systems without authorization and causing damage.12 In the warez context, this provision could apply to the use of third-party computer networks without authorization to distribute warez or conduct group business (with the damage being the use of network resources or the security measures taken to abate the intrusion). Punishment for the first offense can include imprisonment of up to five years and a fine if the damage was caused "recklessly."13
In addition to the federal CFAA, many states have anti-hacking or anti-computer trespass statutes that would allow state prosecutors to bring suit against warez traders for the same behavior.
A warez trading operation may involve the theft of physical items. For example, Intel employees exchanged stolen Intel servers for access to PWA's warez database.14 At a minimum, the Intel employees could be prosecuted for theft, and the other PWA members could be prosecuted for receiving stolen property or participating in a conspiracy to commit theft.
Trade Secret Protection Laws
In 1996, Congress passed the Economic Espionage Act,15 which in practice has established a federal antitrade secret misappropriation statute. Many states also have their own anti-misappropriation criminal laws. These laws could apply to warez trading of any prerelease software versions (whether alpha, beta, or golden master versions) that qualify as trade secrets, which should include many of the most coveted "0-day" warez.
Copyright Management Information Integrity Laws
While the DMCA's anti-circumvention provisions receive most of the media's attention, another provision of the DMCAregarding the "integrity of copyright management information"also could apply to warez trading. Copyright management information (CMI) includes, among other things, a copyrighted work's title, author, and other named contributors ("credits"); user agreement; and identifying numbers such as ISBN or serial numbers.16
The CMI integrity provisions prohibit providing (or distributing or importing for distribution) false CMI "knowingly and with the intent to induce, enable, facilitate, or conceal infringement."17 They also prohibit removing or altering CMI, or distributing (or importing for distribution) CMI knowing it has been improperly removed or altered.18 Punishments mirror those applicable to the anti-circumvention provisions: For the first offense, imprisonment of up to five years and a fine of up to $500,000.19
Warez trading can implicate the CMI integrity provisions in two ways. First, crackers may remove or alter CMI during the crack. Second, adding a .nfo file could be interpreted as providing false CMI with the intent to induce or enable infringement. The .nfo file's wording may make a difference, but claiming "authorship" of a crack could be a violation. Once again, all participants in a group should have joint liability for violation, either directly for distributing the CMI or indirectly as conspirators or aiders/abettors.