Litigation

Can Game Console Software Updates Violate the Computer Fraud and Abuse Act? Sony Says No in Renewed Motion to Dismiss in Case that Tests the Sufficiency of EULA and TOS Disclosures to Gamers

Published: Apr. 06, 2011

Updated: Oct. 06, 2020

Sony Computer Entertainment America (“SCEA”) has filed a motion to dismiss an amended complaint in the In Re Sony PS3 OTHER OS Litigation, Case No. C 10-1811, pending in the N.D. of California.  The case concerns SCEA’s release of a software update to its PS3 game system that disabled the systems’ “Other OS” feature, which had previously enabled users to install Linux as an alternative operating system.   Although the update was released on April 1, 2010, plaintiffs clearly found it no joking matter, as evidence by their allegations that SCEA’s release of the update breached SCEA’s warranty to users, violated the usual gamut of California statutory and common law claims (17200, 17500, CLRA, Conversion, Unjust Enrichment, etc.) and, more interestingly, constituted computer hacking under the federal Computer Fraud and Abuse Act (“CFAA”).  The district court previously dismissed all but the CFAA claim, and plaintiffs filed the current amended complaint, which SCEA has again moved to dismiss.  SCEA’s cornerstone argument is that plaintiffs cannot claim entitlement to the Other OS feature’s permanent availability when SCEA never represented it would always be available, and in fact made clear in its EULA and TOS that it reserved the right to issue updates that might disable some functionality.  In that sense, the case sets up an interesting test of the sufficiency of disclosures in EULAs and TOS as a basis to foreclose complaints about a game system or software when players object to a change in strategic direction by the game publisher or system manufacturer.

This conflict is most interesting in connection with the CFAA claim, which was the one claim that survived the initial motion to dismiss.  Plaintiffs’ allege that the software update violated Section 1030(a)(5) of the CFAA because in distributing the update SCEA “knowingly caused the transmission of . . . code . . ., and as a result of such conduct, intentionally caused damage without authorization” to plaintiffs’ computer systems.  In this sense, the claim is reminiscent of the old AOL 5.0 class action cases back in the day of free Internet access trial periods.

SCEA makes two arguments in its latest motion to dismiss, both centering on SCEA’s “authorization” to install the update.  First, SCEA argues that the software update in question was not installed on a user’s system until after the user manually accepted the download.  Given that users consented to the installation, SCEA posits, that installation was necessarily “authorized.”  Second, specific consent aside, SCEA argues that it had previously acquired users’ authorization to install software updates, and informed users that such updates might cause the loss of some functionality, by virtue of their assent to the PS3 EULA and TOS.

In this case, the first argument seems rather clear cut.  If you agree to install a software update, whatever other claim you might make about the effects of that update, you have likely forfeited your ability to claim the install was “unauthorized.”  The second argument, if accepted by the Court, is the one more likely to have broader value as precedent.  Game manufactures and publishers routinely rely on EULAs and TOS to communicate a user’s rights and limitations in the system or software, and many contain similar provisions regarding updates.  A decision from the Court upholding the enforceability of these clauses would provide further strong precedent to foreclose computer “hacking” claims like those presented here in situations where gamers are unhappy with a manufacturer or publisher’s decision to remove game features or functionality.