Wednesday, February 13, 2013

Casting Doubt On CCP's Integrity

In February 2007 the T20 scandal rocked the Eve player base.  The scandal surrounded the actions of one CCP developer who climbed to prominence within one of the most powerful alliances in Eve, Band of Brothers.  In order to restore confidence CCP's CEO Hilmar Veigar Petursson apologized to the player base and named CCP Arkanon the head of the Internal Affairs department.  Shortly thereafter CCP created the Council of Stellar Management, in part to provide more transparency for the way CCP operates.  In the past CSM has expressed their displeasure about CCP's plans, ranging from the frustration of CSM 5's open letter to the emergency summit in the summer of 2011 following the launch of the Incarna to the quiet fuming that resolved itself in CSM 7's Winter Summit in December.  But throughout the battles over business and game design decisions members of the CSM refrained from making charges implying that CCP was taking direct actions to help or hurt an alliance out of personal interest or malice.  Until now.

On Monday CSM 7 member Kelduum Revaan wrote a post that appeared on the Eve University forums, "317B ISK Gone from E-UNI: Who Watches The Watchmen?"  Why the Eve University forums?  Because not only is Kelduum a member of the Council of Stellar Management but is also the head of the highly regarded new player training organization.  With a widespread network of Ivy League graduates combined with 2,200 mostly new players currently in the alliance Kelduum is a very influential member of the New Eden universe.

The post was rather strange.  Kelduum began with the story of an Eve University member named "John".  From the description in the post "John" updated "around 30 orders a minute for 10-20 minutes at a time."  From inquiries I made that is not possible without the use of a macro that violates Section 6A of the Eve Online EULA:
"3.  You may not use your own or any third-party software, macros or other stored rapid keystrokes or other patterns of play that facilitate acquisition of items, currency, objects, character attributes, rank or status at an accelerated rate when compared with ordinary Game play. You may not rewrite or modify the user interface or otherwise manipulate data in any way to acquire items, currency, objects, character attributes or beneficial actions not actually acquired or achieved in the Game."
I use the term "macro" instead of "bot" because when people think of bots they think of a program that runs for hours on end.  According to the description in Kelduum's post the code performed more like an aimbot in Planetside 2, except the target was the market instead of another player's avatar.

Another strange fact that emerged was that while "John" received the standard 14-day ban for a first time botting offense that he did not have any ISK removed from any of his wallets.  That is something that was hard to believe because the policy is to remove the ISK from the botter's characters.

After the ban ended "John" sold all of his assets, donated 317 billion ISK to Eve University and proceeded to biomass all of his characters and rage quit.  Eve University then "took actions to partition the ISK away somewhere safe, transferring the bulk of it to an alt corp."  What follows in the post was Kelduum's side of a couple of petitions and CCP finally confiscating the ill-gotten ISK.

Apparently the disappointment of not receiving any of the ISK led Kelduum to conduct an attack upon Team Security in general.
"I started to become quite worried. The dialogue at this point suggests that the security team are operating with no oversight at all, and implies that there is no auditing or checks and balances for their actions, especially as there is no recourse for anyone who wishes to dispute their claims."
First, up to this point Kelduum implies that he had been talking to customer service representatives who had inquired about the status of the case and that CCP Sreegs had ruled that the action confiscating the ISK would stand.  Then came the charge where I thought Kelduum had gone way too far:
"5. It's only a matter of time before the player-base find out about this, and it is going to raise more questions. Not removing the ISK at the time suggests that it was obtained legally, and that instead 'CCP doesn't want E-UNI to have the money' for some reason." [emphasis mine]
Really?  Instead of assuming that someone at CCP screwed up and was belatedly fixing his mistake Kelduum plays the T20 card of employee bias and misconduct?  Then we find out that the "CCP representative" Kelduum has referred to most of the time is CCP Sreegs.  I make that assumption based on the following quote.
"Today, six days later, the response comes that the CCP representative is not worried about how this would look to anyone, and stands by the claim that the ISK was obtained illegitimately, despite claims and information suggesting otherwise." [emphasis mine]
The bolded part is something I would expect CCP Sreegs to say.  And then Kelduum really goes off the deep end.
"So, the security team are in charge of everything to do with security, and will happily remove ISK from players, with no form of recourse or escalation path in the event of a false positive - which its suggested they have never had one, likely as they apparently don’t allow anyone to dispute their actions.

"And, they will apparently also take ISK from someone who received it if the sender was claimed to have been involved in something illegitimate. Again, no proof or information need be provided as they are infallible."
I just have to pause and remind everyone that at Fanfest last year that CCP Sreegs admitted to two false positives with a possible third occurred when Team Security turned on the automatic bot detection system.  I also know that as recently as November CCP had to give a director in The Maverick Navy a lot of PLEX for incorrectly banning his 20 accounts for RMT activity.

The post concluded with a very discouraging piece of advice:
"So, go out, and be successful in EVE. Just don’t be so successful that CCP decide you’re being too good at EVE, and then decide to tell you you can’t play in the sandbox that particular way any more, even if you weren't aware you had been doing anything wrong."
Kelduum is a very respected player writing on a forum read by hundreds if not thousands of new players.  I wonder how many players read that and thought that maybe Eve wasn't the game for them anymore.  The mission of Eve University is to help teach new players how to play and survive in New Eden, not drive them from the game.  Hopefully the numbers are few to none.

Of course, with the outrage brewing CCP had to respond.  CCP Sreegs responded on the Eve Online forums on Tuesday during downtime...
"There are a number of things wrong with the assertions being made in other forums, which is a topic I'm sure the author of these posts is familiar with because we discussed them prior to his rather selective reporting of the incident. Here's the facts as we need be concerned from an eve perspective:

"1) John was botting. That is not even close to [being] in dispute.

"2) We committed an error in not removing the isk before it got to EVE-U. However we did rectify this problem and our logs show that it was discussed and approved prior to either them receiving the isk or petitioning. We apologized to EVE-U however the petition was escalated as high as it could be and the decision remained. We cannot typically share this information with them as it's really none of their business.

"3) The only authority higher than the Director of Security for these complaints is the Executive Producer and then the CEO. This is a higher level of escalation than the Customer Service arm and IA automatically looks at our work. I'm not sure why we feel we should be able to escalate higher than the highest reasonable authority but the fact is that this team operates with significant oversight. We believe the issue here to be more that this particular CSM feels he isn't in the loop, something which is quite frankly the only proper way to do business in a unit that handles secrets.

"Frankly we're a bit disturbed by the allegations made here given that the person in question waited until they exhausted every resource possible prior to posting this then lamented the lack of an escalation path. Not getting the answer you like isn't a lack of an escalation path and never will be."
At this point the battle was joined and Kelduum posted an addendum to his original post.  I'll respond to each point by point.
"1. Then all we needed to be told was "The ISK came from botting". I had asked if this was the case, and was bushed off repeatedly, being told that "its nothing to do with you", despite us actually having the ISK. In fact, this has happened a couple of times in the past when we have had donations which came from botting or RMT, and as the CEO I received a courteous mail outlining what had happened and why the ISK went missing."
Kelduum had transferred the ISK to an alt corp because the ISK was possibly dirty.  Why was the ISK possibly dirty?  Because the player was banned for botting.  The ISK eventually disappeared.  Wasn't that a sign that the ISK was dirty and does it matter what flavor of dirt covered the cash?  I can't make a comment about receiving a polite email, although I wonder if in those cases the ISK was not petitioned.
"2.a) The only words which could be construed as an apology were related to the one week response in the original petition. At no point has an apology for not removing the ISK earlier been made. I'd love to post the text of the petitions and/or other things, but that would get me banned."
Why does Kelduum deserve an apology for CCP not seizing the ISK immediately?  I still can't understand that logic.  I'm not going to beat up Team Security for not taking the ISK immediately as CCP Sreegs has publicly admitted that errors were made.
"2.b) The petition was responded to by one member of CCP staff, at one level, and on asking for it to be escalated, was told there is no escalation at all for the security team. As mentioned, I asked around if anyone knew of another escalation path, and reached dead ends, and statements that there is literally no higher authority than themselves. Again, I can't post this proof."
Is Kelduum complaining about CCP Sreegs or some customer service rep?  If about CCP Sreegs, wrote on the forums that he was the reasonably highest person to receive the complaint.  Take that for what you will, but I'm sure CCP Unifex appreciates the position CCP Sreegs stated.
"3. At no point was this explained, anywhere, by anyone. If it had been, then it could of been handled quietly. I'll leave the rest of that section detailing that members of the security team being oversight for the security team as exercise for the reader to determine if they think this is a good idea or not."
I take this passage to mean that if Kelduum knew that CCP Sreegs reported to CCP Unifex that Kelduum would have used his position on the CSM to bypass CCP Sreegs and contact CCP Unifex directly.  A more important question is what does the Security briefing that CSM contain?  I believe Kelduum was at the Spring Summit.  I guess that subject wasn't brought up.  I guess one could blame CCP Sreegs for not fully informing the CSM, assuming the subject came up at all.  Perhaps the next CSM should take a greater interest in security, but given how often I write about the subject I'm probably biased.

I think the part of this whole mess that bothers me the most is that Kelduum appears blinded by the possibility of receiving all that tainted ISK.  I started off the game by joining Eve University and not violating the EULA was a requirement for membership.  Apparently something changed over the past 2+ years because Kelduum described someone violating the EULA and didn't realize it.  I've read a lot of botting forums over the past year and read a lot of tears.  Quite frankly, seeing tears flow on the Eve University forums over CCP seizing botted ISK just like I've read on so many disreputable forums just makes me sad and disappointed in what I read.

TL, DR - If you didn't read this book go over to FunkyBacon's blog and read his take on the affair in his posts "Life Under The Bus" and "Kelduum, 'John' and the Aftermath"


  1. "otherwise manipulate data in any way to acquire items, currency, objects, character attributes or beneficial actions not actually acquired or achieved in the Game." - EULA

    Hahahahahaha. I really need to give this EULA a read through, good stuff.

    But seriously, Kelduum overreacts, CCP acts like CCP.

    1. Yes, you should read the EULA.

      If "John" had thought to do so, before using his macro/bot/script/whatever to cheat, he might have avoided the well-deserved smackdown from Sreegs.

      If Kelduum has also thought to do so, before ranting in the E-UNI forums, he could have avoided a lot of public embarrassment.

  2. Not surprising, I had an account banned once because it turned out that it had been involved in RMT weeks BEFORE I bought it through the character bazaar. I guess CCP doesn't check little details like who the owner of the character is before they ban it. Took me weeks of emails to get it back and all I ever got was a half assed apology.

    1. RMTers have been known to transfer toons via the bazaar, to different accounts, in order to mask their trail.

      One of the known risks of using the character bazaar to acquire a toon is the possibility of acquiring a tainted toon. You accepted that risk when you used the bazaar.

      In the end, you did prevail and get the ban reversed - so, stop whining. And, next time, just roll your own new toons, instead of trying to take shortcuts.

    2. Now that's a story. Every time I've heard that someone's been falsely banned they've been compensated a lot. Of course that's been over the past year and I've only heard the comments from two of the players, one of them at Fanfest.

  3. Kelduum thought - wrongly - that he'd get to keep 300B+ illicit ISK by reporting it. Pretty stupid of him.

    When CCP confirmed that it was illicit and took it away, he was butt hurt and foolishly responded, in public, by attempting to cast doubts on Team Security.

    As it stands, Kelduum has just managed to cast himself in the role of the fool, deserving of no one's respect.

    1. "When CCP confirmed that it was illicit and took it away,..."
      Did they? Or they only confirmed when they wore forced to?

  4. I know of a player who was banned because someone else reported his account as an RMT account. There was no investigation before the ban. CCP banned the player, then conducted the investigation. The player in question immediately petitioned, of course, and, to their credit, CCP removed the ban in less than 6 hours, but, still, to ban on just the suggestion?

    I get that companies have to protect themselves, but they also have to realize that they need to do it fairly and not assume everyone is guilty first. I've found that the longer one works in an enforcement environment, the increasingly likely it is that one begins to assume everyone is bad and snap judgements become the norm.

    That's not to say that Kelduum is in the right, here. Not at all. But the point raised about how CCP responds to legitimate questions about how they enforce policy on the folks what pays them is.

    1. Based on the response time, your friend's case probably resulted from a GM issuing the ban, and it was most likely immediately reversed by Team Security, upon receipt of the petition, due to lack of sufficient evidence to conduct an investigation.

      6 hours is simply not enough time to conduct a full investigation into a potential RMT account.

  5. So using macro keys on your keyboard to make boring repetitive tasks less cumbersome is botting now?

    1. As a matter of fact, yes. Read the EULA.

      However, tracking usage of macro keys is more difficult to spot remotely, so chances are that you will get away with it (for now).

      Remember, though - just because you have not been caught yet, does not mean you are not cheating.

    2. Funny. Using my keyboard is against the EULA.
      I won't get caught, I unsubscribed anyway and I did not use macros for Eve. But I would without thinking twice if I were into "playing the market". I still consider it to be a totally dumb rule. Forbid me to use my keyboard :)

    3. @Trebron - you can use your keyboard.

      However, if your macros are allowing you to perform certain activities at a rate which greatly exceeds what can be done manually in-game, then you will get flagged as a macro/bot. CCP will make no distinction between using a software macro or a hardware macro.

      The EULA rule is specifically against *anything* that gives you an unfair advantage over players who are using the in-game tools, or publicly available CCP-approved third-party tools.

  6. I really see zero blame for CCP here. They did their job and they were not required to give someone extra info just because that individual thinks they're special. The security team operates under OPSEC.

    I'm going to go suicide gank some juicy eve-uni guys in order to justify this stupid non-event. Anyone wanna join me?

  7. There will always be bad apples (those that are willing to break the EULA to gain an in game advantage) in any corp. It follows that E-UNI will not be immune from this either. As I wrote in the EvE-O GD thread, I believe Keld put far too much trust in "John" and his protestations of innocence. Thank goodness CCP Sreegs put paid to any notion of doubt by stating that John was a botter.

    As a player that takes pride in being a Unista and the high game related standards the corp strives to achieve, some of the views expressed on our own public forum thread are, quite frankly, embarrassing.

    John was a botter, the ISK was rightfully confiscated and that should of been the end of the story. Team Security communication procedures (note, not details nor individual cases) and questions of oversight are a matter for the CCP/CSM skype/summit meetings within the secure blanket of the NDA.

  8. Kelduum threw a hissy fit because he wanted the cash and thought being a csm member he would get more info but didn't. Then added conspiracy and pathetic whining.

    How to look like a moron and a fool in 50 seconds.

    I would still vote not him over xentura ;-)

  9. CCP say removing isk should happen with ban, but not in this case. CCP claim this was Error and discussed it over three weeks.

    CCP won't tell players they remove isk base on the time using BOT when they detect it at first time. But not in this case.

    IF player decide to use bot make ISK at first time after play over one year, CCP detect it then ban 14 days and take all assets and ISK even if those were not earned by bot.

    Do you think it's acceptable? But CCP did it.

    14 days ban should be a warn. But not in this case.

  10. Of course, with the outrage brewing CCP had to respond. CCP Sreegs responded on the Eve Online forums on Tuesday during downtime...

    "There are a number of eve isk online things wrong with the assertions being made in other forums, which is a topic I'm sure the author of these posts is familiar with because we discussed them prior to cheap eve isk his rather selective reporting of the incident. Here's the facts as we need be concerned from an eve perspective: