In context: It's never been a secret that multiplayer game development studios aren't massive fans of hackers. Both studios and cheat makers are locked in a perpetual arms race, with both sides gaining only temporary advantages before eventually being thwarted by the other. Seeking a more permanent solution to some of its cheater woes, Bungie last year leveled a lawsuit against hack creator AimJunkies. However, AimJunkies hasn't taken the suit lying down -- in response, the suit's defendants have filed a counterclaim accusing Bungie of hacking them.
If you're scratching your head in confusion, here's some clarity: when we say hacking, we don't mean that a group of Bungie developers hopped into a Destiny 2 PvP lobby with the AimJunkies team and collectively switched on aimbot. AimJunkies is accusing Bungie of hacking the personal machine of one of its team members: James May.
According to May and evidence contained within AimJunkies' countersuit, Bungie accessed his machine several times between 2019 and 2021. May believes this constitutes a violation of the Computer Fraud and Abuse Act. The CFAA is a piece of US legislation that was first enacted in 1986. Its primary directive is to prohibit intentional entry into a computer system without authorization or 'in excess of authorization.' The legislation has seen several amendments over the years, each intended to address the rapid advancement of computing technology and the implications this advancement has on security.
The wording of the legislation places a heavy emphasis on a specific class of "protected" computers, particularly those used by financial institutions or the US government. However, the CFAA is employed far more broadly than that.
At any rate, in addition to using this alleged access to read his system data and personal files, May also claims that Bungie used it to conduct surveillance on other employees working at AimJunkies' parent company Phoenix Digital.
Although Bungie's current user agreement does allow it to scan its players' machines to detect cheat software, that was not always the case. According to a counterclaim filed by May, the version of Bungie's 'Limited Software License Agreement' he signed during the periods the developer accessed his machine did not contain any language authorizing such an intrusion.
The CFAA argument is not the only one May and co have come armed with. After dodging a DMCA argument itself in the original suit filed by Bungie, Phoenix Digital has turned the tables and claimed that it is, in fact, Bungie that has run afoul of DMCA legislation.
Phoenix Digital's user-facing TOS and the DMCA contain language preventing software reverse engineering, yet that's precisely what the company says Bungie did in this case. According to Phoenix Digital, an individual operating under the alias "Martin Zeniu") reverse-engineered and decompiled one of the company's Destiny 2 hacking products after purchasing a license (and thus agreeing to its terms).
It remains to be seen which side will ultimately win out here. We certainly aren't equipped to make any legal judgments here, but it's probably safe to say that this case isn't as clear-cut as you might think. Nonetheless, we'll keep you updated on the situation if any major developments come to light.