pokemon sue

Since the early days of Dungeons & Dragons through the current (and already fading) Pokémon Go craze, gaming enthusiasts have been known to get intensely wrapped up in their virtual play-worlds. Some Poké players, in fact, are now hacking the game to create unique interfaces and automated options, a fact that has the company behind the game threatening to sue their own users. Is this an example of a big corporation abusing fans of its products, or are these hackers actually doing something malicious?

Who will sue?

While the Pokémon Company manages, licenses, and publishes/co-publishes games, the brand and trademarks associated with Pokémon belong entirely to Nintendo. The Pokémon Company itself is owned in part by Nintendo, together with developers Game Freak and merchandisers Creatures (in proportions that are not publicly disclosed).

Nintendo, the Pokémon Company, and a Silicon Valley company called Niantic combined forces to develop Pokémon Go. Cease and desist letters have been sent by the Pokémon Company to the aforementioned hackers, while player bans seem to be coming from Niantic. It appears that all of Pokémon’s owners are united in their commitment to retain full their control of the game.

Cease and desist

The first volley was fired on July 28, when a GitHub user identified as Mila432 received a cease and desist letter from the game’s creators. Mila432 had released an API (application program interface)—a set of routines, protocols, and tools for building software applications that specifies how software components should interact online—at code repository GitHub, and it clearly left the Pokémon Go owners feeling litigious.

And little wonder: Mila432’s API allows any third-party developer to create bots that could play the game without user input by effectively simulating the software and communicating with the game’s servers. This would enable users to advance in the game without actually playing it. Bad sportsmanship for sure, but is it illegal?

According to the cease and desist letter, such APIs violate Pokémon Go terms of use and terms of service (you know, those screens of legalese that everyone scrolls past before clicking “Agree” when they first sign up for a new game). Further, they claim that the API is a potential violation of the Computer Fraud and Abuse Act, which prohibits the unauthorized access of servers. It’s a law that has been widely applied (and criticized as overreaching).

On August 8, Ahmed Almutawa, the creator of the most popular Pokémon Go API (a mapping API that made it easier to find Pokémon), also received a cease and desist letter. Like the one received by Mila432, this letter used language that seemed to build on the Facebook v Power.com case, in which a U.S. District Court ruled that once a company had sent a cease-and-desist notice, any further access was a CFAA violation.

Almutawa pulled his API, stating that the threat of legal action had spoiled his enjoyment of the game and his API. Mila432, however, remained defiant, and has been permanently banned from the game.


The game is not just taking a hard line with hackers. In mid-August, Niantic began an aggressive campaign to eliminate players who violate the game’s terms of service. There are all kinds of violations, but the bans have primarily been directed at cheaters who rely on GPS spoofing, bots like those enabled by Mila432, and other hacks that let players get around Niantic’s design parameters. (GPS spoofing is a hack that lets users trick their phone into believing it is in a different location. In Pokémon Go, which is a geographically specific game, this would allow a user to collect Pokémon that can’t be found where the user actually is.)

It’s just a game. What’s the problem?

Cheating at a video game certainly seems lame, and in some cases may be illegal, but what harm does it really do? Plenty.

For one thing, bots can put a strain on game servers, requiring companies to invest in more hardware and adding to maintenance costs. And then there’s the impact on revenue. Games like Pokémon Go, which users download for free, make money when players opt for “in-app” purchases of tools and tips. But gold farmers—third-party gamers and bots who accumulate vast sums of in-game cash and goods that they sell on the black market for real money—cut into the game makers’ market.

Also, while some hackers, like Almutawa, are super-enthusiasts bent on enhancing game play, other API creators have more nefarious goals. Pokémon Go collects a disconcertingly vast amount of data on its users, which is an irresistible draw for identity thieves. Many critics claim it’s only a matter of time before hackers break into Niantic’s databases, but in the meantime, game hacks have proven to be a very effective carrier for malware.

In fact, Pokémon Go seems to have softened its stance in recent days. Recognizing that some users may not have realized that downloading game hacks came with legal risks, Niantic began reversing some user bans at the end of August. Banned users who want to be reinstated can petition online.

So a truce might be in the offing, at least until the next craze—and the next batch of enthusiastic hackers—comes online.

Image courtesy of Aitor Serra Martin / Shutterstock.com