Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy

by John W. Bagby Prof. of IST Penn State Abstract

Virtual environments such as Second Life have progressed to include claimed resident populations in the missions. Using simulated versions of persons (avatars) and institutions (e.g., virtual banks, virtual financial regulators), these environments fuse gamesmanship with some real-world behaviors that raise many interesting social and economic questions. Research into virtual environments holds promise to provide a test bed for simulating economic activities that can provide insights into the real world of financial information control. This project uses doctrinal legal research and public policy analysis to evaluate the application of traditional real-world law and financial services regulation to financial activities in virtual environments. After major areas of public policy, regulation and law are overviewed with a view to establishing the breadth and depth of traditional law topics as the major constraints and opportunities impacting virtual finance, the potential for money laundering in virtual environments is explored.

Introduction
Virtual environments are considered by many as no more than fantasy 1 games with little real-world impact. However, this is short sighted. These massively multiplayer online role-playing games (MMORPG or Morpeg) and the other massively multiplayer online games (MMOG) have proliferated in recent years. The distinction between their hypothetical impact and real-world impact is blurring. 2 While Second Life from Linden Labs claims to be distinguishable from other MMORPGs, the success of Second Life is a useful exemplar that will be invoked in this paper to illustrate the potential impact of all MMORPGs and MMOGs. Second Life claims nearly 13 million residents. 3 When estimates of regular participation in other MMOG is also

Key Words:
banking regulation, counterfeiting, counter terrorism, EULA, financial information assurance, gamblinggaming, ISP duties, investigations, metadata, money laundering, online contracting, online markets, risk management, IP, law enforcement, political economy, pre-trial discovery, prediction markets, racketeering, virtual environments

This project has included prior research was presented at the conference, Playing to Win: The Business and Social Frontier of Videogames, Penn State Outreach program of the College of Communications, April 4, 2008, see Bagby , John W., Public Policy in the Virtual World: Imagining How It Could Curb Your w00t. The term wt is apparently recently coined idiom referring to the joy experienced by hackers when penetrating system defenses, but also increasingly serves as an expression of triumph for online gamers, see Szep, Jason, w00t crowned word of year by U.S. dictionary, Reuters, Dec. 11, 2007 accessible at: http://www.reuters.com/article/internetNews/idU SN1155159520071212 2 Castranova, Edward, SYNTHETIC WORLDS: THE BUSINESS AND CULTURE OF ONLINE GAMES (University of Chicago Press, 2005). 3 As of 3.18.08, Linden Labs claims 12,882,479 residents, defined as a uniquely named avatar with the right to log into the Second Life world, trade Linden dollars and visit the Community pages. Casual users without official registration may amount to many more potential resident candidates. http://secondlife.com/whatis/economy_stats.php

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
considered, 4 and even after adjustments are made for overlap among single players participating in multiple environments, it is clear that MMOGs are significant activities worthy of analysis using public policy. This paper will analyze virtual environmental policy issues by discussing end-user license agreements (EULA), user property rights and the accompanying financial services that enable exchange in the new markets created. This paper first explores the range of law, regulation and public policy concerns likely to constrain and enable online and virtual financial transactions and institutions. Next, recent case law from the real world directly concerning virtual environments is integrated into this framework to identify the pressing policy issues that may impact virtual finance. For example, the courts are grappling with the recognition that disputes arising in virtual environments are susceptible to resolution by courts or arbitration. Another interesting problem accompanies user development and modification of characters and virtual environmental elements protectable under copyright, trademark or other intellectual property (IP) scheme. Markets for goods, services and financial transactions have developed in virtual environments raising the question of enforceability of agreements among users, the development of virtual property rights, the difficulties of developing new mediums of exchange by the virtual environment or by users
4

(e.g., scrip, Linden Dollars) and the effectiveness of virtual finance regulatory institutions. For example, such markets suggest that banking and contest restrictions may impede some business models that facilitate user conversion of virtual currencies to real world currencies. The matters introduced above, as well as others likely to arise in virtual environments, have led to real world litigation and regulatory enforcement analyzed in this paper. The end user licensing agreements (EULAs) adopted by virtual environments, most notably the Linden Lab Terms of Service (ToS), are analyzed. A select group of key EULA provisions are assessed within the policy framework of virtual environments described above as they impact the stability of managing virtual environments and as they provide for fair and balanced approaches to the resolution of future policy problems likely to arise as virtual environments flourish. This analysis is used to inspire prediction of how public policy in the real world can benefit from simulated activities in virtual environments. It is anticipated that experience with virtual finance can aid in setting standards in the real world. Virtual environments encourage creativity clearly within traditional intellectual property rights (IP) regimes. For example, users develop and modify characters and virtual environmental elements or virtual objects protectable under copyright, trademark or other IP schemes. In the medieval genre of some pioneering virtual environment games, a user might develop an avatar, assets (sword, bomb, land, clothing, currency) 2

Bruce Sterling Woodcock (b.1970, Missouri) is a video games industry analyst who tracks participation of users in massively multiplayer online games on this website: http://www.mmogchart.com/

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
and develop a reputation possibly expressed as experience points but somewhat equivalent to traditional goodwill. It seems clear that at least some Second Life users intend to straddle between this virtual environment and the real world given the incentives to build profitable business models around innovative activities. 5 A tension is noted on how well the objectives of some virtual environment participants can be accommodated, that is, the insistence that virtual environments should and can remain isolated or secede from traditional public policy influences. The interaction among various potentially applicable domains in law strongly suggests that piecemeal and focused inquiry on particular issues is unlikely to develop a coherent profile of virtual environment public policy. Further cyber-libertarian 6 inspired insistence on the separation of virtual environments from the real world will only serve to complicate the transparency and fairness of the likely interactions among such policy concerns. 7

Penetrating vWorlds with Policy: Jurisdiction - the Threshold Challenge

Alternative dispute resolution (ADR) is generally favored under U.S. federal law 8 even to the exclusion of contrary state law. 9 To the extent that virtual environments have valid provisions concerning the choice of law and choice of forum, including ADR largely deploying arbitration, such provisions should generally be enforceable absent violation of a compelling public policy. Indeed, online dispute resolution (ODR) is a growing phenomenon, 10 as exemplified by the cost-effective, online arbitration-like trademark infringement process: the Uniform Domain-Name Dispute Resolution Policy (UDRP) sponsored by the International Corporation for Assigned Names and Numbers (ICANN). 11 There appears no
Federal Arbitration Act, 9 U.S.C. 1-16, 201-208, and 301-307, 43 Stat. 883, amended Pub. L. 101369, Aug. 15, 1990, 104 Stat. 450, and Pub. L. 91368, July 31, 1970, 84 Stat. 693,. 9 Arbitration agreements are generally enforceable and state laws hindering enforcement of arbitration agreements are preempted, but state laws defining arbitration processes are not covered by pre-emption provisions of the Federal Arbitration Act, see Southland Corp. v. Keating, 465 U.S. 1 (1984); Mitsubishi Motors Corp. v. Soler ChryslerPlymouth, Inc.473 U.S. 614 (1985); Perry v. Thomas, 482 U.S. 483 (1987); Volt Info. Scis. v. Bd. of Trs., 489 U.S. 468 (1989); Allied-Bruce Terminix Cos. v. Dobson, 513 U.S. 265 (1995); Doctor's Assoc., Inc. v. Casarotto, 517 U.S. 681 (1996). 10 Katsh, E. E., Katsh, M. E., and Rifkin, J. ONLINE DISPUTE RESOLUTION: RESOLVING CONFLICTS IN CYBERSPACE, John Wiley & Sons, Inc. (New York, 2001).
11 8

Sinrod, Eric J., When virtual legal chickens come home to roost, Nov. 8, 2007, c|net, news.com accessible at: http://www.news.com/When-virtual-legalchickens-come-home-to-roost/2010-1043_36217255.html 6 Winner, Langdon, Cyberlibertarian Myths And The Prospects For Community, ACM SIGCAS Computers and Society, Vol.27, No.3 (September 1997). See also Epilogue at the end of this paper. 7 See generally Duranske, Benjamin Tyson, VIRTUAL LAW: NAVIGATING THE LEGAL LANDSCAPE OF VIRTUAL WORLDS (forthcoming: April 2008; ISBN: 1-60442-009-X, Am.Bar Assn.).

Uniform Domain Name Dispute Resolution Policy, ICANN (August 26, 1999, published October 24, 1999); see generally Bagby, John W. & John C.

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
compelling reason to bar well-conceived ADR or ODR techniques from virtual environments. However, as discussed below, ADR provisions and ADR practices must meet minimum standards of fairness. developer and service provider of adultthemed avatars 15 used in Second Life. Eros claims to advertise and promote its virtual sex toys under the mark SexGen and further claims to be among the most successful merchants selling virtual objects in Second Life selling thousands of items in interstate commerce. 16 Eros claimed copyright and trademark infringement by various in world personas. In the New York litigation, identifying and serving defendant
The term avatar is derived from ancient Hindu philosophy referring to the incarnation or bodily manifestation of a divine being. In modern usage, avatar refers to virtual objects, personas or directed animation that represent the appearance, personality and powers of users as they have adorned themselves in the virtual environment. Therefore, a users avatar is unlikely to exactly mirror the users real-life persona because virtual worlds appear to encourage users to live out their fantasies adopting aggrandized personifications as manifest in avatars with special characteristics. For example, normal users may adopt avatars with greater beauty, strength, intelligence and wealth than the user possesses in the real world. This fantasy improvement may be precisely the allure of virtual environments enabling the users human shortcomings to be largely overcome through the unique design and development of avatars as intellectual property as well as the purchase of superior avatars in virtual transactions using legal consideration inherent in virtual transactions. See e.g., Damer, B., J. Judson, J. Dove, AVATARS!; EXPLORING AND BUILDING VIRTUAL WORLDS ON THE INTERNET, (1997 Peachpit Press, Berkeley) and Barfield, Woodrow, Intellectual Property Rights in Virtual Environments: Considering the Rights of Owners, Programmers and Virtual Avatars, 39 Akron L. Rev. 649, 649 (2006). 16 Eros LLC v. Thomas Simon, 1:07-cv-04447SLT-JMA (E.D.N.Y. Oct. 24, 2007) Complaint at 4. http://www.virtuallyblind.com/files/07_10_24_er os_et_al_v_simon_complaint.pdf
15

Litigation Among Users

Despite the clear preference by participants in virtual environments to avoid disputes altogether or to settle disputes using ADR/ODR, such disputes are nevertheless migrating to the courts as exemplified by the Eros SexGen cases filed or disposed in various federal courts, including New York 12 and Florida, 13 as well as interpretations of the ToS for Linden Research (Linden ToS) in the Bragg case in the Eastern District of Pennsylvania. 14 Consistent with many pioneering cyberlaw matters (e.g., jurisdiction, electronic payments, intellectual property, obscenity/indecency), the Eros cases may become the seminal virtual environment precedents by conferring jurisdiction on the courts in the inevitable issues raised. Eros is the
Ruhnka, Turmoil in dns Governance and its Merger into Trademark Law, electronic proceedings of the 32nd Telecommunications Policy Research Conference, Oct.1 3, 2004, accessible at http://web.si.umich.edu/tprc/papers/2004/378/TP RC-04-tmDomNaMergerFinal.htm 12 Eros LLC v. Thomas Simon, 1:07-cv-04447SLT-JMA (E.D.N.Y. Oct. 24, 2007) accessible at http://www.virtuallyblind.com/files/07_10_24_er os_et_al_v_simon_complaint.pdf 13 Eros LLC v. Leatherwood, No. 8:07-CV01158 (M.D. Fla. filed July 3, 2007) accessible at: http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/1/0 .pdf 14 Bragg v. Linden Research, Inc., 487 F. Supp. 2d 593 (E.D.Pa. May 30, 2007).

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
Thomas Simon was simple, particularly when compared with Eros challenges in the Florida case discussed next. 17 In New York, Eros and other named plaintiffs claim that Simon, who goes by the pseudonym Rase Kenzo in world, participated in a conspiracy with others to infringe trademarks and copyrights of Eros and the other plaintiffs. 18 The parties in the New York case consented to the entry of judgment and order compelling Simon to pay $525 in damages, certifying Simons destruction of infringing copies of virtual properties, imposing a permanent injunction against Simons future infringement, imposing confidentiality about the settlement and its terms, and permitting access to Simons PayPal financial records and Linden Labs transaction records to verify compliance. The Florida litigation more clearly illustrates the real world costs of pursuing the users assuming disguises while operating inside the virtual
Thomas Simon is identified as an individual residing at a revealed address on 120th St. in Flushing New York, Eros LLC v. Thomas Simon, 1:07-cv-04447-SLT-JMA (E.D.N.Y. Oct. 24, 2007) Complaint at 2. http://www.virtuallyblind.com/files/07_10_24_er os_et_al_v_simon_complaint.pdf 18 The DE Designs claims against Thomas Simon concern trademark infringement of virtual items such as clothing, Complaint at 6. The RH Designs claims involve copyright infringement of virtual home furnishing accent pieces, Complaint at 7. The Le Cadre Network claims copyright infringement of stylish virtual shoes and boots, Complaint at 9. The Nomine claims involve copyright infringement for avatar skins, Complaint at 11. The Pixel Dolls claims allege copyright infringement of clothing Complaint at 12. Most of these claims allege notoriety and news media coverage reinforcing their products favorability.
17

environment (i.e., in world). Initially brought against unnamed John Does, Eros was forced repeatedly to amend its complaint as well as seek subpoena power against ISPs, TelCos, online payment services and VEOSPs before the defendants true identity was eventually discovered. Indeed, victims of wrongful acts in the virtual world continually confront layered obstacles in identifying wrongdoers identities, residences and asset locations and these difficulties can be more formidable than is typically encountered by litigants in the real world. 19 Defendant Leatherwood allegedly failed to appear or plead, operated under misleading pseudonyms 20 (e.g., Volkov Catteneo,
At least two components of transaction costs are at work here: 1st the out of pocket expenses for private investigatory work both expended pre-filing and during pre-trial discovery can be extensive but usually are needed to gain some foothold in the litigation traditionally filed against John or Jane Does; 2nd the extensive pretrial discovery motion practice, subpoena justification and enforcement is a wellrecognized component of litigation costs often cited as the primary justification for tort reform. Such costs are nearly infeasible when the parties reside in different countries, particularly if defendants reside in nations hostile to private civil litigation or are hostile to the economic interests of opponents from some particular nations. 20 Many Morpeg participants use pseudonyms different from their own names. While it is unclear whether anonymity is the primary motivation, such pseudonyms may also serve a suggestive function hinting at some feature of their avatar or of the in world reputation they seek to build, maintain and enhance. For example, Eros CEO Alderman admittedly operates in world under the pseudonym of Stroker Serpentine, arguably a patently obvious sexual reference. Eros LLC v. Leatherwood, No. 8:07-CV-01158 (M.D. Fla. Filed July 3, 2007) (complaint at 3) accessible at: http://docs.justia.com/cases/federal/district19

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
Aaron Long) yet admitted infringement to a Reuters reporter inside Second Life. Eros encountered resistance from both VEOSP-Linden Labs and online payment service - Pay Pal in Eros attempt to discover Leatherwoods real world identity. Further difficulties were encountered from AT&T and Charter Communications 21 under these Internet Service Providers (ISP) privacy policies resisting the revelation of Leatherwoods true identity absent a subpoena. 22 In one virtual news report, Leatherwood made defiant claims that in world he had no financial exposure, held an unidentifiable real world identity, had misrepresented his identity to Linden Labs and thus boasted he was beyond reach of real world justice. 23 Eros preempted any threat that Linden Labs might assert the privacy right to undertake anonymous speech by briefing the exception in motions for subpoenas and Eros OSP subpoenas were immediately granted. The right to make anonymous speech under the First Amendment is qualified, particularly in pre-trial litigation when anonymity would create injustice. 24 In granting Eros various discovery motions, the Florida court impliedly holds that hiding behind pseudonyms to shield wrongful acts is not protected anonymous speech when there is (i) a prima facie claim of actionable harm, (ii) discovery request is specific, (iii) no reasonable alternative means exists to obtain the subpoenaed information, (iv) the party advancing the claim needs the subpoenaed information and these four factors are balanced against the other partys reasonable expectation of privacy. 25 Eros IP infringement claims were sufficient prima facie, Eros sought narrow and specific information essential to identifying Leatherwoods identity and Eros had undertaken considerable alternative investigatory expense already. Leatherwoods claim of privacy would be trumped by his OSPs policy of respect to court orders or other legal process thereby defeating any reasonable expectation of privacy. 26
See Reuters, Eric, SL business sues for copyright infringement, Reuters/Second Life News Center, July 3, 2007 accessible at http://secondlife.reuters.com/stories/2007/07/03/ sl-business-sues-for-copyright-infringement 24 See e.g., Sony Music Ent. Inc. v. Does 1-40, 326 F.Supp. 2d 556 (S.D.N.Y. 2004). 25 Id. at 564-5. 26 Sony Music, 326 F. Supp. 2d at 566-67; In Re Verizon Internet Servs., Inc., 257 F. Supp. 2d 244,260-61 (D.D.C. 2003), rev'd on other
23

courts/florida/flmdce/8:2007cv01158/202603/1/0 .pdf 21 Eros investigation initially obtained Internet protocol (IP) addresses from which Leatherwood allegedly conducted infringement of Eros IP. AT&T and Charter initially declined to provide Leatherwoods real-world contact information Eros sought (name, address, telephone number, email address, payment information) including additional unique identifiers such as Media Access Control (MAC) and Ethernet Hardware Addresses (EHA) directly associated with Leatherwoods IP addresses. MAC and EHA numbers allow identification of the actual computer or other computer hardware associated with the use of a particular IF address. Eros LLC v. Leatherwood, No. 8:07-CV-01158 (M.D. Fla. filed Oct. 24, 2007) (ex parte emergency motion for discovery filed Sept. 4, 2007) accessible at: http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/9/0 .pdf 22 Eros LLC v. Leatherwood, No. 8:07-CV01158 (M.D. Fla. filed Oct. 24, 2007) (order granting subpoenas Sept. 5, 2007) accessible at: http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/10/ 0.pdf

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy Litigation with vEnvironment Sponsor
A significant dispute resolution case brought directly against Linden Research also illuminates the difficulties of ADR and ODR choice of forum and choice of law terms in Morpeg EULAs. Indeed, the Bragg v. Linden Research case was particularly troublesome for the Linden ToS. 31 Pennsylvania attorney Marc Bragg, was a registered Second Life user for nearly two years, having purchased various virtual properties, including a parcel of virtual land named Taessot and also became engaged in virtual fireworks sales. In May 2006, Braggs account was frozen following a Linden email allegation of Braggs fraudulent virtual land transaction improperly purchased through an exploit. Second Life seized his property and suspended his membership effectively confiscating his Second Life participation, virtual property and virtual currency. 32 The Linden ToS required arbitration of such claims but the trial court invalidated the EULAs arbitration provisions holding them both procedurally and substantively unconscionable. 33 Like other Second Life users, Bragg manifest mutual assent to Linden ToS through a clickwrap. 34 The general
31

The default judgment in Eros validates both jurisdiction and justiciability claims in virtual environment disputes. A default judgment 27 and later reported settlement 28 in the Leatherwood case signals at least two important procedural points. 29 First, property interests and transactions seemingly limited to virtual environments nevertheless spill over into the real world and become enforceable in real world tribunals. Second, the demographic profiles of at least some virtual world users is such that full participation in real world tribunals may be incomprehensible or discouraged as too costly and may be misperceived as insignificant. 30

grounds Recording Indus. Ass'n ofAmerica, Inc. v. Verizon Internet Servs., Inc., 351 F.2d 1229 (D.C. Cir. 2003). 27 Eros LLC v. Leatherwood, No. 8:07-CV01158 (M.D. Fla. filed Oct. 24, 2007) (default judgment entered Nov. 16, 2007) accessible at: http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/15/ 0.pdf. 28 Settlement of default judgment likely brings something more to the table. Among the possible new factors might be a heightened probability of Eros loss on appeal regarding the discovery of Leatherwoods identity, some weakness in the IP claims or an unknown collateral claim. 29 Eros LLC v. Leatherwood, No. 8:07-CV01158 (M.D. Fla. filed Oct. 24, 2007) (default judgment entered Nov. 16, 2007) accessible at: http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/15/ 0.pdf. 30 News reports from in world illustrate that Leatherwood was a nineteen year old with little respect for legal process or its impact. See Reuters, Eric, Volkov Catteneo: Yes, I am Robert Leatherwood, Reuters/Second Life News Center, Mar. 3, 2008 accessible at http://secondlife.reuters.com/stories/2008/03/06/ volkov-catteneo-yes-i-am-robert-leatherwood/

Bragg v. Linden Research, Inc., 487 F. Supp. 2d 593 (E.D.Pa. May 30, 2007). 32 Id. at 597. 33 Id. at 611. Judge Robreno openly expressed that concerns with procedural unconscionability are somewhat mitigated by Bragg's being an experienced attorney. 34 Specht v. Netscape, 150 F.Supp.2d 585 (.D.N.Y.2001) (This principle of knowing consent applies with particular force to provisions for arbitration.).

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
enforceability of clickwrap as assent offers huge transaction cost savings 35 to those deploying the electronic agents36 underlying the clickwrap, such as many Morpegs. However, clickwrap scriveners run similar risks as does any opportunist taking personal, first mover advantage to set terms. Foremost among these is the other partys ignorance of the significance of issues involved in any particular term and the more general trivialization of all terms when standardized forms are repeatedly deployed. Scrivener issues have plagued many forms of boiler plate as evident in this comparison between clickwrap and shrink-wrap licenses: Purchasers of packaged software and web sites frequently prevent use of the software or access to a website unless the user clicks affirmatively I Agree during software installation or before accessing website content. Packaged software using a clickwrap license can record the assent on the users computer, although it is more reliable to transmit the assent back to
See e.g., Kuttner, Robert, The Net: A Market Too Perfect for Profits, Bus. Wk., May 11, 1998, at 20 (arguing ubiquitous Internet information weakens seller profit opportunities that are based on persistent asymmetric information due to expected search costs). 36 Electronic Agents are defined in at least three U.S. laws of general application as a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part without review or action by an individual at the time of the action or response. 15 USCS 7006(3) (2006) (Federal E-SIGN) see also similar treatment of electronic agents in UNIFORM ELECTRONIC TRANSACTIONS ACT (UETA) and UNIFORM COMPUTER INFORMATION TRANSACTIONS ACT (UCITA).
35

the seller during online registration through the users modem or Internet connection. Websites requiring clickwrap assent may cause an immediate transmission of the agreement back to the website operator. The clickwrap is similar to the shrink-wrap because both impose standardized licensing terms to which users agree by conduct. Clickwraps are likely to be enforceable under the same standards applicable to shrink-wraps. However, both may be vulnerable to invalidation as unconscionable or an adhesion contract. 37 Bragg agreed to an arbitration clause that was buried, at that time, in the Linden ToS under a catch-all heading General Provisions. 38 When Bragg sought to

Bagby, John W. & F. William McCarty, THE LEGAL AND REGUALTORY ENVIRONMENT OF EBUSINESS: LAW FOR THE CONVERGING ECONOMY, (West, 2003) at 306. 38 Linden has since made separate and more conspicuous their choice of law, choice of forum and arbitration provisions, and, in addition, arbitration is no longer mandatory. DISPUTE RESOLUTION If a dispute arises between you and Linden Lab, our goal is to provide you with a neutral and cost-effective means of resolving the dispute quickly. Accordingly, you and Linden Lab agree to resolve any claim or controversy at law or in equity that arises from or relates to this Agreement or our Service (a "Claim") in accordance with one of the subsections below. 7.1 Governing Law. This Agreement and the relationship between you and Linden Lab shall be governed in all respects by the laws of the State of California without regard to conflict of law principles or the United Nations Convention on the International Sale of Goods.

37

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
challenge the seizure of his property more conveniently in Pennsylvania state court, Linden sought removal to federal
7.2 Forum for Disputes. You and Linden Lab agree to submit to the exclusive jurisdiction and venue of the courts located in the City and County of San Francisco, California, except as provided in Subsection 7.3 below regarding optional arbitration. Notwithstanding this, you agree that Linden Lab shall still be allowed to apply for injunctive or other equitable relief in any court of competent jurisdiction. 7.3 Optional Arbitration. For any Claim, excluding Claims for injunctive or other equitable relief, where the total amount of the award sought is less than ten thousand U.S. Dollars ($10,000.00 USD), the party requesting relief may elect to resolve the Claim in a cost-effective manner through binding non-appearance-based arbitration. A party electing arbitration shall initiate it through an established alternative dispute resolution ("ADR") provider mutually agreed upon by the parties. The ADR provider and the parties must comply with the following rules: (a) the arbitration shall be conducted, at the option of the party seeking relief, by telephone, online, or based solely on written submissions; (b) the arbitration shall not involve any personal appearance by the parties or witnesses unless otherwise mutually agreed by the parties; and (c) any judgment on the award rendered by the arbitrator may be entered in any court of competent jurisdiction. 7.4 Improperly Filed Claims. All Claims you bring against Linden Lab must be resolved in accordance with this Dispute Resolution Section. All Claims filed or brought contrary to this Dispute Resolution Section shall be considered improperly filed. Should you file a Claim contrary to this Dispute Resolution Section, Linden Lab may recover attorneys' fees and costs up to one thousand U.S. Dollars ($1,000.00 USD), provided that Linden Lab has notified you in writing of the improperly filed Claim, and you have failed to promptly withdraw the Claim. See the Linden ToS, accessible at http://secondlife.com/corporate/tos.php

court and then sought enforcement of the arbitration agreement. The then extant dispute resolution provisions of the Linden ToS were both procedurally and substantively unconscionable. Procedural unconscionability addresses the cognition, consideration and negotiation of the suspect clause(s) and is shown by (1) oppression through the existence of unequal bargaining positions or (2) surprise through hidden terms common in the context of adhesion contracts. 39 Lindens ToS were arguably tainted under both forms of procedural unconscionability, first, the unequal bargaining, non-negotiable, take-it-orleave-it terms, were exacerbated by a lack of alternative Morpegs and second, the arbitration clause was a hidden component, tantamount to an adhesion contract, given that Lindens placed it in a miscellaneous or catch-all category. Substantively unconscionable provisions are overly harsh or one-sided results that shock the conscience such as in the weaker bargaining position of Second Life users in relation to Linden (mutuality). As scrivener, Linden retained self-help remedies which were manifest in freezing Braggs account and confiscating Braggs property. By contrast, Bragg was only entitled to arbitration. When this one-sided remedies situation is combined with the costs of arbitration, the remoteness of the California venue and the scriveners strategic advantage in dispute resolution from confidential arbitration, these
39

Comb v. Paypal, Inc., 218 F. Supp. 2d 1165, 1172 (N.D. Cal. 2002) (applying California law of unconscionability to PayPal arbitration clause).

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
factors combine to a substantive unconscionability. 40 component(s): (1) private property rights and (2) enforceability of contracts. The first component is the existence of private property rights because they attract investment by individuals and other rights holders (e.g., corporations). Individuals, when entitled to capture the fruits of their labor and ingenuity, have stronger incentives to divert time and energy from other pursuits to concentrate on projects with promise for success. A key component to this benefit capture is the exclusion of others from enjoying the benefits. The clear corollary in virtual environments is that intellectual property (IP), as one of the two primary forms of private property in virtual environments, is optimized when adequately incentivized. Indeed, the enforceability of IP and trade in IP lies at the heart of the Linden litigation discussed in this paper. The second component is the enforceability of contracts. The enjoyment and incentives from property rights are limited unless such private property rights are alienable. The attractiveness of creating and holding property is enhanced as markets develop to trade property rights and reliable media of exchange can be deployed to facilitate the clearance of transactions in these markets. A clear corollary is that markets are viewed as reliable and efficient when they meet various conditions of transparency, open access and reliability. Law has traditionally supplied various methods to reinforce these market factors, such as through enforceable duties of non-deception, fairly universal access reducing the barrier to entry into markets by most buyers and sellers and the enforceability 10

Raising the vStakes: Real IP, Real Money & Real Markets
A common mantra for the success of democratic capitalism holds that the enforceability of private property rights is essential to the creation of markets and thus the inherent incentives towards innovation and excellence that characterize the success of the American experience. 41 Assuming these conditions are also necessary for the growth and vitality of virtual environments, 42 then the legal issues discussed above underscore at least two major components to this precondition, including some additional subJudge Robreno openly expressed that concerns with procedural unconscionability are somewhat mitigated by Bragg's being an experienced attorney. 41 See e.g., Younkins, Edward, The Conceptual Foundations of Democratic Capitalism, The Social Critic (Winter 1998) and sources cited therein. 42 Contrary arguments to enforceability of private property rights as pre-condition to virtual world order might be asserted. Virtual environments flourished before any development of the caselaw discussed herein. Therefore, there must be alternative sufficient conditions that incentivized participation. For example, the incentive to engage in gaming is often tied to innate needs for socialization or that virtual environment activities offer other intrinsic rewards, such as amusement and pleasure. Perhaps these are sufficient motivators without reference to classic economic incentives. However, it may no longer be necessary to construct conceptual justification for virtual environment participation. The interposition of real world stakes now likely explains at least some in world activity. As more participants personally bear the wealth effects of their in world activities, traditional economic concepts become plausible, a mix of incentives seems likely just as exist in the real world.
40

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
of contracts underlying all such market transactions. The following discussion will use the democratic capitalism framework for the analysis of public policy applicability to virtual environments. However, rather than argue that virtual environments necessarily depend on enforceable private property, the following presumes some portfolio of incentives including enforceable private property. A stronger link between democratic capitalism and public policies of virtual environments can be drawn given two factors. First, the evolving Linden ToS clearly subsume and apply enforceable private property rights. Arguably, the success of Second Life depends on a social ordering derived from familiar public policy. Second, the expectations of Morpeg users are likely evolving to include free market transactions in the virtual IP using barter, media of exchange (e.g., L$) and the convertibility of virtual currency into real-world currency. The next sections discuss the property rights aspects of these market facilitating conditions as adapted from the real world of democratic capitalism under copyright and trademark law. step enables Eros follow-on claim to ownership and legal protection of at least two of its virtual objects 44 that it registered under U.S. copyright law: 45 Item I the SexGen Platinum Base Unit v4.01 and Item II the SexGen Platinum+Diamond Base v5.01. Eros further alleged willful conduct entitling Eros to injunctive relief, impound of infringing items, actual damages, interest and attorneys fees for alleged copying, displaying, distributing and selling copies of the Items without Eros's authorization. 46 Similar allegations were made in Simon, the New York Eros case, including infringing sales, misrepresentation of origin, palming off and goodwill damage and several claims under conspiracy theories. 47
create in Second Life, to the extent that you have such rights under applicable law. However, you must make certain representations and warranties, and provide certain license rights, forbearances and indemnification, to Linden Lab and to other users of Second Life. In detailed commentary, the Linden ToS retains to Second Life a royalty-free, worldwide, fully paid-up, perpetual, irrevocable, non-exclusive right and license to use, reproduce and distribute your Content within the Service as permitted by you through your interactions. 44 Eros LLC v. Leatherwood, No. 8:07-CV01158 (M.D. Fla. filed July 3, 2007) amended complaint at 4 accessible at http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/11/ 0.pdf 45 17 U.S.C.101 (2006). 46 Eros LLC v. Leatherwood, No. 8:07-CV01158 (M.D. Fla. filed July 3, 2007) amended complaint at 9 accessible at http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/11/ 0.pdf 47 Eros LLC v. Thomas Simon, 1:07-cv-04447SLT-JMA (E.D.N.Y. Oct. 24, 2007) accessible at http://www.virtuallyblind.com/files/07_10_24_er

IP in vWorld Expression
In Leatherwood, the Florida Eros case, Eros admits that the Linden ToS govern user participation in Second Life. For Eros this admission bootstraps IP rights because users retain IP rights in digital content created, inserted into or otherwise owned in world. 43 This first
43

Linden ToS 3.2 general rule: You retain copyright and other intellectual property rights with respect to Content you

11

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy ISP Duties of vEnvironment Sponsors
The U.S. has implemented at least two international copyright treaties with legislation following negotiations at the World Intellectual Property Organization (WIPO). In 1997, Digital Millennium Copyright Act (DMCA) represented the implementation to these two treaties: the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty. 48 The DMCA creates civil and criminal prohibitions against tampering with copy protection schemes or billing data accompanying digital works. Although no new exclusive right in the copyright bundle were added and the DMCA is not well-integrated into existing copyright law, the DMCA nevertheless has a substantial preemptory and in terrorem impact, particularly on I/OSPs. The DMCA provides penalties for interfering with the lock down 49 of works reinforcing technical access controls to protected works. The traditional focus of infringement was on unlicensed or unfair use of a work. Out of the DMCAs major provisions, (1) anti-circumvention rules, (2) anti-circumvention exceptions, (3) copyright management information and (4) the safe harbor for I/OSPs, the latter is well-documented in some Morpeg ToS. This section briefly discusses the Linden ToS focus on its implementation of the DMCAs take down provisions that enable I/OSPs to take advantage of the safe harbor. Several early Internet era laws recognized the extraordinary and unfair potential for I/OSPs in republishing defamatory, fraudulent, infringing or obscene materials by offering safe harbors. Like the Communications Decency Act, 50 the DMCAs safe harbor applies protects innocent I/OSPs when acting as a mere conduits for users misconduct. To fall within the DMCA safe harbor and not be liable for (contributory) infringement, the I/OSP must devise and enforce a program to terminate subscribers who repeatedly infringe and receive notice and take down of infringing content. Second Life would appear to have takedown policies and procedures directed to achieve this immunity. However, the I/OSP safe harbor is again involved in high stakes litigation, Viacom v. YouTube, so uncertainties and liability risks are likely to remain. 51 Second Life confirms a commitment to stay well within the DMCA safe harbor. The Linden ToS prominently display a heading for the DMCA. 52 Indeed, in an italic paragraph after the beginning paragraph, users are reminded that the DMCA is not an in world consequence: Please note that these [DMCA] notifications and counternotifications are real-world legal
47 U.S.C. 230(c) (2006). Viacom v. YouTube, 07 civ. 2103 (SDNY Mar.7, 2008) (denying punitive damages under copyright). 52 Linden ToS on the DMCA are accessible at: http://secondlife.com/corporate/dmca.php
51 50

os_et_al_v_simon_complaint.pdf see also pleadings collected at: http://dockets.justia.com/docket/courtnyedce/case_no-1:2007cv04447/case_id-274521 48 Pub. L. No. 105-304, 112 Stat. 2860 (Oct. 28, 1998). 49 See e.g., Julie E. Cohen, Lochner in Cyberspace: The New Economic Orthodoxy of Rights Management, 97 Mich.L.Rev. 462 (1998).

12

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
notices provided outside of the Second Life environment. Linden Lab may provide copies of such notices to the participants in the dispute or third parties, at our discretion and as required by law the privacy policy for Second Life does not protect information provided in these notices. 53 (emphasis added) Such a reminder of the of real-world laws is made no where else in the Linden ToS with the same force with the possible exception of European users obligation to remit the very-real world Value Added Tax (VAT). 54 Thereafter, detailed procedures are provided for filing notifications (takedown demands) and counter-notifications (complaints challenging takedown notification demands) including FAQs. Eros recited jurisdictional requirements under the Lanham Act of its use of the SexGen marks in interstate commerce since at least January 1, 2005, the promotion of its products under these marks, knowledge among market participants in world and press reporting in the real world of its marketing of products under these marks and that this exposure contributes to making this a famous and distinctive mark among the relevant consuming public. 58 Eros alleges Leatherwoods trademark infringement through willful false designation of origin, confusion, mistake and deception as to the origin, sponsorship or approval by Eros of Leatherwood's goods resulting in Eros damages from lost sales, the diversion of consumer interest, and injury to its business reputation and to the goodwill. 59

vBusiness Goodwill under Trademark

As with Eros copyright claims in Leatherwood, Eros admission of the Linden ToS enforceability bootstraps Eros trademark claims 55 of ownership and legal protection of its SexGen mark 56 for which it has applied for registration under U.S. trademark law. 57
Id. Linden ToS concerning VAT for European Residents, accessible at http://secondlife.com/corporate/vat.php 55 Supra note 44. 56 Eros LLC v. Leatherwood, No. 8:07-CV01158 (M.D. Fla. filed July 3, 2007) amended complaint at 4 accessible at http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/11/ 0.pdf 57 U.S. Trademark Application No. 77202601, described as: Scripted animation system utilizing a defined menu to actuate avatars within
54 53

EULAs Constrain User IP

The EULAs in various virtual environments vary considerably and
a virtual world accessed through a 3-dimensional virtual platform, USPTO file is accessible at http://tmportal.uspto.gov/external/portal/!ut/p/kc xml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKL N4r3CQXJgFieAfqRqCLGpqgiBvGOcAFfj_zc VP0goESkOVDE0MhHPyonNT0xuVI_WN9bP 0C_IDc0NKLc2xEAkgNVFQ!!/delta/base64xml /L0lJSk03dWlDU1lKSi9vQXd3QUFNWWdBQ 0VJUWhDRUVJaEZLQSEvNEZHZ2RZbktKM EZSb1hmckNIZGgvN18yXzEyTC8xNy9zYS5n b3YudXNwdG8udG93LmFjdGlvbnMuRGV0Y WlsVmlld0FjdGlvbg!!#7_2_12L 58 Eros LLC v. Leatherwood, No. 8:07-CV01158 (M.D. Fla. filed July 3, 2007) amended complaint at 3 accessible at http://docs.justia.com/cases/federal/districtcourts/florida/flmdce/8:2007cv01158/202603/11/ 0.pdf 59 Id. at 7. Eros sought injunctive relief, destruction of embodiments, treble damages, interest and reasonable attorneys fees.

13

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
few, with the notable exception of the Linden ToS, directly address how property rights are created, registered or transferred or how disputes among users are resolved. The EULAs of virtual environments tend to protect the service provider with provisions governing disputes between the I/OSP and users. With the clear exception of the mandatory arbitration provisions that Second Life was forced to revise in the Bragg case, the Linden ToS are particularly prescient in that many aspects of markets were foreseen and default mechanisms included to facilitate the creation of property rights. Although most have not yet, it can be expected that other Morpeg institutions will mimic at least some of the Linden ToS or are developing additional useful mechanisms to facilitate trade in property rights and services and to resolve user to user (U2U) disputes. 60 Some evidence is beginning to emerge that Linden will be aggressively protecting its trademarks including renewed vigor in infringement management of users who misuse Lindens registered marks and trade dress in various ways. 61 bullion, precious metal holdings or as inflation hedges (e.g., Kruggerand, Maple Leaf). Few coins today have intrinsic value from their precious metal content. Furthermore, few major governments back their paper currency with gold or other form of intrinsic value. Therefore, modern money seldom serves as a storehouse of value but succeeds as a medium of exchange if users retain confidence. A sufficient supply of money is needed to enhance this confidence and the relevant users must accept money willingly to create network effects. Any new form of money faces three significant challenges in achieving status as a medium of exchange: switching costs, critical mass, and government control. First, new forms of money, whether traditional paper currency and coin or electronic money, must overcome the competition. Two conditions make user acceptance more likely: (1) difficulties with legacy money and (2) attraction for the new money. For example, while the EUs Euro is clearly a strong currency today, the won user acceptance only after the legacy European currencies (e.g.,) were banished, thus eliminating competition and lowering the costs of switching from legacy currencies, e.g., francs, marks, to Euros. Similar problems plagued the U.S. during colonial times when paper notes were issued by various governments (e.g., England, all 13 colonies, eventually all the states, and the U.S.), by private banks and various private parties. This proliferation of monies caused confusion, inflation and were not reliably convertible, thus diminishing their attraction. New currencies must compete favorably with legacy monies 14

Law and Economics of vMoney

The payment system depends on money. Since B.C. successful monies have had two major functions, first as a storehouse of value and second as a medium of exchange. Today, few gold or silver coins persist beyond collectables, convenient, reliable subLinden Research, Inc. Terms of Service (Agreement or EULA), accessible at http://secondlife.com/corporate/tos.php. 61 Linden ToS on Trademarks is accessible at http://secondlife.com/corporate/brand/index.php
60

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
or the switching costs will prevent critical mass. Second, money requires critical mass, a sufficient supply to achieve widespread acceptance among the target user group. This was historically a daunting task for governments because intrinsic value generally requires either coining using scarce precious metals or strong government to back the currency. However, electronic money is relatively cheap to create. Like paper currencies, eMoney is easy to create but this can cause inflation: too much (new) money chasing too few goods. Critical mass enables network effects for money caused by standardization and universal acceptance. Trust is also a key component of user acceptance, mistrust in monies has myriad causes that electronic money must likely also overcome to be successful, such as inflation, government confiscation, long successful experience using the money and general confidence in the political economy issuing the money. Third, governments control money for many reasons, notably to set monetary policy, control the money supply, prevent international trade warfare, control inflation, discourage counterfeiting, protect the financial system, regulate banking, discourage bank failures and engage in AML enforcement. New forms of money must survive this gauntlet of government scrutiny. There is little evidence yet that the U.S. banking authorities are either interested in fostering new forms of electronic money or are seriously attempting regulation of vMoney. Regulatory tools and regulatory authorities are uncertain as of this 15 writing and are a promising subject for research.

Is vMoney a Unique Electronic Payment Success?

Electronic payments began in the mid-19th century with wire transfer of funds. Most payments today include at least one or more components that are electronic. Contemporary users most frequent electronic payment experiences are: withdrawals from bank credit card accounts for cash using automated teller machines (ATMs), face-to-face retail sales using point of sale (POS) transaction processing for debit and credit cards, online sales using credit or debit cards and various P2P technologies. Less visible are transportation-related payment systems such as toll tags like EZPass and RFID tags for charging gasoline with electronic token-readers at the pump. Nearly all inter-bank transactions between bank payors, drawers and payees process their wholesale transfers electronically, including checks, direct deposits, and clearance of credit or debit card transactions. Retail cash payments are typically deposited so this reconnects even F2F paper currency transactions to the electronic payment system. Most experimental consumer electronic payment systems have eventually failed due to various unsolvable critical mass, and reliability/trust and government control problems. None has yet achieved widespread success, except, perhaps for PayPal-like transfer services. New electronic payment systems and the vMoney architectures that are a variation of electronic payment systems, must respect the key aspects derived from 850

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
years of remote payment and correspondent banking experience. The basic design of our contemporary banking system was developed by the Knights Templar during the Crusades. Innovators in electronic payment architecture apparently cannot ignore two lessons from this experience. First, user acceptance depends on proven system security and reliability. Second, electronic payment systems depend on trusted third parties intermediaries. Originally the Knights Templar and their correspondent monasteries throughout Europe provided the trust element. Todays trust is derived from solvent and reliable commercial banks, financial service provider intermediaries to which banks outsource certain functions, and the key protections provided by various government control and regulation programs (e.g., deposit insurance, monetary policy, central bank oversight of transaction clearance, bank chartering, bank solvency examinations). These institutions of trust and critical mass are seldom well-duplicated in either electronic payment innovations or in vMoneies. Unfortunately, this erects prodigious barriers to electronic payment innovation. According to former Federal Reserve Chairman Alan Greenspan, Electronic money is likely to spread only gradually and play a much smaller role in our economy than private currency did historically. 62

Nevertheless, vMoney appears to be gaining success for four reasons. First, it can compete well with conventional money in some instances. Second, it has experienced some reliability engendering trust. Third, the anonymity features attract users away from conventional money and traditional payment system architectures in some instances. Fourth, the regulatory costs of government oversight are largely avoided. vMoney users apparently do not yet demand trust equal to or superior to conventional payment systems. Users may be more willing to experimental with novel electronic payment systems because vMoney still carries the stigma of merely being play money such that many users are not as fully invested in the stakes of vMoney as are users of conventional money. If vMoney eventually migrates to require traditional trust and government regulation, all the aforementioned challenges confronting any new type of money will likely attach to vMoney as well. 63

Greenspan, Alan, Regulating Electronic Money, in The Future of Money in the Information Age (Cato Institute, 1997), also published as Cato Policy Report, March/April 1997 and originally presented at the U.S. Treasury Conference on Electronic Money & Banking: The Role of Government, Washington, D.C., September 19, 1996, accessible at:

62

http://www.cato.org/pubs/policy_report/cpr19n2-1.html 63 The challenges of new monies, electronic payment schemes, scrip and vMoney include the following: Confidence in money is gained when its value is linked or it can be converted into something of value, such as an acceptable denomination of a respected currency ($, , , ) or another liquid asset with reliable value (gold). Electronic payment forms should be as convenient as cash, that is, readily transferable, capable of convenient exchange in scalable denominations, easily stored and transmitted or received to and from various locations. There must be security and accuracy in transactions.

16

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy Money Laundering
Counter-terrorism and law enforcement increasingly focuses on tracing payments to discover money laundering schemes - a wide variety of
There must be reliable means to authenticate electronic money as genuine, not counterfeit or forgery. Anonymity for the purchaser is a contentious issue. Some users may seek an audit trail of all prior transactions, including the identity of payors, payees and intermediaries. This capability is now possible with checks, wire transfers, POS or credit card transactions. Law enforcement prefers traceable payments for evidence of criminal activity such as the money laundering discussed in chapter 7. Paper currency has serial numbers and can be marked while contemporary coins are low value making them impractical for large transactions. By contrast, many other users prefer to maintain transaction anonymity. Some privacy advocates suspect that comprehensive transaction records weaken personal freedoms and become a tool for a repressive government. Few payment schemes are practical without the participation of trusted and reliable third party intermediaries. Third parties, like banks, provide useful services such as experience, transmission of orders, account information or documents, useful relations with correspondents, provide security and safekeeping and they can connect the payment scheme to reliable sources of value. New forms of money created outside the traditional framework of regulatory oversight may weaken control over the economy. Alternative forms of money and payment schemes processed outside the banking system threaten the power of the Federal Reserve and other financial regulators to control the money supply, to maintain the solvency of financial institutions and maintain the integrity of deposit insurance (FDIC). Bagby, John W. & F. William McCarty, THE LEGAL AND REGUALTORY ENVIRONMENT OF EBUSINESS: LAW FOR THE CONVERGING ECONOMY, (West, 2003) at 354-55.

transaction practices intended to create the illusion of legitimate dealings to disguise the origin and movement of proceeds from unlawful activities. Laundering techniques are most successful when there are plausible explanations for cash flows and cash reserves. In the law enforcement vernacular, the phrase follow the money suggests that tracking the trail of money movements helps to discover terrorists, criminal masterminds and their accomplices. The classic method is to examine the finances of suspects for suspicious receipts or spending beyond the suspects regular earnings or means. This enables tracking back to all payers and recipients of suspicious, repetitive or large transactions for further investigation. Money laundering is a classic component crime in racketeering because both the underlying crimes for which money is laundered and the money laundering itself are repetitive and similar. Racketeering is a compound crime illegal under state and federal law. 64
Key but controversial components of the Organized Crime Control Act of 1970 are known as the Racketeer Influenced and Corrupt Organizations (RICO) provisions, 901(a) of the Organized Crime Control Act of 1970 (Pub.L. 91-452, 84 Stat. 922) codified as 18 U.S.C. 19611968. RICO imposes criminal liability, fines up to $25,000 and/or imprisonment up to 20 years per violation. The civil provisions authorize private plaintiffs to sue for civil treble (triple) damages against persons convicted of racketeering. RICO outlaws a pattern of illegal activities, that include thirty-five crimes (27 under federal law, 8 under various state laws), called predicate offenses, including, e.g., securities fraud, murder, arson, extortion, drug dealing, mail and wire fraud, bribery, loan sharking, and money laundering. RICO requires proof that the accused committed at least two prohibited acts, that the
64

17

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
official records so their payments are not easily accessible by law enforcement. Cash is king, so transfer of currency to launder money is preferable to payment by checks, wire transfers or credit cards because cash transfer can be accomplished without official recordkeeping, thereby providing cover for transactions. Furthermore, cash movements in small bills can impose staggering practical impediments to tracing marked currency or verifying serial numbers. Under one general model developed by federal financial regulators, money laundering has three basic stages: placement, layering, and integration. 65 Placement describes when laundered funds are initially made less suspicious, more convenient and first fall under the financial systems control after initial acquisition. This is the initial step to hide funds following their receipt in an illegal activity. Second is layering, a process of movement that separates the proceeds from their illegal source by using multiple complex financial transactions (e.g., wire transfers, monetary instruments, asset purchases/sales) that further obscures the links between placement and integration. Layering activities may alter the size of the lump sum to obfuscate an audit trail. Third is integration, when the funds reenter the legitimate economy through expenditure
Report To Congress, In Accordance with 356(C) Of The USA Patriot Act, Secretary of the Treasury, Board of Governors of the Federal Reserve System, Securities and Exchange Commission (Commodity Futures Trading Commission staff), Dec. 31, 2002 at 7, accessible at http://www.fincen.gov/news_room/rp/files/356re port.pdf
65

Money laundering is both a literal and metaphoric reference to cleansing the appearance of money sullied by criminal activities. In the 1920s and 1930s gangster era, a large, recurring and potentially incriminating cash flow of coins accompanied the numbers racket, illegal, small stakes gambling. Mobsters owned coin-operated laundries that provided plausible excuses for handling coins and some currency. Laundering the wagering proceeds through the laundries helped to cover up the criminal payments making them practically untraceable. Indeed, unregulated gambling today remains a substantial money laundering front for organized crime. Money laundering may have existed for over 4000 years having originated to hide both legitimate and illegitimate earnings from oppressive government taxation or unfair confiscation. Money laundering methods are varied, many are well-known but detection often remains difficult and enforcement is too often costly. Launderers prefer methods with few
criminal acts constitute a pattern of racketeering activity, and that this pattern results in the investment in, maintenance of an interest in, or participation in a (criminal) enterprise affecting interstate or foreign commerce. Criticism of RICO argues it expanded well beyond the anti-mob, organized crime context that first inspired the legislation. Aggressive use against Wall Street and accounting firms eventually led to some reforms, such as: stiffer proof requirements for financial crimes, the accused must have clearly participated in the crimes and the pattern of wrongdoing must clearly pose a threat of continuity. Nearly half of the states also have RICO-like laws.

18

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
or investment. This is only a basic model, so it can be modified or made even more complex when launderers successfully avoid detection or add costs that might eventually exhaust investigator resolve or resources. Fronts are useful to money launderers; these are apparently respectable businesses that cover up illegal activities. Increasingly, sham transactions and inter-corporate transfers among complex or nested shell corporations are used. In addition, phony charities or trusts, and investment accounts are chosen as intermediaries to handle payment flows. Bank or trading accounts located offshore or in tax havens provide additional cover because cooperation from local authorities in some foreign nations is restricted. Indeed, Swiss bank secrecy has been a traditional and recurring impediment to law enforcement. Increasingly, other financial services can be deployed to transfer wealth such as fictitious trading in securities or commodities, use of money transmitters, remittances to developing countries handled through wire transferors and currency exchange firms. The Federal Reserve Board is continually expanding the list of financial service firms including the following as potential financial institutions: mortgage lenders, pay day lenders, finance companies, mortgage brokers, non-bank lenders, account servicers, check cashers, wire transferors, travel agencies operated in connection with financial services, collection agencies, credit counselors, and other financial advisors, tax preparation firms, non19 federally insured credit unions, and investment advisors that are not required to register with the SEC. 66 Additional private sector financial institutions that have direct responsibility over recordkeeping for transactions they handle are also held responsible to assist in money laundering enforcement, these financial institutions include: depository institutions (e.g., banks, credit unions and thrifts); brokers or dealers in securities; money services businesses (e.g., money transmitters; issuers, redeemers and sellers of money orders and travelers' checks; check cashers and currency exchangers); casinos and card clubs; and dealers in precious metals, stones, or jewels. 67 As the two lists of financial institutions above suggests, money laundering does not rely solely on the physical movement of currency or the traditional paperbased or electronic transfer of funds through commercial banking networks. Increasingly, goods or even services may constitute the flow of value to or from the criminal perpetrator or terrorist back to the illegal organization sponsoring or assisting in the illegal activity. Indeed, diamonds, gold or other precious and valuable assets might be used. Countertrade is particularly insidious method

66

See 65 Fed. Reg. 33646, 33647 (May 24, 2000) interpreting 4(k) of the Bank Holding Company Act. 67 See discussion of financial institution duties regulated by FinCEN accessible at: http://www.fincen.gov/about_fincen/wwd/

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
because of the appearance of humanitarian motives. 68 additional criminal activity by reducing the incentive to spend criminal proceeds. Money laundering enforcement relies heavily on assistance from the private sector, particularly the financial services industry and the Financial Crimes Enforcement Network (FinCEN). 69 Clearly, commercial banks are the most important because their primary business is to handle money transfers and money accumulations as deposits. Large cash payments over $10,000 must be reported in currency transaction reports (CTR) by businesses and banks to create an audit or paper trail. 70 However, because successful money launderers continuously adjust their transactions to avoid suspicion, businesses and most financial services firms must also make suspicious activity reports (SAR) at the $5,000 threshold. 71 For example, a money launderer might divide up a large
FinCEN is a bureau within the Department of Treasury. FinCEN was established in 1990 to prevent corruption of the U.S. financial system. Since 1994, FinCEN is delegated authority to oversee money laundering enforcement. In 2004 FinCEN became a part of Treasury's new Office of Terrorism and Financial Intelligence. Hundreds of thousands of financial institutions must comply with Bank Secrecy Act reporting and recordkeeping requirements. FinCENs revised mission includes fighting the financial war on terror, combating financial crime, and enforcing economic sanctions against rogue nations. 70 Bank Secrecy Act of 1970 (BSA a/k/a Currency and Foreign Transactions Reporting Act,), 31 U.S.C. 5311-5330, 12 U.S.C. 1818(s), 1829(b), and 1951-1959 requires the report of cash payments over $10,000 received in a trade or business from one buyer as a result of a single transaction or two or more related transactions. 71 See e.g., 31 CFR 103.18 and 12 CFR 21.11 (February 1996).
69

Money Laundering Enforcement

Law enforcement and counterterrorism forces now focus increased attention on money laundering because payment flows are indispensable to so many unlawful activities such as underground economic activities: drug trade, terrorism, organized crime, weapons trade and smuggling. Antimoney laundering (AML) laws help identify criminals, reveal accomplices, accessories and co-conspirators who might testify against others in the money laundering supply chain, recover money, assets or freeze accounts, and help deter

Countertrade is a complex reciprocal barterlike exchange in which international brokers match buyers and sellers who trade goods and services without transferring cash. Many developing countries and former Soviet bloc nations have negative trade balances, their currencies do not convert well into hard currency, they have large debt burdens or their government restricts currency outflows. These problems restrict the very foreign trade so badly needed to invigorate their economies. There are several types of countertrade. Barter is the direct exchange of different types of goods or services between the two parties. In a swap, two sellers of the same goods exchange delivery obligations, reducing transportation costs. The most common form of countertrade is counterpurchase: a seller from an industrial nation exchanges goods or services for other goods from the buyer, often through an intermediary such as the government or a firm in the developing nation. In a buyback, industrial machinery acquired from the seller is paid for with goods eventually produced with those machines. Bagby, John W. & F. William McCarty, THE LEGAL AND REGUALTORY ENVIRONMENT OF E-BUSINESS: LAW FOR THE CONVERGING ECONOMY, (West, 2003) at 34647.

68

20

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
cash transaction into several smaller ones each under the $10,000 CTR threshold. Financial institutions must report customer activities deemed suspicious if the activities have no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction or constitutes activity inconsistent with the customers business. 72 authorities, AML regulators or banking authorities. The ease of converting vMoney into real money using debit cards, credit cards, PayPal and the Linden Labs own servicing Second Life users (LindeX) and the difficulty of tracking online services purporting to provide exchange services will likely continue to provide virtual asset creation inconsistent with banking law while permitting the seclusion of assets and transactions. Interpol has recognized the risks of vMoney laundering by taking the initiative in defining virtual money as: money value as represented by a claim on the issuer which is stored on an electronic device and accepted as a means of payment by persons other than the issuer. 74 Technically, virtual money is a form of electronic payment, usually secured through encryption and other metadata and embodied in distinctive (computer) graphics. Interpols emergent taxonomy defines two types of virtual money: Identified virtual money contains information revealing the identity of the person who originally withdrew the money from the bank. This can be traced through the economy, by the bank or law enforcement personnel, in much the same way as credit cards.

Adapting Virtual Finance as a Money Laundering Tactic

Money launderers may already be ecstatic that virtual money could become a most effective form of value. Law enforcement and AML regulators do not publicly nor clearly recognize that virtual environments may become ideal money laundering settings unless several institutional challenges are overcome. 73 As of this writing, there is no direct and unequivocal authority for vWorld monitoring or enforcement by taxation
Bank Secrecy Act/Anti-Money Laundering: Comptrollers Handbook, Comptroller of the Currency, Administrator of National Banks, (September 2000) at 11-12, accessible at http://www.occ.gov/handbook/bsa.pdf 73 See Kane, Sean F., Asset Creation, Seclusion and Money Laundering in the Virtual World, 4 Internet L. & Strat. 1 (July 2006), accessible at: http://www.drakefordkane.com/articles/Virtual% 20Money%20Laundering%20Article.pdf (arguing Interpol understands these challenges, but U.S. law is not keeping pace with virtual finance prospects and developments and that AML regulators (e.g., FinCEN, Department of Treasury, Department of Justice) have inadequate enforcement tools and understanding).
72

74

See generally Virtual Money, Information Technology Crime, Financial and high-tech crimes, Interpol, accessible at: http://www.interpol.int/Public/TechnologyCrime /CrimePrev/VirtualMoney.asp

21

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
Anonymous virtual money (also known as digital cash) - once it is withdrawn from an account, it can be spent or given away without leaving a transaction trail. Using blind signatures rather than non-blind signatures creates anonymous emoney. 75 Identified vMoney has metadata and/or other identifiers enabling traceability using similar methods as traditional electronic payments. However, anonymous vMoney leaves a much less standardized and evident transaction trail, such as by using blind signatures. Without full and real time network forensics, the evanescent network communications log data of anonymous vMoney makes it an ideal form of high tech value for vMoney launderers. vMoney resembles scrip in that it is not legal tender, because it is created outside the government sanctioned monetary system, and is used as a substitute currency. Traditionally, scrip has had very limited utility outside the closed social networks in which they arise (e.g., tokens, tickets and points). However, as vMoney gains easier convertability from inside the closed social network of a vWorld, and flows beyond into legal tender, it assumes status as a near money equivalent. users, (2) the lack of location to an inherently global medium, (3) the crossborder rights vindication, regulatory and law enforcement challenges similar to that of cyberspace generally and (4) challenges in evidence gathering and proffer in an evanescent, virtual world. The larger and more successful virtual environment communities, like Second Life, may close these practical gaps with well-designed EULAs anticipating property rights, reinforcing transaction reliability and providing reasonable access to effective dispute resolution mechanisms. The emerging caselaw already takes great strides in clarifying the closing of this gap. Cyberlibertarian utopian ideals nevertheless maintain that the occupants of new worlds deserve a freshly constructed environment to be nearly devoid of legacy baggage from the human experience-inspired rule of law. This mindset may be a more potent barrier to rights vindication under accepted principles using traditional institutions than has been the uncertainty before clear cases like Eros or Bragg. However, if the virtual environment stakes continue to rise and the efficiency and fairness of dispute resolution alternatives becomes better known, traditional legal principles and dispute resolution methods are likely to resume their importance, even if this development might curb the wt of virtual inhabitants. The clear evolution from the warmth of cyberlibertarial idealism to the cold reality of traditional real world rights and obligations need not curb the wt of all. Indeed, as users are increasingly attracted by fair treatment for participation in virtual markets, the application of traditional 22

A CyberLibertarian Epilog
Cyberlibertarian dogma is likely to become pervasive among many participants in MMORPGs and MMOGs for various reasons, not the least of which are practical: (1) likely the difficulties of gaining jurisdiction over
75

Id.

Adapting Virtual Finance to Simulate Financial Information Security Risk Analysis: A Risk Management Strategy
public policy, as driven by the ideals of democratic capitalism, may supplant an adequate level of comfort. The insertion of illegal activities into vWorlds is already clear. Expansion of unlawful activity to new environments with more limited law enforcement has characterized many of historys cultural migrations. As trade increases between these new vWorlds and real world, two conditions appear inevitable: (1) unlawful activity will flourish and (2) public policy will intervene to impose civilization. Theft, pornography, IP infringement and money laundering are just the tip of these new icebergs.

23