You’ll likely remember that last week it was revealed that CD Projekt had hired a firm to send out letters to those they believed had pirated copies of The Witcher 2, demanding large sums of money. It’s a practice that is widely despised, due not only to its propensity for threatening the innocent, but more significantly, because it’s based on threats in the first place. A person receives a letter demanding an excessive amount of money (evidence for this story suggests in the region of €750, corrected from 900+ that was previously reported), or the recipient will be taken to court where they may end up paying a great deal more. These apparently necessary court cases will be dropped if the fee is paid. And that’s why I consider it such a serious issue. Never mind the severity of the act of piracy, this process subverts the legal process, avoids actually providing evidence and proving guilt, and depends upon scaring people into paying money they likely can’t afford. This is something I wanted to discuss with CDP themselves, who I thought had given unsatisfactory responses to other outlets who suddenly picked up on the story after RPS reported TorrentFreak’s week-old article. My discussion is below.

I want to stress that this is a personal article, between me and CDP, and doesn’t necessarily reflect the views of all at RPS. At RPS we regularly argue between ourselves about matters of piracy and the like. They may agree with every word – no one’s around just now to check.

I contacted CDP, and ultimately Member of the Board and VP of Business Development, Michal Nowakowski, through their PR, beginning by asking a few questions.

“We’re wondering why CDP have gone ahead with this action, when it’s well known that it’s extremely difficult to prove a crime via an IP address, and that so many false positives are inevitable. And whether they think such actions are merited when it is widely accepted that an unauthorised duplication does not equate to a lost sale? Are they concerned about how it makes their company appear, especially in light of the horror and condemnation with which Davenport Lyons’ actions were met with in 2008.“

Here I had focused on the position of false positives, but this was written before any other sites had published other statements, and their focus on this area had yet to happen. In response I at first received the same statement that had been sent out elsewhere, But in light of RPS’s article having clearly caught their attention, more was to follow. That statement read,

“As you know, we aren’t huge fans of any sort of DRM here at CD Projekt RED. DRM itself is a pain for legal gamers – the same group of honest people who decided that our game was worth its price, and went and bought it. We don’t want to make their lives more difficult by introducing annoying copy protection systems. Moreover, we always try to offer high value with our product – for example, enhancing the game with additional collectors’ items such as soundtracks, making-of DVDs, books, walkthroughs, etc. We could introduce advanced copy protection systems which, unfortunately, punish legal customers as well. Instead we decided to give gamers some additional content with each game release, to make their experience complete. However, that shouldn’t be confused with us giving a green light to piracy. We will never approve of it, since it doesn’t only affect us but has a negative impact on the whole game industry. We’ve seen some of the concern online about our efforts to thwart piracy, and we can assure you that we only take legal actions against users who we are 100% sure have downloaded our game illegally.”

Clearly this simply confirmed that the action was taking place. Nowakowski’s reply came soon after. It is lengthy:

“Before we took this step, we have investigated the subject, spoke to other developers and publishers using the same method and company we are using, and are convinced that the method used by them is targeting only 100% confirmed piracy act cases. When we investigated the subject, we were made aware and looked into the infamous Davenport case, and again, we are convinced the methods used in our case are not going to hurt innocent people. After all the months since release piracy of The Witcher 2 was tracked, not a single person denied act of piracy when addressed with that subject. At least not to our knowledge. On whether such actions are merited – I feel that we are really trying to do a lot in terms of being pro-consumer ie. By removing the DRM experience for the users, delivering a lot of free extra content, etc. These people do repay us by being with us, and also by showing their support by means of paying for our games and allowing us to make new ones in the future. The purpose of this action is not to get rich on piracy – believe me, the numbers coming through as a result of this action are petty to say the most. We do hope, however, they may be a sort of deterrent for future pirates; maybe they cannot afford to buy the game here and now, but if they want it really bad, maybe they will consider buying it when the price drop happens as it always does for all titles eventually. It will not fix the world, as nothing ever will, but maybe it will stop some of the most notorious pirates from downloading our game and sharing it further. As for the more casual pirates I want to believe they will eventually become our legal customers because of how we try to work on our customer’s satisfaction. As for the unauthorised duplication not counting as a lost sale – I guess this is not so simple really. I agree in some cases people just download “whatever” to have a look but would not buy otherwise, but there are also quite a few people who have financial means, have interest but feel that they should not pay becaue it is out there for free. It is this last group that is the most problematic, and I do not feel fine with this way of thinking, and we have never officialy supported this kind of behaviour. Being DRM-free is not a shout to all the folks out there – “hey, come and take our game – it’s free.” It is DRM-free, which means we really had to go through huge efforts with our publishers to make this happen so that people can enjoy the game without the hassle that pirated copies are already circumventing. Am I afraid this makes us look bad? I do not feel we are doing anything wrong, as long as people targeted are really 100% confirmed pirates. So far nothing has happened in the past couple of months that would indicate otherwise. I cannot go into details on how can we be sure such information is correct, as this is trade secret of the company working on that on our behalf, but as much as we could see the reasoning behind the method, it is actually leading so far only to 100% piracy cases.”

These were odd claims. Claims at which PC Gamer’s Graham Smith had raised concerned eyebrows when they’d arrived to them via a separate email chat. And they sat equally awkwardly here. To identify someone as a pirate via downloads, one must use their IP address. This is no new technology, and certainly not the subject of something that cannot be revealed for the sake of trade secrets. In fact, you can scare your own balls off by visiting here. It’s also the means by which false positives occur, for many and obvious reasons. So what possible technique could exist that allows more detailed, more accurate information? Because surely it would have to be something astonishing or illegal?

Meanwhile, in their statement to PCG, published after I’d asked my questions but before I’d received the reply, Nowakowski had explained that,

“For some reason the spotlight came down on CDP RED, however you should be aware this is something that about 95% of the games industry is actually doing. Pretty much all the major publishers and most of the independent developers.”

None of us at RPS could think of any examples of other publishers’ doing this in recent months, and we’d certainly never heard of an independent developer ever taking such action, so this comment struck us as strange.

And something else was bothering me about the generously detailed and candid reply – it wasn’t addressing my larger issue in the original article – simply that surely the act of threatening people for money is wrong? I got back in touch, wanting to appeal to the company to change their course of action, rather than simply ask questions. I sent this:

“Hello there. Thanks very much for your candid response. I have a few questions and challenges regarding it, which I hope you don’t mind my putting to you. Could you explain what this 100% accurate technique is, and how it works, and which company it is? You mention trade secrets, but obviously there must be a general methodology without explaining how it precisely works. Identifying someone by their downloading something from bittorrent can only be done by IP, and IP obviously cannot identify an individual. So I’m really interested to learn how this works. Especially with cases such as our commenters who’ve said they paid for the boxed copy and it didn’t work, so downloaded a pirated version. Could this system take this into account? The other thing is, the issue for me doesn’t seem to be about inaccurate threats – those can be weeded out by the courts. It’s about that they’re *threats*. I realise you’re not getting rich from this, but I’m also aware that if I had to part with a few hundred Euros, that wouldn’t make your company rich, but it would cripple me on my low income. Do you accept that you’re sending people demands for significant amounts of money, with the threat that if they don’t pay up, they’ll have to go to court for a great deal more? When crimes are committed, the usual practice is to go to the police, and then the criminal is arrested and eventually goes to court. Circumventing the process of law, by threatening people to buy their way out of a court case, strikes me as something pretty awful to do. This is why we appealed for your company to stop this, and I guess I’m repeating that appeal here. Also, you assert that most other publishers are doing this. I have heard of no examples in recent months. Could you name some for us? And finally, why are you only taking this action in Germany? Many thanks – I really appreciate your time on this, and your patience with my stance.“

This fell into the weekend, and so Nowakowski’s reply, directed through PR in the US, reached me this afternoon. He says,

“When it comes to methodology, while I cannot share exact details, it does in its essence rely on IP identification, however, we do take into account individual cases. And once implication of innocence is reported and proven (ie. Someone actually bought a legal copy of the game but downloaded a torrent version for whatever reason), we may waive the claims. In fact, there was a single (one) case like that, and that person was not ultimately fined, and everything was fixed very quickly via email with no hassle for that person. So there is also case-by-case individual approach which does eliminate error as much as it is possible. Taking into account the fact that this action really does not target staggering amounts of people as some sources in the internet claim, such an individual approach is in fact possible. I can only restate – we have not been made aware so far of any case of the innocent person who would be targeted and made to pay the fee or taken to court. About threats – let me put it like this – when you get a speeding ticket or a ticket for causing a car crash or for any other felony – do you consider that a threat? Because it works pretty much in the same way. Maybe I am confused, but I do feel that not doing things that are wrong is a good way of staying out of trouble – there seems to be an implication that we are bad guys because we are trying to deter people who illegaly downloaded our game from doing that by means of this action. I am a little bit at a loss with this way of thinking. Especially since at the same time, we do take great pains, and even went to court to win the no-DRM case for the people, so that our customers can enjoy the game without any hassle. Also, I want to state clearly that this action is not circumventing the process of law as you are suggesting – this is actually a possible, fully legal action, allowed by the courts and state and regulated in a similar way as the speeding tickets are, for example. It beats me that, honestly speaking, we are being spoken badly about because we are trying to deter people from illegal access to our title. As for the question of other publishers – I am not at freedom to share the names of these publishers. I can only confirm I have spoken to some of them who are using the service and to developers who do the same, and I do not assume that they’re taking similar action — I know this is the case. Why has our story been blown out of proportions? I do not know, but I do recognise this is a great to story to cover, and the only thing we can really do is to answer as honestly as we always do in everything that concerns our company and the games we make. Regarding Germany – it is about access to accurate data, which is allowed by the state. Regulations do not work in a similar way in all the EU countries. Germany does. The process would be possible in many other countries, but in some, the Davenport case would be likely to repeat itself. We cannot allow oursleves to target innocent people. This was never the intention and never will be. The moment we hear innocent people have been targeted, we will take immediate action.”

I want to applaud CDP for the amazingly open and frank way they have responded to this debate, even though I personally am extremely against their actions, and disappointed to see there is no sense of contrition or remorse about the devastating effects such actions can have on an individual. It is great that they are so passionate about ensuring errant accusations are quickly dealt with. And yes, of course piracy is a crime, and no, I am not defending piracy – that is not the point here whatsoever. But when the punishment is so disproportionate, and the efficacy is so ridiculous, I struggle to see any other way to interpret such actions beyond threats for money.

It is not blackmail. But it is often perceived to be. And that, to answer Nowakowski’s confusion, is why the company is receiving such a hostile reaction.

Regarding the speeding ticket example – and clearly I’m speaking from the perspective of the UK, and don’t know the details of the rules in Poland – they do not compare. If I am caught speeding, I receive a fine of £60, from the government. If I pay it within two weeks I pay only £30. I also receive three points on my driver’s license. If I dispute the fine, I am allowed to challenge, and perhaps take the process to court to prove my innocence. That is not what is happening here. Here, this practice traditionally works by people receiving letters designed to scare them into paying an enormous sum, massively more than the cost of the game/film/CD they downloaded (usually justified by their also having uploaded, and therefore distributed the product – much easier to classify as a crime – but the fine in no explained way reflecting this). If they don’t pay the sum, then they will be taken to court, and will have to pay a great deal more, they are told. Possibly tens or hundreds of thousands. We haven’t seen a copy of the letters being sent out in Germany, and it’s possible that they are worded very differently, but what they will be saying is, “Pay this large sum or you will have to pay a very much larger sum.” Which is where those whiffs of blackmail appear. Even though, I very strongly stress, it is not.

It is for this reason that it is not as simple as the company simply trying to defend its product and discourage piracy. And for another. This doesn’t do anything about piracy. CDP’s own (unproven) estimate for piracy figures is 4.5 million. According to TorrentFreak they sent out a couple of thousand letters in Germany, although Nowakowski says above it’s not as high as is reported. Let’s guess at, for the ease of maths, 1,000 letters going out. That means when pirating the game you’d have a 1 in 4,500 chance of receiving a fine. A 0.001% chance. It’s not exactly a figure that’s going to scare people. Sure, it adds that frisson of fear, because there is a chance, and it’s unlikely that people are going to have a spare grand kicking around to get out of trouble. But 0.001%? That’s not a deterrent. It’s a lottery.

And this is why it looks like a cash grab, despite CDP’s protestations that they aren’t making serious money from this. (Although, let’s be clear – if it is 1000 letters, and the fine is €750, that’s still three quarters of a million Euro. I’m not so sure that’s a figure to be so easily dismissed.) Because it only affects an insignificant minority of those who have pirated, it will only likely stop that 0.001% of pirates from doing it again, and then, only catch those who hear about the story, don’t figure out the statistics, and get scared (a tiny minority). So no matter how accurate it may be (and the admission that there was one false accusation so far does rather knock down that “100% accuracy” previously claimed), it’s still completely ineffective. Let alone the opportunistic appearance gained from only conducting this in Germany because individuals’ privacy are already concerningly compromised.

Oh, and one other thought. Regarding the statement that if someone had bought it, then torrented it after, they would let that go. Why, CDP, is that okay, but someone who torrents it, then buys it, is not? Which is to say, why not send these people letters demanding the €40 for the cost of the game? Since the person who torrents to replace his purchased copy will be uploading just as much as he who pirated before buying.

Obviously there are very many who believe pirates deserve what they get. That was made clear by many commenters, and disgusted developers who got in touch with me. I believe that punishments should match crimes, not be based on fallacious claims of piracy equaling lost sales (the only basis for justifying the huge sums that’s ever been given), and certainly not appear to be scaring people out of money to avoid a proper judicious process of law. (One that the music industry keeps learning, to its cost, isn’t automatically on their side.) I understand CDP’s frustration. They see their product being taken without people paying, and they see it happening on a large scale. This upsets them, and they want to do something about it. It seems the situation is very unfair, as there is nothing that can be done about it. And doing things like this, things that really help no one, are a desperate attempt to do something.

And that is why I personally continue to plead with CDP to stop this practice. I believe there is a good reason why people are reacting so negatively to your actions. I believe your actions are wrong.