Valve's Legal Status

G

gsibble

Guest
I'm amazed that more people aren't talking about one of the most interesting aspects of the source leak.

Someone pointed out that all of the code for HL2 was not written by Valve. The physics engine and other pieces were liscensed from other companies for large fees. That's commercial software (copywritten code) which Valve was legally required to protect.

Now that that private code is out in the open, those companies' products are virtually worthless because the code can just be stolen from the HL2 code.

Valve is probably facing very large civil suits from multiple corporations for breach of contract which *could* theoretically prevent that code from being used in HL2 and further delaying the game.

Valve got f**ked by those hacker kiddies......wish I could wring their little necks.....
 
would Vavle's contract with these people contain anything which could protect them from something like this? you can bet your left leg every other developer is going to have something similar so they don't get completely ****ed if a hacker breaks in.
 
This is being discussed in three other threads at least on this page.

Try the search feature please.
 
True, they could steal it, but they WON'T because any reputable company wouldn't be caught dead with the HL2 source code. If anyone wants to use the Havok Physics engine, they will license it from Havok. Other video game companies know how Valve feels and will not do anything to kick them while they're down. Smaller companies will not have the resources to make anything of the code anyway - if they do come up with an impressive game, everyone will be very suspicious.
 
Very good point, Valve is in deep trouble. Those hackers could have just ended some good relations with third party liscensed companies. The future is not looking good for Valve. Hope things work out ok.
 
I'm not necessarily saying they're gonna steal it, but it does hurt Havok and other corporations.

And there is no doubt all sorts of protection clauses in the agreements protecting Valve and Havok, but Valve is responsible for its network security and this break in is their fault so they will probably be held accountable.
 
valve is only responsible if they were negligent in protecting the code.
 
This i would expect to be covered in the contract signed by valve.

Remember something like this the supply of the code would have to prove valve was criminally negligent which CAUSED them to lose the code else wise its still the hacker that is the criminal as he had to by pass all valves security there to protect the source code.


e.g. chances are valve are safe from law suits. but the hackers aint. and M$ with their shity OE aint either
 
I'm sure any lawyer could make outlook and the source on one pc look like negligence
 
nope. its not VALVe's fault that OE contained a security flaw. Its M$'s for not removing it. your missing the point.

simple fact is this ...

Valve was not negligent, they did what they could to keep it secure within RESONABLE margins.

ive no doubt Havok are checking there legal rights and such but thats the way i see it to be honest
 
Honestly, if you are Havok, think about this:

Why would Valve even have the source code on a system accessible from the internet??????

If I were writing something that I wanted to keep secure, I would have two networks: an external one for email, web browsing and such, and an internal one for secure work on the product. I don't understand why Valve would do it any other way. I think Havok could easily make Valve look negligent by not protecting it further.
 
Even so, LookOut and the Source source weren't on the same PC; they used that to set up a springboard to weed their way through Valve's intranet to the computer where the Source souce was.
 
Ya, which means that indirectly, the machine containing the source code was connected to the internet. The networks should be physically separate. That's the real way to keep something secure.
 
It really depends on the conditions of the contract. It would be unreasonable for someone to include a clause that would make you liable for damages for circumstances beyond your control, and I doubt Valve's lawyers would have let them them sign such a contract anyway.

Valve did not distribute the source code themselves, and as long as they made a good faith effort to protect the code from theft, there is no question of liability.

In short, it would be wrong to hold Valve accountable for the actions of a determined and apparently skilled hacker.
 
Do the Havok people have reasonable incentive to sue Valve?

They'd be severing relationships with a pretty good (if you ignore the leak) customer. This would probably chill their product overall as other companies would shy away from a company that has a record of suing its customers.

The damage here really is immeasurable though. Nobody is going to outright steal Havok and put it in their commericial code without licensing it, but I'm sure a ton of people have already learned from it. Maybe at this point Havok should create some new licensing schemes for hobby programmers to stay legit? How much does Havok cost anyways? Maybe they already have small scale licenses and I just don't know. I can't tell from their website. I found one reference suggesting it costs around 5000 euro, pretty extreme for a hobbiest or even a small independent developer. They might as well create some new licenses for projects under a certain level of sales. Just a thought.
 
Originally posted by gsibble
Ya, which means that indirectly, the machine containing the source code was connected to the internet. The networks should be physically separate. That's the real way to keep something secure.

Right, and buy every employee two PCs, one connected to the public network, one connected to the private network. That's what the FBI does, and it's the most god awful thing ever. To transfer ANYTHING from one network to the other they have to go though a huge mess of paperwork. Asking a game development studio the size of Valve to do that is rediculous. These are not national security secrets, it's a friking computer game.
 
yeah, but big money is involved dscowboy.. and a lot of pathetic fan boys as well. So something's got to happen.
 
Originally posted by dscowboy
Right, and buy every employee two PCs, one connected to the public network, one connected to the private network. That's what the FBI does, and it's the most god awful thing ever. To transfer ANYTHING from one network to the other they have to go though a huge mess of paperwork. Asking a game development studio the size of Valve to do that is rediculous. These are not national security secrets, it's a friking computer game.

Regardless it is good security, all the tools need to right the game would be on the private network, all the tools needed to research or communicate with other team members would be on the other PC. Make sense to me and as to the transfer issue the point is to set up both networks properly so there is no need to transfer content from one system to the other.
 
Originally posted by Andy018
nope. its not VALVe's fault that OE contained a security flaw. Its M$'s for not removing it. your missing the point.

It is Valves fault for not applying the goddamn patch for the preview pane exploit.
 
Are we sure that the havok source code is really leaked?

I would imagine that the havok engine is normally sold as a binary (.dll or .o) with an api (application program interface) i.e Valve would get a binary code to link into their game that has a set of functions that can be called from the source 'source code'. The actual sourcecode from Havok wouldn't be released. This is normally how IP seem to work in my field.

That said I guess the havok engine could be such an integral part of HL2 so that Valve needed to tweak the code to such an extent that they needed access to the source code.

Working with the source code from someone else is cumbersome though. It takes a lot of time to understand someones else code before you can tweak it. This is why companies many times determine that is is faster to rewrite then reuse. You normally buy IP so that you don't have to understand all the details and can concentrate on just setting the tool up. An important part of IP is to provide an abstraction layer (i.e I don't need to understand all the havok physic calculation for the rag doll effect; I just need to know what function to call and what parameters to set).

So the source code for the Havok engine don't have to be in the source code leak. This would in turn mean that a lot of functions would not link properly after the compile (the code would compile but fail during linking, or worse when they are executed).

Lets hope this is the case.
 
Here is the best way to look at this:

You walk into your local Wal-mart and steal a music CD. You go home and fire off 10 copies of it and give them away to your friends. Now at the surface the only loss is a few bucks right? No real harm done. Now can anything else be done? The only way to really hurt the musician would be to make a copy of that disc then claim the music was your music in the first place. That's impossible to do especially considering the musician would have a team of high profile lawyers knocking on the dudes door saying PROVE it!

LOL
 
Originally posted by Andy018
This i would expect to be covered in the contract signed by valve.

Remember something like this the supply of the code would have to prove valve was criminally negligent which CAUSED them to lose the code else wise its still the hacker that is the criminal as he had to by pass all valves security there to protect the source code.


e.g. chances are valve are safe from law suits. but the hackers aint. and M$ with their shity OE aint either

I don't think Valve was anymore criminally negligent than microsoft and their outlook express, (although thats it currently in court under disspute) But if Valve now released the game using steam with the source code out in the wild without altering it for security they could be found criminally negligent later. Valve must delay HL2 long enough to alter the code enough that they can't be held liable in the future for security problems. We shall see what the courts say about M$...
 
Valve is STILL uncertain exactly how they were hacked. Read Gabe's note again. They SUSPECT Outlook. Nothing is sure.

Lesee... [looks for link]
http://www.pivx.com/larholm/unpatched/

31 current KNOWN holes in IE -- with NO PATCH AVAILABLE.

Just one example of another possible entry point.
 
I'd imagine that valve use a source code management system (Probably Microsoft Visual SourceSafe) This allows code to be checked in / out by many programmers, and is used so that changes to files arnt overwritten, and development paths can be tracked. Its not uncommon to be able to login over the internet so that the code can be accessed in different offices / allow working from home.

These systems are obviously very secure, but if someone has access to the username and passwords (via the keylogger valve found).

There is nothing irresponable for the code to be on a machine connected to the internet, especially when the finished product will rely on the internet (steam)
 
Originally posted by ImJacksAmygdala
I don't think Valve was anymore criminally negligent than microsoft and their outlook express, (although thats it currently in court under disspute) But if Valve now released the game using steam with the source code out in the wild without altering it for security they could be found criminally negligent later. Valve must delay HL2 long enough to alter the code enough that they can't be held liable in the future for security problems. We shall see what the courts say about M$...

If Valve can proof that there systems were hacked (and by the looks of it they have and can) then Valve would have no more responsibility then a car dealership proving to there insurance company that the car was stolen from there lot and please send insurance check (insert address here) Really Valave has nothing to worry about.

:x
 
I don't know. Many good posts on this subject on other threads. Good thread none the less. Like some says, and i have to agree with it: If the code within the source code, that is copyrighted code from other companies i.e Havoc physics engine code also were stolen because of this, complete code structure that is, and as a result Havoc were to drag Valve in court because of this, it would have to be proved, without any doubt that Valve was negligent in protecting the code.

I don't think that they were. They may have been.
I really don't know. But blaming Outlook or Microsoft for it, just don't cut it. If Valve have put security measures in place, which I'm sure they did, their not stupid, and some hackers/crackers/infiltrators gained access regardless of this, they have obviously been very good at what they did and exploited holes in this security structure. Thats not negligent. Thats just bad security structure designed by a third party company. Perhaps. I really don't know. I really think we should let things play and see what will happen. We will know soon enough.
 
Originally posted by maleficarus™
If Valve can proof that there systems were hacked (and by the looks of it they have and can) then Valve would have no more reasonability then a car dealership proving to there insurance company that the car was stolen from there lot and please send insurgence check (insert address here) Really Valave has nothing to worry about.

:x

If you read that post you might notice that I don't think Valve is criminally negligent for getting hacked. I think they could be found liable in the future though if they release the game now that the source code is out if they don't alter it for security exploits. Meaning that the delay for Halflife2 could be very long. Next time I'll write it in crayon...
 
as long as their insurance cover the whole amoount that they are liable for... if they did get sued the settlement cost, laywer cost etc would run a very high fast and be very time consuming... comparing stolen IP to a car theft is making life a bit simple... this could get expensive fast for Valve but I am not convinced they will be sued... (see my post above for one reason)
 
I don't think you guys understand what kind of latitude a jury has in civil liability cases, expecially in states that have shared liability.

All a lawyer has to do is convince a jury of non-technical people that Vavle had some responsability or accountability and didn't do everything possible to protect the code. A jury could easily decide that the criminal is 50% liable while Microsoft is 30% Liable and Valve is 20% liable and have penalties assigned accordingly.

They do not have to prove anything beyond a reasonable doubt and a lot of the information can be viewed subjectively.

The burden will be on Valve to show that they put a reasonable amount of effort into protecting the code.
 
Originally posted by ImJacksAmygdala
If you read that post you might notice that I don't think Valve is criminally negligent for getting hacked. I think they could be found liable in the future though if they release the game now that the source code is out if they don't alter it for security exploits. Meaning that the delay for Halflife2 could be very long. Next time I'll write it in crayon...

I understand your point. But I'm just saying that Valve can not be held responsible in this matter. The only way Valve could be effectively sued would be if it could be PROVEN that Valve purposely leaked out this code to the www. And on the contrary Valve is proving the exact opposite. Also I don't think Valve is obligated to protect this code now that it is leaked, no more so then any game engine releasing game patches to fix bugs and harmful cheats.

And if Valve does get sued a new precedent would have to be set in the courts. And that I can't see happening any time soon.
 
So you don't think Valve has a legal obligation to update the HL2 source so its not vulnerable to security exploits? M$ is currently in court over this very issue.
 
Originally posted by Stryyder
I don't think you guys understand what kind of latitude a jury has in civil liability cases, expecially in states that have shared liability.

All a lawyer has to do is convince a jury of non-technical people that Vavle had some responsability or accountability and didn't do everything possible to protect the code. A jury could easily decide that the criminal is 50% liable while Microsoft is 30% Liable and Valve is 20% liable and have penalties assigned accordingly.

They do not have to prove anything beyond a reasonable doubt and a lot of the information can be viewed subjectively.

The burden will be on Valve to show that they put a reasonable amount of effort into protecting the code.

You have to understand law. And law is based on common sense (at least usually). My point:

If I leave my door unlocked you do not have the right to just walk in and help yourself. You don't even have that right even if I had no door in the first place... :flame:
 
Originally posted by ImJacksAmygdala
So you don't think Valve has a legal obligation to update the HL2 source so its not vulnerable to security exploits? M$ is currently in court over this very issue.

No. Not if the code was stolen. M$ is in a different situation. They just released buggy software but I'm sure they can get around that as well. If I stole a copy of XP Pro could I sue M$ later claiming the peice of software I stoled dosen't work right as advertized?
 
The source was stolen before Valve released the software. If they release the software after the fact they should have a legal obligation to update the software so the source can't be used for security exploits. Your example of pirated XP makes no sense in this discussion. Ofcourse they aren't liable for pirated material... I got to go to work cya all.
 
Originally posted by ImJacksAmygdala
The source was stolen before Valve released the software. If they release the software after the fact they should have a legal obligation to update the software so the source can't be used for security exploits. Your example of pirated XP makes no sense in this discussion. Ofcourse they aren't liable for pirated material... I got to go to work cya all.

Valve is obligated to the gaming community (as this is there main interest) to release some major patches to fix cheats and bugs. That is all they are obligated for. And matter of fact if Valve decided to never release a game patch that is there choice really. Valve is not under any legal obligation to release perfect bug free software as that is a human impossibility at this point in time. Remember humans do the coding. Last time I looked Humans are not perfect although some might think they are heh...
 
Well... i have come to some conclusions:

1) I don't know.
2) I'm not a lawyer.
3) There are too many lawyers.
4) There are too many laws.
5) The infiltrators are dicks.
7) This thread speculative.
8) This is a waste of time.
9) I'm thirsty.
10) I need some punane.
11) I am a looser.
 
Originally posted by gsibble
I'm amazed that more people aren't talking about one of the most interesting aspects of the source leak.


?!?!?!?!??!?!??!?!?!?

This has been discussed too many times. We really don't need another thread to go over the same things again.
 
Originally posted by Ahnteis
31 current KNOWN holes in IE -- with NO PATCH AVAILABLE.
That's why I use Linux as my primary OS, and when I'm in Windows, I use Mozilla.
 
Back
Top