Policy and Legal Challenges of Virtual Worlds and Social Network Sites

Poli cy and Legal Challenges of V irtual W orlds and Social Network S ites Holger M. Kienle Univ ersity of V i ctoria V ictoria, C anada hkienle@ac m.org Andreas Lober RAe Schulte Riesenkampff Frankfurt am Main, Germany alober@sch ulte-lawye rs.de Hausi A. M ¨ uller Univ ersity of V i ctoria V ictoria, C anada hausi@cs.u vic.ca Abstract This paper addr e sses policy c h allenges of complex vir- tual en vir onments such as vir tual worlds, social network sites, and massive mu ltiplayer online games. The com- plexity of these en vir onme nts—apparent by th e rich user interactions and sophisticated u ser -generated content tha t they offer —p oses unique challen ges for policy management and co mpliance. These challenges ar e also imp acting the life cycle of the so ftwar e system that imp lements th e vir- tual en vir on ment. The goal of this paper is to identify and sketch important le gal and p olicy challenges of virtual en vi- r onments and how th ey affect stakeholders (i.e., op erators, users, a nd lawmakers). Given th e incr ea sing significa nce of virtua l en vir o nments, we expect th at ta ckling these chal- lenges will become incr easingly important in the futur e. 1. Intr oduction and Backgrou nd In this paper, we explore th e distinct ch aracteristics of virtual environments, and identify the legal and p olicy chal- lenges that th ey pose. W e argue that th e co mplexity of these en vironme nts and the richness of inte ractions that t hey offer result also in an in crease of complexity in the managem ent, complianc e, an d auditing of policy an d legal req uiremen ts. In the following, we address complex computer- generated en v ironmen ts, namely virtual world s ( VWs), so- cial network sites (SNSs), and Massiv e Multiplay er Online Games (MMOGs) [6] [ 16]. Examp les of VWs are Second Life, Ther e, and Habbo Hotel; examples of SNSs are Face- book, LinkedIn , an d Xing ; and examples o f MMOGs are W o rld of W arcraft, Map leStory , and RuneScap e. In the sub - sequent d iscussion we will use the term virtual envir onment (VE) when discussing issues that apply to VWs, SNSs, and MMOGs. VEs have in com mon that th ey enable mu ltiple users to interact and collaborate in a complex co mputer- generated en v ironmen t. VEs are inc reasingly g aining sign ificance in terms of number s of users and generated revenue. 1 As a resu lt, policy an d legal issues a re beco ming mo re and mor e im- portant for the stakeholders of VEs ( i.e., u sers/players, providers/op erators, and lawmakers/regulators). VEs are diverse in the sense th at th ey (1) attr act peop le based on a wide range of different in terests such as shared hobbies, sports, religion, and sexual interests, (2 ) h av e d if- ferent purp oses such as g ame-playin g, socializin g o r busi- ness, (3) support d ifferent interaction patterns such as real- time 3D interaction s or asynch ronou s communication based on message b oards, an d so o n [4]. Consequently , ther e is no cr isp de finition of a VE th at allows one to d raw a clea r bound ary . In f a ct, on e may v iew a simple listserv a s a social network and, as such, as a VE [18]. A common chara cter- istic of VEs is that th ere is an emerging cu lture shap ed by social interactions of its member s in a v irtual en viro nment. In the following, we c ontrast VE s with d ifferent k inds of web sites. The architectur e of the W orld W ide W eb h as many ch aracteristics th at are similar to VEs and as a resu lt many VEs ar e based on th e W e b’ s infra structure. For ex- ample, many social netw o rks are implem ented as web sites, and some 3D worlds r un with web br owser plu g-ins (e.g., Habbo Hotel ru ns in Adob e’ s Sh ockwav e play er). For dis- cussion pu rposes, we introduce a clas sification of web sites, which group s the sites with roug hly increasing soph istica- tion in terms of content and interaction models: brochure-ware: These sites provide inform ation th at users can browse (e.g., to obtain information about produ cts and services that th ey c an obtain off-line) [ 23]. Users do not have to log o n to the site and the site is static in the sense that it looks the same for all users. e-commerce: Th ese sites are run by companies that sell produ cts on line. They may be p ure online retailers ( e-tailers ) or have a clicks-and-bricks hy brid business 1 For example, Xing claims that e very day 5.7 million people use thei r platform. The most pop ular MMOG is W orld of W arcraft, whose o wners claim to be generatin g 1 billion USD in reve nue per year with over 10 million subscribe rs [8]. model [19]. T o place or ders, users have to create an account. W eb 2.0: T hese sites ar e character ized by sophisticated function ality that often riv al shrink-wrap ped software produ cts. These sites typically offer a participato ry and inter activ e user experience [7]. Im portantly , these sites hav e user-generated content where users are con- ducers , that is, they “both consum e creative work s and simultaneously add creative conten t to those same works” [21]. The above classification is an ide alization because concrete web s ites ty pically ha ve features that blur into other g roups. For examp le, a brochu re-ware site may ha ve a form or ques- tionnaire th at users can fill ou t to pr ovide feedback to the site ope rator, and e- commerce sites often have so me kind of personalizatio n (e.g., Amazon ’ s wishlists) o r user-gener ated content (e.g., book revie ws of users). 2. P o licy and Legal Challenges Stakeholders: The two most impo rtant stakeholder s of VEs are its o perators and its users. Th e relation ships be - tween both stakeholders are primarily governed by the p oli- cies embodied i n the terms of use statement and the pr i vacy policy . Policies of ten in teract with legal r equiremen ts. In this co ntext, there are additional stakeholders such as law- makers that cr eate regulations, an d co urts that create case law . Hence, policy ch allenges have to factor in legal re- quiremen ts as well (e.g., privac y p olicies are co nstrained by priv acy regulations). There are also organ izations such as the V irtual Policy Netw ork ( virtualpolicy.net ) that aim at br inging to gether stakeholders f rom governme nt, academia, and ind ustry . In the fo llowing, we d iscuss a n um- ber of selected issues th at con cern the interaction o f opera - tors an d users as well as lawmakers. These iss ues are meant to expose challenges that ar e particular ly r elev ant to VEs. Legal considerations: In the early d ays o f the W eb , it was o ften per ceiv ed as being f ree and u nregulated [ 15]. This percep tion has gradually cha nged with increasing ma- turity and commer cialization o f the W eb. VE s have made a similar dev e lopment in this respect. Many legal issues of the W eb and of VEs are ad dressed by existing laws an d case law . Ho wever , there are also specific a cts ( e.g., U.S. ’ s COPP A) and policies (e.g., ICANN’ s UDRP) that hav e been enacted fo r cybe rspace. It remains to be seen if lawmakers will become acti ve for VEs. On Ap ril 1st, 2008 a first h ear- ing by the Sub committee on T elecommunica tions an d the Internet was held on policy concerns of VEs. 2 Almost all legal issues that exist in real life a re poten- tially ap plicable to VEs; this holds esp ecially for 3D VWs. 2 http://energyc ommerce.house.go v/cmte_mtgs/110- ti- hrg.040108.VirtualWorlds.shtml The o nly questio n is how to ma p virtu al incidents to app lica- ble law: Killing a hum an is n ot the same as killing an av atar , so the latter is no t being considered mu rder (even tho ugh there m ay be other repercussion of such an act d ependin g on the VW), smok ing pot in a VW is n ot a use of illegal drugs (but may be considered promo ting dru g abuse), and sexual acts with kid -faced av atar s is not child abuse (but potentially child pornog raphy) . Prominen t legal issues that ar ise in all kinds of web sites and VEs are co pyright and tradem ark, especially if they allow u ser-generated co ntent [8]. For e- commerce sites and VEs th ere is also tax ation, frau d an d money laundering . In VEs these issues sur face if the world has a n ec onomic mo del inv olv ing virtual money an d users that can o wn virtual proper ty [1 3] [14]. V irtua l mon ey (e.g. , Second L ife’ s Linden Dollars, There’ s Therebucks, and En- tropia Univ erse’ s PED) is real in the sense that they ca n be exchanged fo r rea l mon ey and vice-versa. I f the VW allo ws (real-time) u ser interaction s (e.g., avatar movements in 3D and voice c hat) there is also the possibility o f harassment, assault, and libel. An overarching legal issue is jurisdic- tion because many sites and VEs are not constrained by na- tional boundaries. For instance, VEs are often i mplemen ted as ser ver farms that are located throu ghout the world. As a co nsequenc e, the acce ss, storage, and rep lication of data may be constrained by different data protection laws. If the VE has a vir tual currency and enables gam bling, there may be comp lex legal questions d epending on the location s of the oper ator , its servers, and the users. In terestingly , opera- tors can try to segregate o r exclud e users. Second Life has a dedicated T een Area where users ar e requir ed to be b etween 13–17 years o f age. E-c ommerce sites can e xc lude u sers via restricting shipping to postal addresses in certain countries. Complexity: From the users’ per spectiv e, policies are im- portant becau se they spell out th eir rights an d obliga tions. Unfortu nately , th ese policies a re often d ifficult to read and understan d (e.g., priv acy p olices in the health care d omain [3]). Furthermo re, VEs offer rich u ser inter actions an d business models that have to be reflected in their po licies. As a re sult, such po licies are com parably co mplex. While brochu re-ware sites can be satisfied by covering on ly gen - eral issues (e. g., license to use, disclaimer, lin king, and in- tellectual pr operty), e- commerc e sites also h av e to address issues such as order acceptance, p ricing in formation , ex- porting o f g oods, an d disclaimers fo r special goods suc h as medicines. Similarly , VEs have to cover issues that are unique to their environmen t; for example, Second Life’ s terms of use addresses trading of its virtual currency . T able 1 shows statistics o f thr ee different term s o f use statements: a broch ure-ware site (General Electr ic), an e- commerce site (W al- Mart), and a VW (Second L ife). I n these examples, mo re site complexity translates into an in- crease in th e size o f the ter ms o f use. The Flesch read- Operator T ype # words Flesch ge.com brochu re-ware 1576 56.3 wal-mart.com e-commer ce 5056 57.4 secondlife.c om 3D world 7492 42.2 T able 1. Examples of ter ms of use statements and their number of wor ds and Flesch read- ability score ability 3 for Seco nd Lif e in dicates th at th e terms of use ar e significantly m ore d ifficult to understan d than for the other two sites. Even thou gh these p olicy statements are already com- plex, they cannot hop e to be all-enco mpassing. As a result, they represent an element o f uncer tainty to b oth operator s and users. I t is an open q uestion how to m inimize uncer- tainty in po licies. The co mplexity of VEs may pr ompt op- erators to lo ok f or novel approach es on how to repr esent and enforce policies, and how to n egotiate and contract policies with users. Compliance: Operators need to man age and enfo rce the policies, a fact wh ich r epresents a significan t challen ge in VEs. First, elements of po licies (expressed in natur al lan - guage) have to be expressed as constraints in the VW , which is ultima tely realized in its co de. Howe ver , mapping th e policies down to co de and keeping both consistent in case one or the other ev olves is difficult to manage. There are many examp les of privac y violatio ns caused b y wrong im- plementation s o f priv a cy features. For examp le, in Face- book supp osedly priv ate annotatio ns were mad e visible to all u sers [9]. In co ntrast, priv acy of e-commerce sites is compara bly easy to exp ress because no user is allowed to see any data or interactions of other user s. Second, enforce- ment of policies is difficult in VEs because of the high de- gree of fr eedom th at users have in interacting with the en v i- ronmen t. For example, enfo rcement of intellectual property (IP) rights in a brochure-ware site is rela ti vely easy because the co ntent publishers can be man aged. If simple user- generated co ntent such as b ook revie ws are allowed, th e IP violations can be limited by the for m of exp ression (e.g. , text only , limited n umber of words). Fu rthermor e, content such as text is amenable to au tomated pro cessing, and the content o f web sites can be crawled to look fo r po licy viola- tions. In contrast, “crawling” and auto mated processing of the content of a 3D en v ironmen t to ensur e compliance with policies is a much bigger challenge. Negotiat ion a nd ba lance: Another challen ge of VEs is how to negotiate policies between operato rs a nd users. Cur- rently po licies are d rafted an d put into effect by o perators without consu lting u sers, and operator s try to reserve the 3 The Flesch Re ading Ease measure s how easy it is to read a text w ith a score from 0 to 100, where a lower score indica tes a more dif ficult text . Scores of 50–59 are considere d fairl y di f ficult and 30–49 diffic ult. right to chan ge policies at will. This can result in un bal- anced policies that put user s at a disadvantage. The follow- ing is an excerp t of a legal no tice fro m the web site of a large U.S. corpora tion in 19 98 (essentially brochur e-ware): 4 “ Any visitor to the V aler o web site who provides informa tion to V a lero agree s that V alero h as un- limited rights to such infor mation as pr ovided, and that V ale ro may use su ch info rmation in any way V alero chooses. Such info rmation as pr o- vided by the visitor shall be non-co nfidential. ” In the past policies have bee n criticize d if perceived as un- balanced. For example, the first terms of use of Adobe’ s Photoshop Ex press stated that users who u ploaded pictu res in effect “grant Ad obe a world wide, royalty-fr ee, no nex- clusiv e, perpetual, irrev ocable, and fully subli- censable license to u se, distribute, deriv e revenue or oth er remun eration from, reprod uce, m odify , adapt, pub lish, tran slate, publicly perf orm and publicly display such [pictures]. ” After this policy was wid ely criticized , Adobe made changes tha t lim ited its rights to the p ictures. In contrast to most MMOGs, Second Life per mits the creator s of vir- tual pro perty to own their creations [1]. Second Life’ s term s of use say explicitly: “Y ou retain copyright and other intellectual prop- erty r ights with respec t to Con tent yo u create in Second Life, to th e extent that you have su ch rights under applicable law . ” Operators have to balance their desire to control and own user-generated co ntent and priv ate data with the desire of users to retain their own creation s and to prote ct their pri- vac y . Ho wever , when users retain intellectu al pr operty o f their creations, certain challenges have to be faced when these crea tions bec ome part of th e V E. For in stance, if a user sells one o f his virtua l creations, cer tain rights attach ed to it may h av e to be tra nsferred or licensed to the n ew owner; and if u sers retain the copyright of their a vatars, what about screenshots with a comm ercial intere st that are depicting them? An unbala nced po licy that is n ot freely bargaine d (i.e., a contract of adhesion ) and that puts users at a c lear disadvantage increases th e oper ator’ s risk that co urts will find it unconscientio us —and as a result may refuse to ( par- tially) enforce it [1 2]. Curren tly users h av e n o negotiatio n power of po licies (excep t via lob bying and media coverage), ev en thou gh operator-driven p rojects such as BetterEUL A ( bettereula .com ) pr ovide a p latform f or user inpu t. Also, Euro pean customer protection laws ha ve been passed on the assumptio n th at end -consum ers hav e no choice oth er than to accept the po licies imposed on them. In the future, 4 http://web.arc hive.org/web/199 80530081620/www .valero.com/html / l e g a l _ n o t i c e . h t m operator s may want to offer p ersonalized policies that are semi-automa tically nego tiated. Users an d service providers could state th eir p riv acy needs in machine- readable data for automated negotiation of a priv a cy po licy th at is accep t- able for both sides [17]. Again , th is will result in increa s- ing complexity f or policy m anagemen t and comp liance [ 2]. This co mplexity may be tackled with policy-driv e n systems [5]. Generally , one can argue that u sers ca n switch VE s if they are not happy with its policies, but th ere are significant barriers in practice. For e- commerce sites there is a low cost to user to switch operators (e.g., abando ning Barnes & Noble in fa vor of Am azon) because it requires to only open up a new acco unt. For social ne tworks, switching of sites (e.g., fro m Xing to LinkedIn) me ans lo sing all the ef fort of populatin g ones pro file an d also ones social identity . If users h av e heavily invested (a lso mo netarily) in V Es (e. g., purcha se of land in Second Life, or building up an avatar in W orld of W arcraft) , switching is even mor e pr ohibitive (even though Bartle poin ts o ut that users c ould switch by selling an d buying av atars on eBay [16, p . 11 1]). Finally , users ten d to choo se a VE for its conten t, not its p olicies. There is no effecti ve competition between operators of VEs for the most user-friendly policy and as a conseque nce many stipulations that are disadvantageou s f or users can be foun d in nearly all policies. Privacy: Priv acy concern s are an imp ortant issue tha t serves as a goo d example to expose policy challeng es of VEs [6]. On br ochure- ware sites there a re on ly privac y issues of trac king the movements of u sers on the site. E- commerce sites have to pro tect priv ate data abou t users suc h as a ddress an d billing info rmation. In co ntrast, users cre - ate and expose all kind s of p riv ate in formation o n VEs, and VEs ar e also gen erating pr iv ate data ab out users (via profiling and mining techniqu es [1 1]). Ex amples of pri- vate inf ormation ar e user details (e.g., ag e, lo cation, g ender, and testimonials), connectivity (e .g., frien ds and g roups), content (e.g., ph otos, comm enting, an d tagging ) [7]. Face- book, fo r instance, su pports the creation of all of the afore- mentioned in formation . Im portantly , Quirchm ayr and W ills make the p oint tha t “the m ore data we c ollect abo ut a p er- son, th e mo re sensitive this d ata be comes, because the in- creasing amount of available da ta allow to construct an in- creasingly complete pro file” [2 0]. A less-welcome scenario is that automated reason ing m ay create wrong kn owledge about a person , which is then d ifficult to pu rge or change [22, p. 152 ff]. Cormod e and Kr ishnamurth y h av e studied the uniq ue characteristics of the W e b 2.0 and co nclude that “there are significant challenges in allo win g users to under- stand priv acy implications and to easily express usage poli- cies for their per sonal data” [ 7]. VEs may push user mo n- itoring and p rofiling to new lev els. Even f or 3D worlds it seems feasible to r ecord fine-g rained movements and inter - actions of av a tars. Pri vacy co ncerns in VEs are similar to the on es in re al life. If th e locatio n data and history of a cell p hone is con sidered private, th e same could be argued for an avatar —but there may be sensible reaso ns for doing this (e.g., tr acking of virtual commer ce transaction s). It is currently difficult to assess for users whether a VW’ s pr i- vac y policy and pref erence settings are adequ ate for the ir personal perception of priv acy . Evolution: Another challenge is the e volution of policies. As mentioned before, an operato r has a stron g inter est n ot to be restricted in any form whe n making changes to polices of the VE as well as making chan ges to the VE itself. T o p re- serve consistency , a certain change in the VE may mand ate a cor respond ing cha nge to its po licy , and vic e-versa. In a sense, operators are the Gods of VEs becau se they have the means to change its behavior as th ey see fit—in this respect, “code is law” [15]. Indeed, Bartle, one of the p ioneers of MMOGs, a rgues that operator s shou ld be allowed to make drastic ch anges to a VW , includ ing its destruction , because users always h av e the o ption to aban don it [16, p. 114f] ). The r isks that users of VEs face have th e following ana l- ogy: “In the real world, tho se who m ake investments in a cou ntry expo se themselves to u niquely ‘ sovereign’ risks because of the d anger th at the governmen t might alter the laws u nder which th ey claim to hold assets” [1 0]. How- ev er , whereas in real life the inv estors will pro bably n ot be in a position to sue the sovereign, users of a V E can c er- tainly su e its o perator . Th e mo re users have inv e sted in a VE and have come to d epend o n cer tain beh aviors of the VE, the m ore likely th at they will sue if they believe that a change in be havior con stitutes a miscon duct on the side of the opera tor . In this respec t, cod e is not the supreme law because its e volution is constrained by polic y . For instance, there are users that d erive significant revenue from Second Life so that their “business activities have been successful enoug h to replace their real-life inco me, ” [1] as exemplified by a user who claims to h av e earned $ 1 million USD with virtual prop erty dealings. If virtual prop erty is in fact r eal as argued by Lastowka and Hunter [13], actions by th e op- erator that destroy or de-value p roperty m ay be actionab le under law . Inter estingly , Seco nd Life is indeed influenc ing its virtual real estate market by contro lling the supply rate of n ew land. 5 This poses the q uestion of th e legal con se- quences if actions taken b y the o perator—intentionally or unintentio nally—cause a significa nt de-valuation o f all or some pro perty . Lastly , this leads to the q uestion how o p- erators would be able to terminate a high ly developed VW . Presumably , the op erator would not have eno ugh assets to cash-out all users. Howe ver, so far no VW that mode ls a complex economy s uch as Second Life has shut down. 5 http://secondl ife.reuters.com/ stories/2008/06 /19/linden- freez e s - l a n d - s u p p l y - a s - p r i c e s - p l u m m e t / 3. Conclusions In this paper we hav e identified key challenges of virtual en vironme nts with respect to the management, compliance, negotiation, and evolution of p olicies. W e have contrasted challenges of virtu al environmen ts with the policy issues faced by different group s of web sites (i.e., broch ure-ware, e-commer ce, and W eb 2.0 ), expo sing that virtual environ- ments exhib it distinct characteristics that make policy issues particularly challenging . Impor tant qu estions in this context are: • How to en sure consistency among policies (e .g., p o- lices embodie d in term s of use statements and policies embodied in th e cod e)? The com plexity of vir tual en - vironm ents m akes it difficult to keep po licies consis- tent, and to define policies in code. • How to effectively enforce polices? On the one hand , there are techn ical challeng es (e. g., auto matically de- tecting a virtual trademark violation ). On the oth er hand, the priv acy of users has to be respected as well. • How to negotiate p olicies and how to give users more negotiation power? Given that policies express obli- gations of the user , a mo re balanced approach is needed so th at u nbalance d co ntracts of a dhesion can be av oided . • How to evolve policies and the behavior of the virtual en vironme nt? In both cases, op erators are constrain ed by user and legal considerations. • How to manage policies in an uncertain legal en v iron- ment? Cur rently there is little case law to guid e o pera- tors on how to m eet legal req uirements. W e believe that th e increasing significan ce of v irtual en vironme nts an d the ir unique char acteristics deserve f ur- ther exploratio n an d research o f the ir policy issues by re- searchers in the legal, governance, and co mputer science fields. Refer ences [1] IP and business: Second life – brand promoti on and unauthoriz ed trademark use in virt ual worlds. WIPO Magzi ne, Nov . 2007. http://www.wip o.int/wipo_magaz ine/en/2007/06/ article_0004.html . [2] A. I. Ant ´ on, E. Bertin o, N. L i, and T . Y u. A roadmap for compre- hensi ve online pri va cy poli cy manag ement. Communications of the ACM , 50(7):109–116, July 2007. [3] A. I. Ant ´ on, J. B. Earp, M. W . V ail, N. Jain , C. M. Gheen , and J. M. Frink. HIP AA’ s ef fect on web site priv acy polici es. IEEE Sec urity & Privacy , 5(1):45–52 , Jan./Feb . 2007. [4] M. Baladi, H. V itali , G. Fadel , J. Summers, and A. Duchowski. A taxonomy for the design and ev aluati on of networke d virtual en- vironments: its applicatio n to collabor ati ve design. International J ournal on Inter active Design and Manuf acturing , 2(1):17–32, Feb . 2008. [5] R. Barrett. People and policies: Transforming the human-c om puter partner ship. 5th IEE E International W orkshop on P olicies for Dis- tribu ted Systems and Networks (POL ICY’04) , pages 111–114, June 2004. [6] D. M. Boyd and N. B. Ellison. Social netwo rk sites: Definition, history , and scholarship. J ournal of C omputer -Mediat ed Communi - cation , 13(1):210 –230, O ct. 2008. [7] G. Cormode and B. Krishnamurthy . Ke y diff erence s be- tween web 1.0 and web 2.0. F irst Monday , 13(6) , June 2008. http://www.uic .edu/htbin/cgiwr ap/bin/ojs/index.php/fm/artic l e / v i e w A r t i c l e / 2 1 2 5 / 1 9 7 2 . [8] C. Dougherty and G. L asto wka. V irtual trademarks. SSRN , 2008. http://ssrn.co m/abstract=10939 82 . [9] D. Goodi n. Face book bug d ishes out notes designat ed pri vate. The Registe r , Oct. 2007. http://www.the register.co.uk/2 007/10/23/facebook_privacy_bu g / . [10] J. Grimmelmann. V irtual worlds as comparati ve la w . New Y ork Law School Law Review , 47(1):147–184, 2004. http://ssrn.co m/abstract=70718 4 . [11] M. Hildebran dt. Profiling: From data to kno wledge. Datensc hutz und Datensic herheit , 30(9):548–55 2, 2006. http://www.fid is.net/fileadmin /fidis/publications/2006/DuD0 9 _ 2 0 0 6 _ 5 4 8 . p d f . [12] R. G. Kunk el. Recent de velopments in shrinkwrap, click- wrap and browse wrap licenses in the United States. Mur- doch U niver sity Electr onic J ournal of Law , 9(3), Sept. 2002. http://www.mur doch.edu.au/elaw /issues/v9n3/kunkel93nf.html . [13] F . G. Lasto wka and D. Hunter . The laws of the virtual worlds. Public La w and Lega l Theory Research Pape r Series Researc h Pa- per No. 26, Univ ersity of Pennsylv ania Law School, May 2003. http://papers. ssrn.com/abstrac t=402860 . [14] F . G. Lastowka and D. H unter . V irtual crimes. New Y ork Law School Law Revie w , 49(1): 293, 2004. http://www.nyl s.edu/pdfs/v49n1 p293- 316.pdf . [15] L. Lessig. Code, and Other Laws of Cyber space . Basic Books, 1999. [16] A. Lober . V irtuelle W elten werden r eal. Sec ond Life, W orld of W ar- craft & Co: F aszination, Gefahr en, Business . Dpunkt, Aug. 2007. [17] M. Maaser , S. Ortmann, a nd P . L angend ¨ orfer . NEPP: Negot iatio n enhancements for pri vac y policies. W3C W orkshop on Languag es for Privacy P olicy Ne gotia- tion and Semantic s -Driven Enforce ment , Oct. 2006. http://www.w3. org/2006/07/priv acy- ws/papers/12- or tmann- nego t i a t i o n / . [18] D. G. Post and D. R. Johnson. The great deba te – law in the virtual world. F irst Monday , 11(2), Feb. 2006. http://firstmo nday.org/issues/ issue11_2/post/ . [19] P . Prasar nphanich and M. L. Gillen son. The hybrid c licks and bricks busine s s model. Communication s of the ACM , 46(12ve ):178–185, Dec. 2003. [20] G. Quirchmayr and C. C. Wil ls. Data protection and priv acy la ws in the light of RFID and emergin g technol ogies. In C. Lambri- noudakis, G. Pernul , and A. M. T joa, editors, T rustBus 2007 , vol- ume 4657 of Lectur e Note s in Computer Scien ce , pages 155–164. Springer -V erlag, 2007 . [21] E. Reuv eni. Authorship in the age of the conduce r . SSRN , 2008. http://ssrn.co m/abstract=11134 91 . [22] K. A. T aipale. T echnology , s ecurit y and pri vac y: The fear of frank enstein, the mythology of pri va cy and the lessons of king Ludd. Y ale Jo urnal of Law and T echnolo gy , 7(Fa ll):123– 221, Dec. 2004. http://www.yj olt.org/7/fall/t aipale- 123 . [23] S. Ti lle y and S. Huang. Evaluat ing the re verse engineering capa- biliti es of W eb tools for understand ing site content and structur e: A case study . 23rd ACM/I EEE Inte rnational Confe re nce on Softwa re Engineerin g (ICS E’01) , pages 514–523, May 2001. This work is licensed under a Creative Co mmons Attributi on-Noncommercial- Share Alike 3.0 United States Li cense. The license is available here: http://creativecommons. org/licenses/by- nc- s a/3.0/us/ .