RWarehall: As to real.geizterfahr, we aren't talking about 2 things. Imagine a thief breaking into a home with a freshly waxed kitchen, claiming the owner didn't post a sign warning him before he slipped and fell.
real.geizterfahr: That's a bullshit comparison since it's not against the law to wax the kitchen in your house without putting any warning signs. Infesting computers with malware and stealing personal data IS against the law. And that's the sole fact that counts.
RWarehall: The only harm to the pirate is that his identity is revealed and leads him to court over his piracy.
real.geizterfahr: It probably won't even get him to court since the information about his identiy was obtained illegaly. I don't know how it is in the US, but over here in Europe you can't get information illegaly to use it as a proof in a court case. It'll be rejected by the judge.
RWarehall: No court is going to take his side. Unless the harm is disproportionate to the crime he committed (like an electrocution trap set in one's home to catch thieves), no court is going to reward him.
real.geizterfahr: We're not talking about "taking his side" or "rewarding him". If a pirate sues the dev about the malware (he'll have to admit his piracy to do that), the pirate will get penalized for copyright infringement (if the dev decides to sue him) in one trial and the dev will be penalized for hacking and stealing personal data in another trial. That's exactly what "two independent cases" means.
All of this, so says you...
We don't know what information the software has passed along. And just because a pirate bypasses a user agreement by pirating a game, likely means he would be expected to abide by it. Quite a bit of personal data is collected with software collected by servers including system information. They often require a full name, etc. The real question is where the line is drawn between data a software company is acceptable to take, and what constitutes "hacking". This is not a simple question, but so many of you seem to have a very one-sided view.
The legal systems in most countries will not allow a criminal to profit from harms incurred from his own crimes unless they are in excess of the crime done. In this case, seemingly the only actual harm is that enough personal information was revealed to identify him. They are not using this information to steal from his bank account nor to destroy his computer. I don't see any court that would be rewarding the pirate in this case.
This isn't the same as with Sony installing a CD root kit, since they did that with all users, making them responsible for any vulnerabilities. The only way I see this company successfully losing a lawsuit would be if legitimate customers were harmed through a 3rd party abusing the doorway the company provided.
RWarehall: Because I posed the question about what exactly constitutes malware.
real.geizterfahr: A short look at wikipedia should clarify this:
Malware, short for malicious software, is an umbrella term used to refer to a variety of forms of harmful or intrusive software,[1] [...] Malware is defined by its malicious intent, acting against the requirements of the computer user
real.geizterfahr: And umbrella dictionary terms are not the same as legal statutes. Just because you can find a broad definition that makes you think a thing is "malware" does not equate to the precise legal wording and precedents of legal statutes. This is why browser adware hijackers are still in business. It's malware for sure, but seemingly not considered illegal because of their claims that the user read their legal agreement and some people may want to see ads.
How many pieces of software require one to use their own name and e-mail and log one's IP to check against for future logins? Is that "hacking"? Or "computer misuse"? And if this is the totality of information passed back to the server and the legal agreement which the pirate willingly bypassed authorizes this information, the pirate is going to be SOL.