WITHOUT PREJUDICE To Whom It May Concern,
I recently uninstalled Trionworlds’ Glyph and Archeage software from my system, however, it seems the removal of your software did not remove the Hackshield software which was installed alongside Archeage and there are no removal tools or instructions provided on your web site to facilitate such removal.
It is my understanding that this software is categorised as a “rootkit” and has hidden drivers and tools which can manipulate the Windows Kernel. It is my understanding that this software is capable of monitoring a user’s behaviour and actions when using a computer where it is installed – without that user’s knowledge or consent. There is also no option to remove the software via the Windows Control Panel, an uninstall executable file or any other such method normally used for the removal of software installed on a Microsoft Windows personal computer.
It is noted that at no point in Trionworlds Inc. Archeage End User License Agreement (EULA) makes any mention that Hackshield will be installed alongside Archeage (the GAME) and that in Section 10 of the EULA states:
“In the event that the Game detects an Unauthorized Third Party Program, (a) the Game may communicate information back to Trion, including without limitation your Account username, details about the Unauthorized Third Party Program detected and the activities or functions performed thereby, and/or (b) Trion may exercise any or all of its rights and remedies under this Agreement or its Terms of Use without prior notice to the user(s) linked to such Unauthorized Third Party Program.”
This indicates that the Archeage executable (the GAME) is responsible for such monitoring – which is misleading information as defined under US Code Title 15, Chapter 2, Subchapter I, § 45 given that actually a third party piece of software (Hackshield) which is independent of the Archeage game is responsible for such monitoring and reporting and as such leaves Trionworlds Inc. directly liable under the US Code.
In fact the Federal Trade Commission (FTC) have issued explicit rulings against such practices such as FTC File No. 062 3019 (Jan. 30, 2007) “Agreement Containing Consent Order”:
“The disclosure shall be unavoidable and shall be presented prior to the consumer installing any content protection software or, if the disclosure is related to Internet connectivity, prior to causing any transmission to respondent about consumers, their computers, or their use of a covered product through Internet servers. The disclosure shall be of a size and shade, and shall appear on the screen for a duration, sufficient for an ordinary consumer to read and comprehend it. The disclosure shall be in understandable language and syntax.”
Furthermore in Complaint, FTC v. Odysseus Mktg., Inc., No. 05-CV-330 (D.N.H. Sept. 21, 2005) the FTC ruled that failure to clearly and conspicuously disclose bundled software with security and privacy risks is deceptive and given that Hackshield is defined under the category of software known as a “rootkit” which has direct access to manipulate the Windows Kernel as well as the ability to send personally identifying information to third parties, this therefore places Trionworlds Inc. directly under the jurisdiction of the above FTC ruling.
Further reinforcing the above is again illustrated under Section 10 of the Archeage EULA which states:
“Trion cannot ensure that your private communications and other personally identifiable information will not be disclosed to third parties. For example, Trion may be forced to disclose information to the government or third parties under certain circumstances, or third parties may unlawfully intercept or access transmissions or private communications.”
Also, under FTC decisions MTS Inc., 69 Fed. Reg. 23,205 and Ed Lilly & Co., 67 Fed. Reg. 4,963 in which the FTC make it clear that companies are bound to provide practices and procedures that provide a “reasonable” level of security for users’ personal information, illustrated by successful cases brought by the FTC such as MTS, Inc., FTC File No. 032 3209 (May 28th, 2004); Guess?, Inc., FTC File No. 022 3260 (Aug. 5th, 2003); Petco Animal Supplies, Inc., FTC File No. 032 3221 (Mar. 4th, 2005); and BJ’s Wholesale Club, Inc., FTC File No. 042 3160 (May 17th, 2005) – Trionworlds Inc. have an obligation under the law to encrypt said communications to prevent third parties from “unlawfully intercept[ing] or access[ing] transmissions or private communications.” Therefore, it can only be concluded that Section 10 of the Archeage EULA is void as it unlawfully attempts to strip contracting parties of their inalienable rights under existing laws and statutes and is further misleading and deceptive under the aforementioned US Code.
As a result of the above, it would seem that the installation of Hackshield, without the relevant notice and consent as illustrated above, is in breach of various laws including but not limited to Wire Tap Act and Computer Fraud and Abuse Act.
In light of this information, I hereby file the following demands of Trionworlds Inc. and failure to meet these demands by the deadlines listed will result in further legal action:
- Trionworlds Inc. are to issue instructions and/or a software application to completely remove Hackshield from end users’ computers both on their Archeage Forums AND via end users’ email addresses;
- Trionworlds Inc. are to destroy any data obtained via the use of Hackshield relating to individual end users and/or their equipment including any backups of said data;
- Trionworlds Inc. are to issue notification to all end users whom have had the Hackshield software installed on their computers via email, making them aware that Hackshield was installed without consent and directing them to instructions on how to remove Hackshield;
- Trionworlds Inc. are to change Section 10 of their EULA to make it lawful by fully disclosing how end users computers and activities on said computers are monitored including explicit information on Hackshield or any other third party software. Furthermore, they should remove all clauses/sections which seek to indemnify Trionworlds Inc. from their obligations under law or seek to remove the statutory rights of their customers;
- Trionworlds Inc. are to issue a patch which either prevents transmission of entity identifying data (such data being any data which can be used to uniquely identify an end user or their computer) between end users’ computers and Trionworlds Inc. servers or communicates said data in an encrypted form;
Demand 1 & 3 listed above must be carried out no later than 21st October 2014 5pm Pacific Standard Time;
Demand 2 listed above must be carried out no later than 5th October 2014 5pm Pacific Standard Time and notification that said demand has been met must be sent via the email to <redacted>;
Demand 4 listed above must be carried out no later than 14th October 2014 5pm Pacific Standard Time and notification regarding the changes to the EULA must be posted on the Archeage Forums AND sent to end users’ email addresses;
Demand 5 listed above must be deployed no later than 14th October 2014 5pm Pacific Standard Time.
COPIES RETAINED