Skip to content
Home » Order in the Warez Scene

Order in the Warez Scene

Explaining an Underground Virtual Community with the CPR Framework

ABSTRACT

The paper analyzes the warez scene, an illegal underground subculture on the Internet, which specializes in removing copy protection from software and releasing the cracked software for free. Despite the lack of economic incentives and the absence of external laws regulating it, the warez scene has been able to self-govern and self-organize for more than three decades. Through a directed content analysis of the subculture’s digital traces, the paper argues that the ludic competition within the warez scene is an institution of collective action, and can, therefore, be approached as a common-pool resource (CPR).INTRODUCTION

The warez scene, or ‘the scene’, is an underground subculture that acquires legal copies of computer software, removes their copy protection, and subsequently distributes them for free. It has been around since the early 80s and consists of several independent groups competing with each other on the speed and quantity of copyrighted software that they can crack (i.e. remove copy protection) and share amongst themselves. The groups pride themselves on their ability to release high-quality functional cracked versions of software (known as warez, hence the name of the subculture), and most pirated software across the world

They have their origins in the scene. As a virtual community, it consists of a distributed network of individuals working in groups under pseudonyms – their real world identities unknown to each other and activities not limited to any single geographical location. The groups participating in the warez scene are committing intellectual property theft and operating in unarguably illegal spaces. However, even in the face of potential legal sanctions, they have been able to successfully sustain the warez scene to bring out goods that do not provide them with economic compensation for more than three decades.

On December 11, 2001, a 15 months-long investigation led by the United States Customs Service together with the Department of Justice culminated in Operation Buccaneer, the first significant law enforcement operation against these warez groups. The raid, conducted in conjunction with international agencies, led to the simultaneous execution of 70 search warrants in 6 countries. Over the next two years, trials and guilty pleas led to around 23 convictions in USA and UK along with the extradition of an Australian citizen [51]. This Operation was regarded to be an important step in the fight against copyright piracy, with the United States Deputy Assistant Attorney General (DAAG) of the Criminal Division declaring in 2003 that it “has sent a strong deterrent message which continues to resonate throughout the copyright piracy community” [33].

However, within a week of Operation Buccaneer, the warez groups were back distributing cracked copyrighted software. Analysis of their digital traces showed them maintaining a live-blog about Operation Buccaneer with regular updates on which groups were temporally disbanding and which “will continue to release, but taking extreme precautions” [58]. By December 16, 2001, warez group VISPER had released the game “Pocket Tanks Deluxe Blitwise” with the message – “We’re Back” [53]. Since then there have been many similar raids attempting to dismantle and disrupt the warez scene. But such police operations have had no effect on the quantity of warez being released [9] and legal authorities are no closer to shutting them down now than they were in 2001.

How have the norms and rules evolved to allow competing groups within the warez scene to (mostly) remain one step ahead of software companies and legal enforcement agencies for the last three decades? More importantly, why do warez groups contribute to an online (albeit illegal) collective in the absence of financial incentives and how are they able to coordinate and sustain the scene in the absence of formalized organizational structures? This study seeks to answer these questions and to do so will argue that the ludic competition between groups in the warez scene is an institution for collective action, and can, therefore, be approached as a common-pool resource (CPR).

Subsequently, the study uses economist Elinor Ostrom’s [38] framework of long-enduring common-pool resource institutions to understand how the warez scene has sustained itself and been successful in self-organization and self-governance.

RELATED WORK  Order without Law

Research on how communities govern themselves in the absence of external laws has precedence in legal and economic studies. In Ellickson’s [11] seminal work “Order without Law”, ranchers in Shasta County, USA enforced order through an informal network of social sanctions and gossip. Here, the enforcement was outside the parameters of the county’s official property laws and was spontaneously generated through informal interactions. Around the world, social order has often been a result of local community institutions rather than through external legal enforcements – communities are able to use informal mechanisms such as social norms to organize themselves and function smoothly in the absence of external regulation [6]. This is especially true for communities that engage in illegal activity such as the organized criminal firms [34] or pirates at sea [32]. Here, private enforcement becomes the primary tool to handle conflict resolutions because breaches are not enforceable in a court of law. Similar examples throughout history have seen merchant communities using informal reputation mechanisms to drive cooperation and enforce collective punishments [15]. Robust institutions of selfgovernance that have historically been able to cope with external and internal pressures have also been observed in the successful collective management of common pool resources such as forests and fisheries [38].

Studies on virtual communities have looked at the role of norms, trust, and reciprocity along with more formalized policies and dispute resolution systems in facilitating cooperative behavior [28,40,45]. Literature on digitally networked information production similarly discusses how non-market systems are able to overcome obstacles to collective action in the absence of formal organizational structures [2,3,54] in virtual communities. The ability of distributed communities on the Internet to self-organize and self-govern using technology-mediated communication has been of particular interest to researchers studying social computing, especially with respect to open-source software development [8,29,44] and peer-produced encyclopedias such as Wikipedia [13,23]. These studies show communities sustaining themselves through informal institutions that emerge from within rather than through enforced formalized bureaucratic structures. Similar informal institutions have also been found in online communities such as Usenet [27] and Slashdot [30]. 

The current study bridges the study of offline selfgoverning communities and underground virtual communities. Specifically, it studies how collective management of reputation can become a means by which order is maintained in virtual communities, which by choice or necessity, cannot rely on laws or centralized authority. Subsequently, through describing how non-hierarchical informal interactions between warez groups have led to complex institutions, the study will show the plausibility of non-legal forms of social control in successfully sustaining and governing robust virtual communities.

Research on the Warez Scene

In spite of the impact of the warez scene on the software industry, its secretive nature has meant that research on its organizational structure is limited. Most research has focused on the end-users, i.e. the demand side of pirated goods [22]. Studies on the prevalence of malware in anticopyright protection mechanisms have focused on the intermediate distribution steps between warez groups and end-users [10].

Hetu et al. [10] attempted to understand the online community of the warez scene as a crime behavior system. Analyzing inter-group interactions in the digital traces of warez groups they establish that while most groups have short lifespans, the groups with high reputation are those which have consistently provided high-quality releases to the scene over extended periods. Through a social network analysis, they conclude that the network is relatively dispersed with no groups at its core with some local clusters of groups. These findings reconfirm the nature of the warez scene as a distributed network with no central authority and suggest a relationship between longevity and reputation. 

The only comprehensive ethnographic study of this community by Rehn [41] describes it as a “hypermodern gift economy” on the lines of the potlatch practiced by Native Americans, where the competitive ‘giving’ of warez releases creates an honor system amongst its members. The author attempts to explain the rules and norms that slowly evolve in this community as negotiated attempts to keep the competitive sharing of cracked software alive. While the concept of ‘gift economy’ does explain elements of sharing behavior within community, it doesn’t explain the robustness and longevity of the scene, i.e. what exactly are the institutions – consisting of  both informal norms and formalized rules – that allow the warez scene to sustain itself in the face of both external legal sanctions and tensions within.

VIRTUAL COMMUNITIES AND ENDURING CPRS

To understand tensions between individual rationality and collective action, the study uses Ostrom’s [38] notion of common-pool resources (CPRs), which are defined as resources shared by a group of people. Ostrom further characterized CPRs as defined by two primary attributes: 

  1. Low excludability, i.e., it is costly to exclude individuals from using the resource, and
  2. High subtractability, i.e., exploitation by one individual has the potential to subtract from the benefits available to others

A fundamental issue with dealing with collective action in CPR management is how communities deal with the “Tragedy of the Commons” [16], where common-pool resources end up being unsustainable because of selfinterested individuals exploiting them. Prior to Ostrom, the prevailing belief amongst economists was that the sustainability of CPRs was impossible without external regulations or private markets. However, Ostrom showed that local communities have been able to sustain CPRs solely through collective action. Through an extensive and rigorous study where she studied CPRs across the world, she found that long-enduring CPR institutions shared the following institutional design principles through which they are able to successfully organize and govern themselves:

  1. Both the CPR and group boundaries are clearly defined
  2. Rules governing the appropriation and provision of collective goods are congruent to local conditions
  3. Individuals affected by the above rules can participate to modify the rules
  4. A system for monitoring members’ behavior exists; this monitoring is undertaken by the community members themselves
  5. A graduated system of sanctions is used
  6. Community members have access to low-cost conflict resolution mechanisms
  7. The rights of community members to devise their institutions are not challenged by external forces
  8. In larger CPRs, there exist nested enterprise where monitoring, enforcement, conflict resolution are organized in multiple layers

Ostrom’s design principles offer a means to understand the role of institutions in producing “non-centralized, selfgoverning cooperation and sustainability” [17], allowing the analysis of existing CPRs and providing guidelines for new ones. While Ostrom’s original framework applied to natural CPRs such as forests and fisheries, Hess [17] has argued that these principles can also be extended to ICT applications such as virtual communities which, as social commons, face similar problems as offline CPRs such as coordination and cooperation.

Kollock [25,26] further extended these principles to provide a template to help in the design and analysis of successful online communities. Rosnay & Crosnier [43] find evidence of these design principles in successful commons-based peer communities such as the Internet Engineering Task Force (IETF), free software movement, multi-player game communities, and Wikipedia, arguing that these virtual communities can be modeled as enduring CPRs. Viegas, et al. [52] use these design principles in conjunction with Benkler’s [2] study of online peer production to analyze self-governance in Wikipedia communities. Forte, et al. [12] further build upon this framework to show how governance in Wikipedia has increasingly becoming decentralized.

These institutional design principles have subsequently been used to understand self-governance in diverse successful online production communities that exist as social commons on the Internet, including Wikipedia [52], distributed discussion systems such as USENET [27], and open-source software development [55]. The current study similarly uses Ostrom’s design principles to analyze the longevity and emergence of self-governing institutions in the warez scene.

THE STRUCTURE OF THE WAREZ SCENE

This section summarizes the warez scene from publically available warez scene documents written by individuals within the scene for the specific purpose of explaining it to outsiders [48,60] and prior research [9,10,14,41]. The scene, as it currently stands, consists of two kinds of groups – the warez release groups and the courier groups [48]. The former are responsible for obtaining the software, cracking it and repackaging it, while the latter are responsible for only distributing the cracked software. The courier groups are relatively short-lived, dependent on the warez release groups, and significantly lower in the hierarchy and very much on the periphery of the scene. In more recent times, they have slowly been replaced by automated scripts. This study will consequently solely focus on the warez release groups to understand the robustness of the warez scene.

The warez release groups follow a strict division of labor where members are allotted discrete tasks – supply, crack, test or pack. The process of releasing warez generally consists of the following steps: the group first obtains a legal copy of the software. This could be either through purchasing it themselves or obtaining it from an insider source in computer shops and software companies. On many occasions, software is obtained by groups even before it hit the market. A good supplier is essential to the success of a warez group and they go to great lengths to recruit well-connected individuals. The software is then cracked, i.e. reverse engineered to remove the copy protection that software companies implement to prevent end-users from making multiple copies. This has historically been an arms race between the software companies and the crackers. So far, every copy protection scheme developed has been cracked and release groups have competed to be the first ones to do so. 

Once the software is cracked, it goes through an extensive testing process to ensure high standards of quality. Releasing software that hasn’t been cracked properly can lead to serious loss of reputation for any release group. It is then repackaged, which often means stripping the program of any redundant information to decrease its size, adding information about the groups, and releasing it in a form that can be downloaded and installed easily. The information of the release groups, stored in an information file (an ASCII file with an NFO extension), is an important part of this process as it serves as a marker and evidence that a particular group was involved in the product.

These information files, introduced by warez group The Humble Guys (THG) in 1990 [37], are unique to the warez scene. Each group puts out customized files with extensive ASCII art along with information about the software, installation information, group information, members of the group, bragging rights, and shout outs to other groups. The files are finally divided into multiple smaller files to allow it to be easily downloaded and moved around over slower networks. The final packages are then released to the warez scene and other servers through courier groups. The cracked software now spreads through the Internet, downloaded by people who are outside the warez scene and shared via the World Wide Web and P2P networks. There are numerous databases in place that keep track of every release within the warez scene, with groups keeping their own personal databases to ensure that they don’t duplicate any other group’s work.

The competitive play between groups is further recorded through independent ranking boards that are updated regularly. The rankings measure the quantity of releases and award points based on various criteria with respect to the quality of warez.

DATA AND METHODS

As would be expected from communities operating in illegal spaces, the warez scene is highly secretive in its activities. Almost all communication is through private communication channels that only a select few have access to. While in the early days groups provided contact information for those outside the warez scene to contact them, it has substantially decreased since the crackdowns. Most groups operate with the understanding that if you are part of the scene you already know how to get in touch with them, and many information files have messages such as the following:

MAIL: CLOSED, CONTACT US THROUGH THE

SCENE!” – Warez group Storm Information Files from 6 October 2006 [46]

In the absence of direct observation, an important source of information are the digital traces left behind by the warez groups, i.e. information files that accompany every warez release. As previously mentioned, the information files are specific to each group and contain a wealth of information that can be used to piece together a coherent narrative of the warez scene at the level of the groups. For example, Figure 1 shows an information file by group FAS which contains the following text categories – information about the warez release, game notes that describe the game, installation notes, group news, greetings, along with an appeal to support software developers.

 

Figure 1: Example NFO File – “The Stolen Diamond Ring” by group FAS

Given the longevity of the warez scene – more than three decades – and the asynchronous nature of these files, it permits a longitudinal analysis of the data. However, because most of this data accompanies illegal cracked software, it is also ephemeral in nature, often being deleted and moved around in public servers. There are however archival websites that have documented these historical files from the scene such as http://www.archive.net, http://www.defacto2.net, and http://www.textfiles.com. These archival websites also contain non-release information files known as scene notices that are exclusively written to communicate with others in the scene. In addition, the study uses sites such as http://www.nfohump.com and http://www.nfodb.com which are active repositories of information files. While these public databases are loathed by those within the scene as it compromises their security by bringing excessive attention to them [60], they nevertheless exist and are the primary source for the current study.

The study parsed through the aforementioned online archives and repositories and extracted 98653 historical information files (95601 warez release files + 2152 scene notices) that date from 1989 to 2010. This paper, however, limits its analysis on the sub-genre of PC games for two specific reasons – 1) it is the first sub-genre that the scene was active in and has sustained itself for over three decades, making it most enduring sub-community within the scene, and 2) many of the institutions visible in the scene have their origins in this sub-community.

A total of 18398 information files representing 432 warez groups specializing in PC game warez releases were examined through an automated process that involved a Python code scanning the information files for text blocks. After discarding text blocks that only contained generic information about software, 4412 text blocks were extracted for analysis. The 2152 scene notices didn’t have any regular structure which would allow such automated extraction and were used in their entirety. The text extracts and notices were further time-stamped to allow a longitudinal analysis.

In the next step, the text extracts and notices were loaded into a qualitative data analysis software and text irrelevant to the functioning of the scene discarded through a preliminary round of coding. Subsequently, a directed qualitative content analysis was conducted with the intention of exploring the institutions that exist within the warez scene. Directed content analysis allows us to validate or extend an existing theoretical framework conceptually [18]. Here, Ostrom’s CPR framework and prior literature on the warez scene provided the variables of interest along with helping determine an initial coding framework that would guide the analysis.

 ‘Perceptions of non-scene outsiders’ and ‘response to law enforcement’ were included as coding categories to identify the boundaries of the scene as well as how external agents influence institutions within the community. With research on the governance of CPRs focusing on institutions – both formal and informal – coding categories of social relationships, rules, and norms were also included. Finally, ‘conflict-resolution mechanisms’ was added as a coding category to capture the interactions between groups when faced with conflicts. Data that did not belong in these codes were identified and analyzed to determine if they should be coded with a new category or within a sub-category of an existing code. ‘Historical information’ and ‘motivation’ were consequently included as coding categories upon a preliminary analysis of the data.

The initial coding framework, therefore, consisted of 8 primary categories: historical information, motivation, social relationships, norms, rules, conflicts, response to law enforcement, and social perceptions of non-scene individuals and groups. Subsequent analysis consisted of multiple stages of evaluation where the data was coded iteratively and coding framework expanded. With warez groups often interacting with each other over multiple information files, the iterative nature of coding allowed the study to also capture extended conversations across information files.

The coding itself was conducted by a single coder (the author) who, having spent close to 9 years observing the warez scene, was both familiar with the slangs used by the warez groups and aware of the context of the textual content. Upon completion of coding, the study focused on the social dynamics between the groups through a longitudinal analysis of the text with a final stage of evaluation summarizing observed rules and norms of the warez scene along with the systems in place to monitor members and sanction undesirable behavior.

MOTIVATION OF THE WAREZ SCENE

With warez groups earning no money from their software while at the same time risking heavy external legal sanctions, parsing their motivations is important to understanding what drives the community.

“It’s all about stature. They are just trying to make a name for themselves for no reason other than self-gratification.”, David Grime, Former member of warez group DrinkorDie (DoD) [31]

The analysis showed that the primary motivation of groups in the warez scene appears to be local reputation within the community that is generated through participating in the competition. Reputation is gained through releasing good quality cracked software and lost through releasing bad quality ones.

The analysis found multiple ways in which a group’s reputation is influenced by their releases: 1) First to release: Being the first group to release software is important – if a group releases a dupe (duplicate) then it suffers in reputation and their file is removed (or nuked) from the warez scene. 2) 0-day releases: Warez released on the same day as the software product arrives in the market, also known as 0-day releases, provide valuable reputation gains for release groups [14]. 3) Quality of releases: If the quality of a release is bad, then other warez groups are quick to point it out. 4) ‘Proper’ releases: When a group releases a poor quality release, other groups can subsequently release ‘proper’ versions where they necessarily have to justify why their release is better than the initial release to make it clear that it is not a dupe. For example, warez group Alias released a proper version of the game “Night Watch Racing©” on November 22, 2008, with the following justification:

“PROPER NOTE: Unleashed’s installer doesnt work and even when you unpack their rip manually it just crashes” [1]

Communication between groups, such as seen in Figure 2, captures the social bonds within the community as well as who they regard as competition, with groups greeting their competitors and showing admiration to those they respect. This is one of the important means by which reputation is displayed in the community (another being the ranking boards previously discussed). The social aspect of this community is important as this is a self-contained community where the incentive to work is primarily driven by what others in the community think of them.

 

Figure 2: Greetings from the Information files of Precise

A second, more technical motivation is the thrill of cracking software – the more difficult the copy protection scheme, the greater the allure for warez groups to crack it. Every new copy protection scheme has sent the warez groups into a competitive frenzy on who would be the first to crack it. This is similar to other related subcultures – HPVAC (or Hacking, Phreaking, Virus, Anarchy, and Cracking) – which privilege curiosity, technical challenge and freedom over social constructs such as laws and intellectual property rights [49].

Lastly, groups claim to be motivated by their love for software, combined with a “try-before-you-buy” ideal [48]. Whilst unequivocally professing their love for software they are firm believers that you should be able to try a fully functional version of the software without any copy protection before you buy it. Consequently, all warez release groups have messages in their information files that ask users to buy the software if they like it. The warez release scene here crafts itself as a means for those who love software to be able to experience new software, with the groups reiterating their love and support for the software industry in their information files. The groups are however not naïve in believing that all who use the software will eventually buy it and put out disclaimers in their information files that they are only providing a means for people to try software and are not responsible for the actions of others.

THE LUDIC COMPETITION AS A COMMON-POOL RESOURCE

Group reputation in the warez scene is a consequence of both the quality of released software and the longevity of a group on the scene [10]. In institutional analysis literature, reputation has been looked at as an informal and low-cost means to enforce social order in a community [7]. With cooperation requiring knowledge about other actors, reputation within a community allows for a measure of a person’s trustworthiness, consequently helping in agents choosing cooperation over other alternatives [39]. A wellrunning competition requires its players to cooperate on the rules and thus reputation within the community becomes the primary determinant of trust and cooperation which sustain the ludic competition between warez groups.

However, there are various ways in which groups can act to undermine the competition which in the long run can decrease the utility gains derived from the scene. By breaking the norms of quality and consequently clocking more releases, a group can have short-term boosts of reputation. A group can also falsely take credit for some other groups’ release in an attempt to boost their reputation. Given the multi-billion dollar piracy industry that is driven by cracked software outside the scene, a group can ignore local norms and trade the cracked software for monetary gains. Lastly, the security of the scene is a result of individual groups being extremely careful in maintaining secrecy through a variety of technical means. Warez groups are able to practice only because everyone else is equally secretive and do not compromise the scene.

This study argues that with the ludic competition within the warez scene itself an institution for collective action, it can be approached as a common-pool resource, which participants use to gain ego boosts or reputation. There is low excludability, as once a group is part of the competition, it is costly to exclude it – banning a group from the scene takes considerable efforts. However, it is also highly subtractable, as any attempts to accrue benefits by abusing the competition will decrease the stature and quality of the competition, thus decreasing the utility gains for other participants.

Thus, while all groups competing in the scene are better off if everyone else shares cracked good quality software and abides by good practices, there are going to be groups that will attempt to free-ride off the efforts of others maintaining a well-running and fair competition. This has similarities to the idea of sports as a common-pool resource [4], where norms and rules evolve to allow a fair competition between players. Players can cheat and hope to not be caught by their peers, but that threatens to devalue the competition, especially if everyone does so.

Identifying Rules and Norms within the Warez Scene Rehn’s [41] ethnographic study, set in 2001, has previously identified several explicit and implicit norms that are integral to the warez scene. The current study confirms several of these norms while finding new ones that are a result of increased P2P sharing and legal threats.

Among the implicit norms is the need to actively participate instead of lurking. Participation either means sharing cracked software or moving software from one location to another. The more salient explicit norms, which the study confirms, are speed and functionality. Releasing cracked software second (called a dupe), even unknowingly, is regarded to be highly unprofessional, and leads to a loss of reputation for any group. Groups often preempt this by explaining why their release is not a dupe while releasing it. Releasing software first that is not completely functional also leads to loss of reputation. For example, while releasing the game ‘Gunship!’ on 28 March 2000, in their information file, justify why their release is not a duplicate of a release by another group CLASS while pointing out how bad the original version was:

You might have seen class release of ‘Gunship’ and wonder why we are releasing this game too. Well, since you might know already, there are new rules in the game scene since sunday. You can find the rules included in disk 1 of this release. As you might notice Class managed to fuckup their first release cause it doesn’t apply to rule #2 Our release has everything the class release has. we just mp3’d the wav files, making it 15 disks smaller. So here MYTH brings you the proper release.” [35]

The current study also found evidence of other important norms, such as identifying all the groups involved in the supply chain, with every group attaching their information file to the release. This is especially important when some releases are worked on by multiple collaborating groups. Groups taking credit for the work of other groups is strictly looked down upon.

“Thanx to Reloaded for removing the ugly secu7 prot.” – The Guild 2 by warez group Technic Team [47]

These files, more often than not, retain the names of the groups till they are downloaded by the end-users as the group’s name is an important indicator to its quality. For example, “Tomb.Raider-SKIDROW” refers to the game Tomb Raider cracked and released by the warez group SKIDROW. The name as an indicator for its quality is visible on most websites and P2P search engines, where software by reputed groups is the most sought after.

However, the rise of P2P sharing and the unwanted attention of law enforcement has resulted in new norms, particularly with respect to security. The study found evidence that the scene requires groups and individuals to maintain high levels of security such as using encrypted hard drives, TOR, and proxies along with keeping their profiles as low as possible. Although this came about largely in response to busts against the warez scene, the analysis found reputation related norms that have been around for much longer – for example that groups should boast less and let their work do the talking for them.

“The people that need to know what you do already know, the ones that deserve to know probably will, and the rest should just think you’re another one of the random people on IRC.” – From information file ne-advice.nfo [60]

One of the most important norms in the scene, that the study confirmed, is of being part of the competition without expecting any economic incentives in return. This is an interesting norm, partly because in spite of being the source of a multi-billion dollar piracy industry, the warez scene continues to release software for free. That this had persisted in the face of intense legal risks is an indicator of how strong the social norms within this subculture are. 

“We do this for FUN. We are against any profit or commercialisation of piracy. We do not spread any release, others do that. We do NOT want our nfo or release listed on any public place like websites, P2P networks, newsgroups, etc! It is against the original scene rules! In fact, we BUY all our own games with our own hard earned and worked for efforts. Which is from our own real life non-scene jobs. As we love game originals. Nothing beats a quality original. Support the software companies. If you like this game BUY it! We did!” – From information files by warez group RiTUEL

Many warez scene documents list out the general guidelines by which all members should work. But as seen in the above text excerpt and Gunship extract, the community also has come out with “scene-rules” that are formalized rules and standards. Over the years, these rule-sets have been regularly updated to keep up with changes in technology such as increasing size and complexities of software, and the study discusses them in-depth in the next section.

Ludic Competition as an Enduring CPR

In this section, Ostrom’s institutional design principles for enduring CPRs are used as a framework to situate the analysis of rules and norms within the warez scene. The aim is to see to what extent do existing rules and norms ascribe to these design principles, and consequently, can they be used to understand how the competition within the warez scene has endured and successfully been selfgoverned.

The study will primarily focus on the only first 7 design principles as the 8th design principle applies to only large CPRs with multiple levels of CPR management and this study is restricted to analyzing a single layer of CPR management at the level of the individual warez groups. The 7 design principles have been grouped into the following 3 categories –

Boundaries and External Forces

This category groups the 1st and 7th design principle and focuses on how the warez scene keeps outsiders from influencing the competition.

Individuals with little knowledge of the scene are identified in scene slang as ‘lamers’ or ‘noobs’. The derogatory nature of these terms provides a clue to how non-scene individuals are looked at by those within the scene. The warez scene has clearly defined boundaries – both technical and social – that separate outsiders from      those within.   All communications between and within groups are through private and encrypted channels and servers that are accessible to only those who already part of the scene.  “Those who seek TNT will find a way to get in touch with us. Just ask around for the #1 Dox group. TNT has no email address, nor a web site. Any you find are surely fake.” – From warez group TNT information files 7 April, 2005 onwards [50]

In the early days of the warez scene, groups provided their contact information in their information files along with using IRC channels to communicate with each other. With groups forced to go underground to avoid legal sanctions, the study found that almost all warez groups have closed themselves to public contact. The use of private communication channels and servers to create technical boundaries keeps the competition exclusive and play a crucial role in keeping it from becoming an open-access resource. Thus, both the ludic competition and the warez scene’s boundaries are clearly defined. 

However, there are external forces, in the shape of law enforcement agencies and the software industry, that have through raids attempted to disrupt the warez scene and challenge the rights of groups to devise institutions. Software companies are also continuously updating their copy protection mechanisms in an attempt to make it harder for the warez groups to crack the software. However, while raids have disrupted a few warez groups, other groups and the competition itself have now gone deeper into the darknet. With high levels of secrecy being maintained, the rights of warez groups to devise their own institutions have not been sufficiently challenged. Further, the increasing complexity of copy protection has ironically only added to the allure of the competition, the technical challenge making it even more appealing.

Rules and Collective-choice agreements

This category groups the 2nd and 3rd design principles and focuses largely on the rules that apply to the competition as well as the mechanisms in place to modify these rules.

Over the last three decades, there have been significant changes in the nature of software and the software industry. Software has become increasingly complex, larger in size and more expensive. Further, global networks and increasing software needs have made software piracy into a multi-billion dollar industry. This has led to greater importance placed by the software industry and governments in dealing with intellectual property violations. Consequently, along with legal enforcement agencies conducting large-scale raids, software companies have continued putting greater efforts into creating complex copy protection schema to deter pirates.

The architecture of the Internet has also changed considerably over the last many decades – Internet speeds have increased along with the number of people with access to the Internet (and therefore potential end-users) also increasing. It is also actively monitored by enforcement agencies from around the world with illegal activities having to find new ways to remain hidden.

Through all these changes, the rules have been relatively congruent to local conditions, with it keeping up through various collective-choice agreements such as rule-sets that are updated at regular intervals. When a ruleset is found to be incompatible with local conditions, it results in groups petitioning to change it. This is followed by protracted negotiations between groups where often “differences are at least temporarily put aside and [their] unity re-consolidated [57].” While earlier rulesets when the scene was smaller were created by the top reputed groups in the scene, later rulesets (from 2000 onwards) have been created by a more inclusive council that democratically votes for changes.

As seen here, the rules with respect to the ludic competition adapt to changes in the local conditions. Further, as the council has gotten more democratic, all warez groups – small and big – are able participate in modifying the rules.

Monitoring, Sanctions, and Conflict resolution mechanisms This category groups the 4th, 5th, and 6th design principles and focuses on how participants in the competition are monitored, the sanctions in place for transgressors, and the means by which conflicts are resolved.

Compliance to norms and rules ex-post is important to the smooth functioning of any CPR institution, and in the warez scene it is enforced through social sanction, with the monitoring done by the entire community. The warez scene crucially leverages group solidarity to allow for efficient monitoring and control mechanisms. Evidence of groups bringing another group to task for breaking a rule or norm is common. The structure of the warez scene and the competitive spirit between groups ensures that all releases and group behavior are monitored by others allowing transgressions to be noticed and brought to the attention of the scene.

Accusations are backed up with evidence and the accusers attempt to rally the entire community to take action against the transgressors. For example, on 25 February 2007 group TNT released a scene notice titled “The History of a Thief Group: Unleashed Exposed *Part 1*” [60] that provided evidence of group Unleashed engaging in bad practices that were detrimental to the scene. The notices gave a detailed account of how Unleashed stole many of its releases from other groups and compromised scene security by talking about themselves in public channels and attempting to recruit individuals who are not from the scene but from public forums and IRC channels. Along with the scene notice, TNT released a compressed file containing 178 files as proof of their accusations. Around this time, other anonymous scene notices also made similar accusations against Unleashed. The impact of these accusations is visible in the absence of other groups greeting Unleashed in their information files in spite of Unleashed being very active in the scene.

Sanctions in the warez scene are social in nature and can be initiated by anyone within the community. The sanctions extend from withholding esteem to groups and individuals to a permanent ban from the ludic competition. In a community where reputation is the primary currency, withholding esteem is a powerful low-cost means to sanction groups and individuals. The study found evidence of insults that question the skills and integrity of individuals/groups being a common means to withhold esteem. Minor disagreements between groups are debated through extended conversations that span multiple information files and are limited to banter and insults. For example, the following is a conversation between group iRRM and RiTUEL over the quality of RiTUEL’s crack discussed over three separate information files:

RiTUEL’s rip crashed because of bad crack, the moment after you had configured the game. Our’s however do not crash. Enjoy this proper rip! o/”- Winter Sports(c) Oxygen *MULTI5* *PROPER* by iRRM, 20 November 2006 [20]

“Hey irrm our crack is fine btw , over and out.”– Made Man (c) Silverback Entertainment by RiTUEL, 23 November 2006 [42]

“Oh btw, your crack is bad indeed RiTUEL, just like LYNCH’s is. hang on.. right, you even used “lynch’s” crack. FLT propered LYNCH, as do we proper you, over and out.”– Lawnmower Racing Mania 2007 (c) VU Games by iRRM, 29 November 2006 [21]

When faced with more serious differences, the community has been able to put their rivalries aside and come together to discuss existing rules and propose new ones. These rulesets are a result of prolonged conflict resolution mechanisms where groups form committees and interact with each other with the primary purpose of “encourag[ing] fair play and a productive competitive environment” [59].

The Standards of Piracy Association (SPA), formed on 6 July 1996 and consisting of the top 5 PC games groups – Prestige, Razor 1911, Mantis, Napalm, and Hybrid – released one of the first rule-sets for the warez scene’s PC games subsector. As seen in Figure 3, the SPA also banned group ROR from the scene for releasing “nothing but fakes and betas”. Later information files by group Hybrid update the rule-set to include the following message: “NOTE: ROR is now known as REFLUX!” [19], showing constant monitoring by groups to ensure that sanctions remain in place.

However, within 2 years of the SPA, group Razor1911 unilaterally decided to increase the size of their releases [56], a move that was met by mixed reactions by other groups – among the groups of high repute, Paradigm supported it while Class was against it. With tensions running high, there were subsequently extended negotiations between the three groups for the sole purpose of resolving the conflict, part of which has been documented in over 2 months of information files. The conflict was finally resolved through a new rule-set called ‘The Faction Manifesto’ accomplished by a council called ‘The Faction’ consisting of these three groups. Along with resolving the conflict, the council further allowed other warez groups – small and big – to become part of the council through an invite/vote-in process. 

As mentioned before, in recent times, changes in rule-sets are voted through a democratic process and the study did not find evidence of many major conflicts. For the few conflicts that were observed, as can be seen in the above example, the groups with high reputation came together on their own accord and dealt with issues that had the potential of negatively affecting the “productive competitive environment” [57] of the scene.

As seen here, monitoring is undertaken by all those who are part of the competition. When transgressions are observed, there is a graduated system of sanctions that range from insults and banter to permanent bans from the scene. Further, when there are conflicts, the study observed groups of high reputation unilaterally stepping up to resolve them.

 

Figure 3: Ruleset – Standards of Piracy Association

DISCUSSION

The study sought to understand how warez scene has been able to coordinate and sustain itself in the absence of external regulations and found that at its core there exists a ludic competition that provides warez groups with reputation and social esteem. Subsequently, the study looked at the ludic competition as a CPR with its users at the unit level of individual warez groups. Through analyzing the digital traces of these groups on the public Internet, the study found that the competition does follow the design principles that characterize long-enduring CPRs.

Solidarity within the warez scene – a result of highlymotivated individuals willing to brave legal repercussions for technical thrills and reputation gains – has led to efficient mechanisms that are able to encourage a productive and competitive underground subculture. Strict boundaries between the scene and outside ensure that the competition doesn’t become an open-access institution. Further, through collaboratively creating rule-sets, the community is able to resolve tensions, arbitrate conflicts between members, and adjust to changes in the external environments. As we see here, the currency of reputation and social esteem is a powerful means to sustain a high level of cooperation and compliance to rules. The community has consequently been able to keep itself functional for over three decades while braving legal repercussions and changes in the software ecosystem.

Implications

Theoretical Implications

Prior applications of the CPR framework to digital resources have been analogous to offline natural resources – digital systems constructed for joint use with the generated resource units usually digital artifacts such as software or digital content. This study extends the CPR framework to consider systems such as the ludic competition within the warez scene where the generated resource units are relatively intangible social constructs such as reputation or social esteem. Here, the competition, as a CPR, can also suffer from collective action problems such as abuse, exploitation and ultimately destruction, unless limits are devised and enforced by the community – examples of which are seen in the warez scene.

Many virtual communities have been built around mechanisms that generate reputation gains or social ego boosts, and the continual existence of these communities has been contingent on their ability to sustain these mechanisms. Virtual communities, such as the warez scene, significantly differ from offline communities in the anonymity that is afforded to members by virtue of being on the Internet. The communities instead organically evolve through members coming together solely over shared interests which function to both enhance group salience and motivate collective action. In the absence of centralized coordination, modeling these mechanisms as CPRs extend our understanding of how similar virtual communities can spontaneously cooperate along with sustaining themselves in the long-run through building institutions that help them avoid the Tragedy of the Commons.

The role that digital technologies play in actualizing this is an important addition to existing CPR literature. They have not only allowed underground virtual communities define the boundaries of the CPR through the use of sophisticated security measures, but also provided effective means to communicate, monitor, and sanction community members. For example, in the late 1990s, Internet Relay Chat (IRC) networks allowed groups to set up secure invite-only private channels where they could communicate, release their cracked software, and keep track of the competition. The warez scene thus provides evidence of communities leveraging new digital technologies to better protect virtual CPRs.

Designing robust virtual communities

The longevity of the warez scene provides important pointers on the specific mechanisms that can sustain robust virtual communities. The role of competitive play in facilitating social action has been previously documented in virtual communities [5,36]. The study finds that not only can competitive play sustain a community built around it, but as a CPR, it can, with the right institutions, endure in the face of continuous environmental changes as well as individual rational self-interest.

Prior literature on the emergence of social structure has argued that the presence of moderate amounts of risk or uncertainty can help in building trust and consequently lead to stable group relationships as a means to negotiate uncertainty, especially when reputation is important to community members [24]. Kollock [26] extended these findings to argue that constraints such as risk and scarcity could be artificially introduced by designers into online communities to make participation more interesting for the users.

Designers of virtual communities can consequently use the ability of competitive play to transform environmental constraints in the system into challenges that need to be overcome. However, to create robust self-sustaining communities, the competition will need to be designed as a CPR that generates resource units that are coveted by users, such as reputation or ego boosts. Subsequently, Ostrom’s design principles can be leveraged to motivate participation, commitment and cooperation, and guide communities into building robust institutions of self-governance. More specifically, the principles will inform the process of designing decentralized virtual communities through assessing if communities have been provided the necessary technical and institutional infrastructure to help members

(1) induce compliance with established community rules, (2) deal with conflicts in the case of transgressions, and (3) encourage adaptation of rules in the case of environmental changes. They thus serve as a diagnostic to assess the institutional robustness of virtual communities.

Further Research

The current study analyzes the scene at the level of warez groups through their digital traces on the public Internet. A future extension of this work will seek to understand the scene in its entirety through an extended and sustained ethnographic exploration of the community and individual participants in the darknet. Analyzing the intra-group dynamics might provide evidence of multiple layers of CPR management which can subsequently be analyzed using Ostrom’s design principle of nested enterprise.

REFERENCES

  1. ALiAS. 2008. Night Watch Racing (c) Lexicon Entertainment. Retrieved from http://www.nfohump.com/index.php?switchto=nfos& menu=quicknav&item=viewnfo&id=122979
  2. Yochai Benkler. 2002. Coase’s Penguin, or, Linux and

“The Nature of the Firm.” The Yale Law Journal 112,

3: 369. http://doi.org/10.2307/1562247

  • Yochai Benkler. 2006. The Wealth of Networks: How Social Production Transforms Markets and Freedom. Yale University Press.
  • Edward J. Bird and Gert G. Wagner. 1997. Sport as a Common Property Resource. Journal of Conflict Resolution 41, 6: 749–766.
  • Barry Brown and Marek Bell. 2004. CSCW at play: “There” as a collaborative virtual environment. Proceedings of the 2004 ACM conference on Computer supported cooperative work, 350–359. http://doi.org/10.1145/1031607.1031666
  • Karen Clay. 1997. Trade without Law: Private-Order Institutions in Mexican California. Journal of Law, Economics, & Organization 13, 1: 202–231.
  • Rosaria Conte and Mario Paolucci. 2002. Reputation in Artificial Societies: Social Beliefs for Social Order. Springer Science & Business Media.
  • Kevin Crowston, Qing Li, Kangning Wei, U. Yeliz Eseryel, and James Howison. 2007. Self-organization of teams for free/libre open source software development. Information and Software Technology 49, 6: 564–575. http://doi.org/10.1016/j.infsof.2007.02.004
  • David Décary-Hétu. 2014. Police Operations 3.0: On the Impact and Policy Implications of Police Operations on the Warez Scene. Policy & Internet 6, 3: 315–340.
  • David Décary-Hetu, C. Morselli, and S. LemanLanglois. 2012. Welcome to the Scene: A Study of

Social Organization and Recognition among Warez Hackers. Journal of Research in Crime and Delinquency 49, 3: 359–382.

http://doi.org/10.1177/0022427811420876

  1. Robert C. Ellickson. 2009. Order without Law: How Neighbors Settle Disputes. Harvard University Press.
  2. Andrea Forte, Vanesa Larco, and Amy Bruckman. 2009. Decentralization in Wikipedia Governance.

Journal of Management Information Systems 26, 1:

49–72. http://doi.org/10.2753/MIS0742-1222260103

  1. R. Stuart Geiger and David Ribes. 2010. The work of sustaining order in wikipedia: the banning of a vandal. Proceedings of the 2010 ACM conference on Computer supported cooperative work, ACM, 117– 126.
  2. Eric Goldman. 2003. Warez trading and criminal copyright infringement. J. Copyright Soc’y USA 51: 395.
  3. Avner Greif, Paul Milgrom, and Barry R. Weingast. 1994. Coordination, commitment, and enforcement:

The case of the merchant guild. Journal of political economy: 745–776.

  1. Garrett Hardin. 1968. The Tragedy of the Commons. Science 162, 3859: 1243–1248.
  2. Charlotte Hess. 1996. Untangling the Web: The Internet as a Commons. Workshop in Political Theory and Policy Analysis, Indiana University.
  3. Hsiu-Fang Hsieh and Sarah E. Shannon. 2005. Three Approaches to Qualitative Content Analysis. Qualitative Health Research 15, 9: 1277–1288.

http://doi.org/10.1177/1049732305276687

  1. Hybrid. 1996. Starfighter 3000 (C) Telstar/Krisalis. Retrieved from

http://www.textfiles.com/piracy/HYBRID/sf3000.nfo

  • iRRM. 2006. Winter Sports (c) Oxygen *MULTI5* *PROPER*. Retrieved from http://www.nfohump.com/index.php?switchto=nfos& menu=quicknav&item=viewnfo&id=108587
  • iRRM. 2006. Lawnmower Racing Mania 2007 (c) VU Games. Retrieved from http://www.nfohump.com/index.php?switchto=nfos&

menu=quicknav&item=viewnfo&id=108967

  • Nixon K. Kariithi. 2011. Is the Devil in the Data? A Literature Review of Piracy Around the World:

Literature Review of Piracy Around the World. The Journal of World Intellectual Property 14, 2: 133–154.

http://doi.org/10.1111/j.1747-1796.2010.00412.x

  • Aniket Kittur and Robert E. Kraut. 2010. Beyond Wikipedia: Coordination and Conflict in Online Production Groups. Proceedings of the 2010 ACM conference on Computer supported cooperative work, ACM, 215–224.
  • Peter Kollock. 1994. The Emergence of Exchange Structures: An Experimental Study of Uncertainty, Commitment, and Trust. The American Journal of Sociology 100, 2: 313–345.
  • Peter Kollock. 1997. The economies of online cooperation:  Gifts and public goods in cyberspace. In Communities in Cyberspace, Peter Kollock and Mark Smith (eds.). Routledge, London, 220–239.
  • Peter Kollock. 1999. Design principles for online communities. Retrieved July 27, 2015 from http://mysite.du.edu/~lavita/edpx_3770_13s/_docs/koll ock_design_%20princ_for_online_comm%20copy.pdf 27. Peter Kollock and Mark Smith. 1994. Managing the

Virtual Commons: Cooperation and Conflict in Computer Communities. Retrieved July 27, 2015 from http://www.sscnet.ucla.edu/soc/csoc/papers/virtcomm/ Virtcomm.htm

  • Robert E. Kraut, Paul Resnick, Sara Kiesler, et al. 2012. Building Successful Online Communities: Evidence-Based Social Design. MIT Press.
  • Karim Lakhani and Robert G. Wolf. 2003. Why hackers do what they do: Understanding motivation and effort in free/open source software projects. 
  • Cliff Lampe and Paul Resnick. 2004. Slash(dot) and

Burn: Distributed Moderation in a Large Online Conversation Space. Proceedings of the SIGCHI conference on Human factors in computing systems.,

ACM.

  • Jennifer Lee. 2002. Pirates of the Web. New York Times. Retrieved November 26, 2014 from

http://www.nytimes.com/2002/07/11/technology/circuits/

11WARE.html

  • Peter T. Leeson. 2009. The Invisible Hook: The Hidden Economics of Pirates. Princeton University Press.
  • John G. Malcolm. 2003. International Copyright Piracy: A Growing Problem with Links to Organized Crime and Terrorism. Retrieved May 20, 2015 from http://commdocs.house.gov/committees/judiciary/hju8564

3.000/hju85643_0f.htm

  • Curtis J. Milhaupt and Mark D. West. 2000. The Dark Side of Private Ordering: An Institutional and Empirical

Analysis of Organized Crime. The University of Chicago

Law Review 67, 1: 41. http://doi.org/10.2307/1600326

  • MYTH. 2000. Gunship! *PROPER RIP* (c) Microprose / Hasbro Interactive. Retrieved from http://www.nfohump.com/index.php?switchto=nfos&men u=quicknav&item=viewnfo&id=4132
  • Bonnie Nardi and Justin Harris. 2006. Strangers and Friends: Collaborative Play in World of Warcraft. Proceedings of the 2006 20th anniversary conference on Computer supported cooperative work, ACM, 149–158.
  • oCEANiNE. 2002. RC Daredevil 3D ENGLiSH. Retrieved from

http://www.nfohump.com/index.php?switchto=nfos&men u=quicknav&item=viewnfo&id=13031

  • Elinor Ostrom. 1990. Governing the Commons: The Evolution of Institutions for Collective Action. Cambridge University Press.
  • Elinor Ostrom. 2003. Toward a behavioral theory linking trust, reciprocity, and reputation. In Trust and reciprocity: Interdisciplinary lessons from experimental research. 19– 79.
  • Jennifer Preece. 2004. Etiquette, Empathy and Trust in Communities of Practice: Stepping-Stones to Social Capital. J. UCS 10, 3: 294–302.
  • Alf Rehn. 2001. Electronic potlatch. A study on new technologies and primitive economic. Retrieved November 9, 2014 from

http://cdn.preterhuman.net/texts/underground/paraZite.org

.2006.10.13/ePotlatch.pdf

  • RiTUEL. 2006. Made Man (c) Silverback Entertainment. Retrieved from http://www.nfohump.com/index.php?switchto=nfos&men u=quicknav&item=viewnfo&id=108777
  • Melanie Dulong De Rosnay and Hervé Le Crosnier. 2012. An Introduction to the Digital Commons: From CommonPool Resources to Community Governance. Building Institutions for Sustainable Scientific, Cultural and genetic Resources Commons, International Association for the Study of the Commons.
  • Charles M. Schweik and Robert C. English. 2012. Internet Success: A Study of Open-source Software Commons. MIT Press.

 

  • Ben Shneiderman. 2000. Designing trust into online experiences. Communications of the ACM 43, 12: 57–59.
  • STORM. 2006. BlitzKrieg: Mission Kursk (c) CDV *Addon*. Retrieved from http://www.nfohump.com/index.php?switchto=nfos&men u=quicknav&item=viewnfo&id=105227
  • TECHNIC Team. 2006. The Guild 2 (c) Jowood. Retrieved from http://www.nfohump.com/index.php?switchto=nfos&men u=quicknav&item=viewnfo&id=108873
  • the_bogey. 1999. -= IRC Warez for newbies =-. Retrieved November 9, 2014 from http://web.textfiles.com/hacking/irc-warez.txt
  • The Mentor (a.k.a. Loyd Blankenship). 1986. The Hacker’s Manifesto. Retrieved May 20, 2015 from http://www.usc.edu/~douglast/202/lecture23/manifesto.ht ml
  • TNT. 2005. Vegas Casino Challenge Featuring Texas Hold ’Em!: Riverboat Slots V1.0 (c) EGames. Retrieved from http://www.nfohump.com/index.php?switchto=nfos&men u=quicknav&item=viewnfo&id=87949
  • Gregor Urbas. 2007. Cross-national investigation and prosecution of intellectual property crimes: the example of “Operation Buccaneer.” Crime, Law and Social

Change 46, 4-5: 207–221. http://doi.org/10.1007/s10611-

007-9060-x

  • Fernanda B. Viégas, Martin Wattenberg, and Matthew M. McKeon. 2007. The hidden order of Wikipedia. In Online communities and social computing. Springer, 445–454.
  • VISPER. 2001. Pocket Tanks Deluxe (C) Blitwise. Retrieved from

http://www.nfohump.com/index.php?switchto=nfos&men u=quicknav&item=viewnfo&id=6239

  • Steve Weber. 2004. The Success of Open Source. Harvard University Press.
  • Ruben Van Wendel de Joode. 2004. Continuity of the commons in open source communities. Proceedings of SSCCII-2004.
  • 1998. MIA: Missing in Action by Razor1911. Retrieved May 20, 2015 from http://www.defacto2.net/file/detail/b049e4
  • 1998. Faction Manifesto. Retrieved from http://www.defacto2.net/file/detail/a634e1/the-faction/
  • 2001. Operation Buccaneer, Summary of Events. Retrieved March 20, 2015 from https://www.defacto2.net/wayback/operation-buccaneersummary-of-events-from-2001-december-13/index.html 59. 2004. Standard Rip Rules (S.R.R) for Standard Rip Rules – Defacto2. Retrieved May 21, 2015 from https://www.defacto2.net/file/detail/a32d35/standardrip-rules/

60. 2015. Warez Scene Notice Collection (2006-2010) : Internet Archive. Retrieved May 20, 2015 from https://archive.org/details/warez-scene-notices-20062010