The EVE-Uni Botting Controversy

Drama in EVE tends to be confusing and shadowy at the best of times. In this case, we have a CSM member and CEO of one of the most promient organizations - EVE University - going after CCP's Security Team over a decision to temporarily ban a member of EVE University for market botting, and confiscating 317 billion ISK after the player had donated it to the corporation prior to biomassing his character.

The player, referred to as "John" for the sake of anonymity, had been temporarily banned from EVE. In an unusual twist, the player's ISK and assets had not been confiscated, as is usually the case with botting-related account actions - an oversight that CCP acknowledged. After the ban, the player liquidated his assets and donated 317 billion ISK to EVE University, which was confiscated after a director petitioned to ensure whether it was safe to use.

After a series of petitions back and forth between EVE University and CCP regarding the confiscated 317b, Kelduum went public calling CCP Security to account for their actions in a public thread on the EVE University forums, which was promptly upvoted to the top of the EVE subreddit. 

Unfortunately, it seems that Kelduum may have been too trusting. In his thread, he offers the following explanation for the banned member's behavior: 

It transpires that “John” had been temporarily banned from EVE as CCPs ‘Team Security’ had identified his actions as ‘suspect’ - he was a station trader, and a very good one at that, playing trade markets in EVE like a professional, using the common tools available, as well as custom built tools, but never automating anything to do with the EVE client himself - the closest he ever got was probably to create custom in-game-browser pages to streamline his workflow, meaning he would log into an alt, and update around 30 orders a minute for 10-20 minutes at a time.

We need not point out that a human cannot update 30 orders a minute without the use of a bot; in common parlance, a 'custom tool that allows you to update an order every two seconds' is a 'market bot'. 

Given the attention the controversy has attracted, the head of CCP's security team, CCP Sreegs, has taken the unusual move of commenting publicly on the matter:

There are a number of things wrong with the assertions being made in other forums, which is a topic I'm sure the author of these posts is familiar with because we discussed them prior to his rather selective reporting of the incident. Here's the facts as we need be concerned from an eve perspective:

1) John was botting. That is not even close to in dispute.
2) We committed an error in not removing the isk before it got to EVE-U. However we did rectify this problem and our logs show that it was discussed and approved prior to either them receiving the isk or petitioning. We apologized to EVE-U however the petition was escalated as high as it could be and the decision remained. We cannot typically share this information with them as it's really none of their business.
3) The only authority higher than the Director of Security for these complaints is the Executive Producer and then the CEO. This is a higher level of escalation than the Customer Service arm and IA automatically looks at our work. I'm not sure why we feel we should be able to escalate higher than the highest reasonable authority but the fact is that this team operates with significant oversight. We believe the issue here to be more that this particular CSM feels he isn't in the loop, something which is quite frankly the only proper way to do business in a unit that handles secrets.

Frankly we're a bit disturbed by the allegations made here given that the person in question waited until they exhausted every resource possible prior to posting this then lamented the lack of an escalation path. Not getting the answer you like isn't a lack of an escalation path and never will be. 

There are a number of interesting follow-up posts by CCP Sreegs in the EVE-O thread. We decline to comment on the controversy itself, as it has rapidly escalated into a classic 'he said, she said' situation, save that even the defenders of the alleged botter seem to acknowledge that he was botting save for definitional quibbles about the nature of botting itself. 


Update: Kelduum has replied to Sreegs, updating his original post on the Eve-Uni forums with the following:

I'd love to know what I was selectively reporting exactly, barring the things I cant post, but still...

Replying to each of the points:
1. Then all we needed to be told was "The ISK came from botting". I had asked if this was the case, and was bushed off repeatedly, being told that "its nothing to do with you", despite us actually having the ISK. In fact, this has happened a couple of times in the past when we have had donations which came from botting or RMT, and as the CEO I received a courteous mail outlining what had happened and why the ISK went missing.
2.a) The only words which could be construed as an apology were related to the one week response in the original petition. At no point has an apology for not removing the ISK earlier been made. I'd love to post the text of the petitions and/or other things, but that would get me banned.
2.b) The petition was responded to by one member of CCP staff, at one level, and on asking for it to be escalated, was told there is no escalation at all for the security team. As mentioned, I asked around if anyone knew of another escalation path, and reached dead ends, and statements that there is literally no higher authority than themselves. Again, I can't post this proof.
3. At no point was this explained, anywhere, by anyone. If it had been, then it could of been handled quietly. I'll leave the rest of that section detailing that members of the security team being oversight for the security team as exercise for the reader to determine if they think this is a good idea or not.

Finally, not getting any answer is what causes people to look for an escalation path, at which point being told there is no higher authority (which is now revealed to have been a falsehood) is what causes unnecessary drama like this.

The missing apology, and the missing explanation were what was being asked for. Its nice to have them, finally.

Update: Destructoid reached out to CCP for comment on the issue, and the company had this to say: 

There’s not a time where we happily remove ISK from players--unless they’ve done something wrong and then it’s more of a duty as strengthened by policy. There is recourse and escalation in the event of a false positive. The security team works jointly with many departments including Legal and Internal Affairs to make sure they “get things right” and continuously evaluates their processes. In terms of “accountability”, the security team is ultimately beholden to the Executive Producer, our legal department and then of course to our CEO.

For us, it’s a best practice not to discuss specific security investigations and actions with third parties.  Even though CCP is probably one of the most open and communicative companies in all the gaming industry, we simply have to keep some areas of our company a bit secret in order to be effective. Botters and RMTers will take any shred of methodology they can learn from us and alter their ways to avoid detection. For the health of EVE and the benefit of our EULA-abiding players, it’s actually best we aren’t as transparent as some people might wish in terms of tactics and strategies.

Goonswarm Federation CEO, Space Tyrant. Likes yoga, Alaskan Malamutes, bacon, and delegation.