PAXsims

Conflict simulation, peacebuilding, and development

Spooks in the guild? Intelligence collection and online gaming

national-security-agency-seal

The latest round of Edward Snowden leaks on the National Security Agency reveal that the NSA, together with the UK’s GCHQ, have explored the collection of data from World of Warcraft, Second Life, and other online games and virtual environments. According to an article in today’s Guardian:

The NSA document, written in 2008 and titled Exploiting Terrorist Use of Games & Virtual Environments, stressed the risk of leaving games communities under-monitored, describing them as a “target-rich communications network” where intelligence targets could “hide in plain sight”.

Games, the analyst wrote, “are an opportunity!”. According to the briefing notes, so many different US intelligence agents were conducting operations inside games that a “deconfliction” group was required to ensure they weren’t spying on, or interfering with, each other.

If properly exploited, games could produce vast amounts of intelligence, according to the NSA document. They could be used as a window for hacking attacks, to build pictures of people’s social networks through “buddylists and interaction”, to make approaches by undercover agents, and to obtain target identifiers (such as profile photos), geolocation, and collection of communications.

The story is also examined by ProPublica and the New York Times.

The Guardian article understandably combines an occasional tone of ridicule (“What it really needed was a horde of undercover Orcs.”) with some overstatement. However, the NSA documents make it clear that there is a legitimate intelligence angle to all of this:

  • Online environments could provide a potential mechanism for both communications and financial exchange among intelligence targets (although they have drawbacks too, including the likelihood that the game provider may archive all chat logs and financial transactions)
  • Information on online game playing may provide insight into a target’s social networks, for additional SIGINT or HUMINT exploitation.
  • Informants can be recruited in games, and other sorts of virtual HUMINT operations can be undertaken in virtual environments.
  • Some digital games (notably combat and flight simulations) may be used as virtual trainers by terrorist groups.
  • Digital games may be used as propaganda and recruitment tools.

We’ve previously discussed some of these issues at PAXsims here (“Gamifying online jihad”) and here (“Iran, covert information operations, and the politics of video games”).

Much of the thrust of the NSA documents concerns the need to collect metadata, so as to enable future analysis. While this makes sense from an analysis perspective (when a new target arises, you need to have preexisting data on interactions in order to quickly analyze that target’s contacts and network), it does raise issues of overreach, privacy protections (for US or UK citizens, in this case), and whether the costs of metadata collection and storage are justified given the useful intelligence it eventually produces. This is on top, of course, of the additional—and even more serious—issues raised by the collection of actual in-game communications.

The challenge in debating the public policy of all this, of course, is that necessary security classification  makes it impossible for the public and most politicians to know what kinds of benefits this kind of intelligence collection might have had. Moreover, SIGINT capacities are usually something that takes time to put in place. Their development thus reflects not only a desire to collect information now, but also to enable an agency to collect information at a future point if and when it became necessary. No agency wants to tell its policymakers or public that it is unable to collect material because it failed to plan ahead for such collection. Conversely, it can become very expensive building collection mechanisms that are then generate little useful information. Compounding all this, the “Five Eyes” (US/UK/Canada/Australia/New Zealand) SIGINT community is full of enthusiastic geeks who have never met data they didn’t enjoy trying to collect.

SAICGames

ProPublica has provided a link to the partially redacted documents. We won’t reproduce the classified ones here, but we will provide a link  to an unclassified (FOUO) report prepared by the defence contractor SAIC for the US government on Games: A Look at Emerging Trends, Uses, Threats and Opportunities in Influence Operations.

2 responses to “Spooks in the guild? Intelligence collection and online gaming

  1. Pete S/ SP 09/12/2013 at 11:15 pm

    Interesting that the leaked report is dated 2008; it would still have been a secret policy in 2010 when the very same idea was lampooned in the film ‘Four Lions’ (Dir. Chris Morris).

    I am by no means trying to implying anything by that statement rather highlighting that the idea of using online games as a means of covert communications had been already established in the public consciousness.

    Regards,

    Pete.

  2. Martin Stewart 29/01/2014 at 11:59 am

    My thoughts exactly, Pete. I think we should not foresee online gaming as a way of virtual HUMINT operations and other terroristic communication. Yes, the concern is there, but let’s just focus more on the positive advantages that it can bring.

    Martin Stewart
    BetCoin™

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: