News has been breaking that the United States National Security Agency (NSA) and the UK’s Government Communications Headquarters (GCHQ), the British equivalent of the NSA, “infiltrated” various on-line gaming platforms and virtual worlds as part of the anti-terrorist activities.
Information on the operations, obtained via Edward Snowden, the former CIA employee / NSA contractor, who released some 200,000 documents to the press, is at the centre of a series of reports the Guardian newspaper in the UK in partnership with The New York Times and ProPublica, and which have been widely picked-up by the on-line media on both sides of the Atlantic. The reports show that both the NSA and GCHQ were so concerned about the various methods nefarious individuals might use to communicate with one another, that they started targeting various on-line platforms – often on the thinnest of reasoning.
The actual activities were varied in scope, ranging from specific data gathering through the use of “mass-collection capabilities”, through to operatives posing as players on various platforms seeking information and also charged with recruiting potential informants from the more technically aware members of the various communities – with Second Life being one of the targeted platforms.
In some respects, the interest in virtual world and games platforms is unsurprising; I’d frankly be more concerned if the security agencies hadn’t considered the potential for such platforms to be used by militant or terrorist groups (which, I would also add, should not be taken to mean I necessarily condone their actions). However, what I do find to be eyebrow-raising, and doubtless what other people will as well, is the degree to which GVEs – games and virtual environments – were subjected to surveillance and what went on.
For example, ProPublica reports that in 2009, a 3-day “test” of capabilities to gather data from within Second Life, Britain’s GCHQ gathered real-time data on chats, IMs and L$ transactions which amounted to some 176,677 lines of data. How widespread this data-gathering was, who was affected by it and what happened to the data, is unclear.
GCHQ’s interest in Second Life appears to have started out as a legitimate activity. Towards the end of 2008, they were involved in tracking down a credit card fraud ring in what was known as “Operation Galician”. When the fraud ring attempted to move some of their activities to Second Life, GCHQ and the police followed. Even so, the success (or otherwise) of that operation doesn’t seem to stand up as justification for the wholesale gathering of data as occurred in 2009.
The British security agency was no slouch when it came to other virtual and gaming environments, either, as the Guardian’s report reveals:
At the request of GCHQ, the NSA had begun a deliberate effort to extract World of Warcraft metadata from their troves of intelligence, and trying to link “accounts, characters and guilds” to Islamic extremism and arms dealing efforts. A later memo noted that among the game’s active subscribers were “telecom engineers, embassy drivers, scientists, the military and other intelligence agencies.”
GCHQ was also the motivating force behind data gathering activities directed at the Xbox Live console network, and developed “exploitation modules” for various platforms. Much of this activity appears to have been carried out at Menwith Hill, a Royal Air Force base which provides communications and intelligence support services to the United Kingdom and the United States of America, and where GCHQ and NSA operatives worked side-by-side to infiltrate World of Warcraft.