Surveillance in Online Games

Surveillance in Online Games

I recently presented a paper at the Internet Privacy summer school. While preparing for that, I looked at how government agencies viewed games as tools for surveillance. The focus of this short summary is on the 2007 NSA report leaked by Edward Snowden. Looking at the report from the present shows that NSA’s hopes for the power of games might have been a bit overstated.

Since the agencies are secretive by nature, the only sources available are through whistleblowers like Edward Snowden. Most of the reports that are available are through Snowden’s leaks. The most report most relevant to games is Games: A look at emerging trends, uses, threats, and opportunities in influence activities (2007).

The files leaked by Snowden focus on two agencies that have co-operated on trying to use games for surveillance, the National Security Agency (NSA) from the United States and the Government Communications Headquarters (GCHQ) from the United Kingdom.

The information leaked in the files show that these two agencies had a presence at least in Second Life and World of Warcraft. Additionally, they listened in on the communications on Xbox Live. Blizzard claims that they were not aware of the surveillance. According to their statement, if World of Warcraft is under surveillance, it is being done without their consent.

However, not everyone was so vary of the agencies: in 2007 the chief operating officer of Second Life gave a talk at the NSA explaining how his game was “the opportunity to understand the motivation, context and consequent behaviours of non-Americans through observation, without leaving US soil”.

Around the time the report was drafted, the NSA seemed to be both hopeful and fearful of the possibilities of games. The document explains that games are a “target-rich communication network” and “an opportunity” for surveillance. The NSA was hoping to use games for “CNE [Computer Network Exploitation] exploits, social network analysis, HUMINT [Human Intelligence] targeting, ID tracking (photos, doc IDs), shaping activities, geo-location of target[s] and collection of comms”.

The document goes on to elaborate who the NSA are targeting: Al-Qaida terrorists, but also other targets like Chinese hackers, Iranian nuclear scientists, and Hezbollah and Hamas members. NSA is not alone in doing this: GCHQ identified “engineers, embassy drivers, scientists and other foreign intelligence operatives to be World of Warcraft players”. The NSA documents also claim that GCHQ had exploitation modules against Xbox Live and World of Warcraft, and there are reports stating that they were listening in on Xbox Live conversations.

The agencies were worried that they would be waste resources tracking each other, so they created a “deconfliction group” to avoid spying on each other. They also tried to recruit informants from among the players.

Both agencies are afraid that terrorists are using online worlds to communicate and coordinate their actions. However, there is no evidence that any terrorists would have been caught with these methods. There is some proof that people connected to terrorist groups might be playing online games – but apparently they do it for similar reasons than everybody else, for fun.

NSA was also concerned about Special Forces 2, a game created by the Hezbollah. They noted that the profits from the game could be used to fund terrorist operations, and the game could be used as a tool of propoganda. There is an ironic twist to this: the idea for the game came from the US Army, and their game America’s Army. America’s Army has been used as a propaganda tool since it’s launch in 2002.

It seems that NSA and GCHQ weren’t alone in thinking that games could be used to collect information: in 2006 and 2007 Pentagon’s Special Operations Command was involved in developing games for mobile phones as tools for information collection. The US government has also funded research on online environments, like that of Dmitri Williams and Nick Yee, specifically asking not speculate on what the goal or motivation behind the funding is.

By the end of 2008, there was but one success: takedown of a website trading in stolen credit card details – not exactly stopping terrorism, but still useful. However, stolen credit card details are hardly the threat of terrorism the surveillance was supposed to fight.

NSA and GCHQ seemed to be both worried and hopeful that games could be used for covert communication, conditioning and propaganda, and surveillance.

While there is no evidence about the use of games as a form of covert communication, they are still used as tools for propaganda. And it is probable that data from games is still used for surveillance, even though there is no evidence that is a cost-effective way for government agencies to do so.

A quote from the British security analyst Graham Cluely sums up the issue nicely:

Obviously online games which include chat or IM facilities do provide a method for people to communicate … But how practical is it to have a team of spies sniffing around ‘World of Warcraft’ to see what they might find?

Why aren’t they also snooping (maybe they are!) on the chess app I have on my smartphone? Perhaps every time I mess up my Dutch Stonewall defence it’s not really an indication that I’m a lousy chess student, but instead a coded message for my opponent to launch an attack on SCADA systems in the Netherlands?

– Graham Cluely, US and British spies invade World of Warcraft in hunt for online criminals and terrorists