State of Play VI Security Seminar

Notes from State of Play VI

Wednesday, July 1, 2009

Playing with the Databased Self: Perfect Surveillance in the Age of Virtual Worlds

Introduction: A Diagram of Perfect Surveillance

Bart Simon, Sociology and Anthropology
Concordia University, Montreal

It’s a typical day in the operations center at Blizzard HQ. The supervisor walks in on regular shift. Shades of West World, intimations of NASA mission control – rows of computer screens flash with data scrolling by in streams in front of hunched over operators typing, talking through mics and shouting at each other. At the front of a room a series of wall size monitors displaying a map of Azeroth, the world of warcraft. The fictional geography is irrelevant. This map represents a container of so many pixels of light… clustered together, moving about. The light changes based on the time of day and the shift gets ready from the post-patch evening rush when server load reaches maximum (Tuesdays approx. 8-11pm EST). Each pixel fixes the location of a player avatar (or perhaps an aggregate of these) and with a keystroke the character profile signaled by the avatar is displayed on screen. The data here is seemingly trivial – name, level, race, class, a list of gear perhaps. Its stuff you could easily find in the Armoury database. Another stroke however and the operator is in the game world either with an invisible camera monitoring the in-game activity of the avatar (including private whispers and tells) or maybe for fun the operator assumes a players point of view via an invisible avatar – in this form he shadows the avatar for a few minutes --- just a routine check.

A signal bleeps – the search algorithms have picked up something… this avatars name has been reported before and he is in possession of unusual amounts of gold for someone of his level. This is unusual…the operator must go deeper. Tied to this character in the central database is a player account – another “real” name, an address, a credit card number… Hold on, there is more than one account on the same credit card and so much high level gear accumulated in just a couple of weeks. The operator chuckles as the infamous Warden client is activated and the computer through which the account has been accessed and the avatar deployed is scanned for non-EULA compliant software and “illegal” mods. While this continues, the entire history of the avatar’s movements, actions and conversations in the game are recalled and analyzed. It’s all coded; time, place, even the precise action. This can be cross-referenced to the known profiles of farmers, hackers and even certain kinds of griefers. The software continues its work drawing on the central database – a list of known acquaintances is drawn up and each of these subsequently checked… within minutes more the account is terminated. There is no recourse. The age of perfect surveillance has begun.

More from Bart Simon here at TAG


Thursday, June 25, 2009

VI from a Security and Surveillance perspective

Inaccurate and unsubstantiated report from State of Play VI.


The conference began with a seemingly angry Raph Koster making the argument that virtual worlds would not move forward unless they became more like the web. He seemed to discount the idea of immersion and certainly his latest creation metaplace does not appear to be an overly immersive place. Koster’s argument does agree with a large trend -- increasingly digital life is moving into the browser. Google’s Chrome is the most advanced of the browser gateways to the coming cloud and building a world that takes advantage of the rise of the browser seems like a sensible bet. Similarly, creating a virtual world language that enables the creation of browser-based content is an inherently ‘smart’ thing to do. However, there is a potential logic trap for Koster’s world view, just because the web has exploded using the mechanics espoused by Koster of pages linking together this doesn’t mean this will apply to multiple virtual worlds linking together. In fact, it may mean the opposite.

Koster demanded to know what important action Virtual Worlds had accomplished – asking the question in juxtaposition to the claim that is younger brother had just managed to shut down ‘Iranian government’ websites. This struck me as odd then and more so now. It is true that groups based around the Internet meme 'Anonymous' are attempting to assist Iranian protesters and also to organize DDOS attacks against Iranian government sites - but this could have just as easily been organized from within Second Life -- would that suddenly make virtual worlds relevant? The truth is cyber-attacks or indeed any variant of information warfare is not platform specific.

I can’t help but think that there is a background theme of dislike for Second Life, which stole the thunder from the virtual world traditionalists and hammered virtual worlds into mainstream consciousness. A number of at least, noteworthy events have occurred in Second Life, and these were ignored in this debate.

When Governments come out to play

Next up for me at least was a panel relating to government interaction in virtual worlds. This was pretty much a re-hash of things already known, already tried and seemed empty of inspiration. Interestingly, when asked (by Mike Theis) the panel did not think government services would migrate wholesale into virtual worlds. This some touchingly naive. In California DMV services are effectively moving online. The government largesse, which paid for workers at the DMV is declining by the minute in California – but DMV services are still required. It doesn’t seem to be much of a leap of faith to imagine the whole thing going online with some reserved human interaction that replicates some airline check-in functions in function and form (there to serve the baffled or to check identities).

Lunch was with Dr. Rita Bush from IARPA who was after ideas for future projects in 3 areas:

- Effect of Virtual Worlds on the Real World
- Virtual Worlds as collaborative environments
- Time Machine:
o Forensic rewind for events
o Predictive capability/ Scenario planning tool

There was a lot of discussion about having a baseline census on use of virtual worlds. Seems important but I can’t say it intrigued me. Edward Castronova was in the room who has of course previously speculated on the effect of virtual worlds on the real world in his ‘exodus’ book. This topic is an interesting one. I’ve heard Philip Rosedale play with this idea during lectures on Second Life - and particularly at the Long Now Foundation. He conflated the Burning Man experience with Second Life and suggested by being involved in either you are never the same again having experienced ‘super-positioning’ ….maybe. Nevertheless intriguing topic and worth it.

Virtual Worlds as Time Machines

The Time Machine idea is a good one and the ability to do this is probably nearer than anyone thinks. Microsoft Labs has mashed together PhotoSynth with their Virtual Earth project. Having seen Photosynth last year I was intrigued by its utility -- there are standalone versions of this. It is remarkably effective and if they move the open version to pulling pictures off the web, which update in real-time – then the time machine will exist or at least will be on the way.

The predictive aspect of this is arguably being worked on under the title of what Steve Steinberg described as ‘Crowd Dynamic’. His blog on the subject is here . This is by far the best treatment of the subject and expertly synthesizes a lot of the thinking in this realm. It would seem that Paul Torrens has moved towards developing at least the first half of a predictive world.

Rita ended with a request for imagination.

Magic Circle

Next up was probably the most interesting part of the conference. A panel entitled breaking the magic circle. At first I was confused as in the UK this term is used to describe the largest law firms. However, I re-calibrated and enjoyed the panel. The theme of the panel seemed to be that there is a different way of motivating human behavior by using game-based constructs. Instead of being rewarded in US Dollars users of the systems could be motivated by virtual badges or similar online merit systems. It doesn’t take much of a leap to consider that these rewards could then be traded and developed for 'Real Money' much in the same way all virtual currencies are traded.

In a world looking for a new economic theory I’m not sure the panel was aware of how they were tapping into this debate. Last month Wired Magazine had a big piece on New Socialism - basically people acting for the common good in a digital realm. I struggled to believe this theory but I can imagine people taking positive action in the public realm in order to win another virtual badge. ARG’s are probably one of the more interesting potential developments. Nobody has developed the secret sauce to make an ARG where people pay to play. So far large-scale ARG's have all been marketing attempts from 42 Entertainment et al.

The most energetic presenter who could be taping a theme who’s time has come was Dennis Crowley who founded FourSquare – a relatively low-tech ARG based on cities. By combining ideas taken from gaming with the big shift to the mobile handset computing coupled to GPS he may be at the right place in the right time. Extrapolating out from the 'Nike+ ipod' idea foursquare shows how increasing sophistication of hand-held devices linked to online communities are the necessary ingredients for development in this space. The better mobile computing becomes the more sophisticated ARG's will be able to be.

The final panel of the day was on the Economics of Virtual Worlds. It was kicked off by Julian Dibbell who went over his work on IGE. The conversation meandered around and nothing much of interest was discussed. Slightly off-topic Castronova got into a debate about governance and privacy, essentially saying that if he wanted to play a game as an elf he should be allowed to do so unmolested. This seemed to be in direct counter-point to the opening comments made by Koster on immersion –- it would seem people still like to be immersed. Castronova also said he felt there was a new category of user who went around sampling different virtual worlds all the time without sticking in one. This sounded more like a virtual world researcher than a new category of user.

Andrew Schnedier from Live Gamer a RMT trading company gave a decent presentation and a live demo of currency transfers in EverQuest. I asked him after the panel what level of organized crime activity he had noted in his service. He said none. Either this is true or they aren’t looking for it. Considering back in 2007 that a high number of premium account Linden Dollars were being acquired fraudulently in a variety of ways Schneider’s comment seems out of place. Virtual currency fraud and money laundering are seemingly inevitable.


Saturday kicked off with a panel on virtual world governance governance chaired by Ren Reynolds. Nothing much to note other than the fact that lawyers are likely to continue to make money from the shift of content onto a variety of digital platforms – each new iteration of a platform spawns legal questions about content and the need for various EU working groups to examine the subject and write a report, which will be debated in the legislative chambers of Europe on Friday afternoon before recess.

Security and Surveillance

The panel began with my quick note on how information war may develop. If virtual worlds are used to cut through the cloud of data then information war could transfer into virtual worlds. This then may look like current griefing campaigns - which may after all prove to be important (see Burcu S. Bakioglu PhD work on Griefers).

This was followed by Bart Simon who expertly asked whether, virtual worlds are becoming impossible to monitor or expressions of perfect surveillance – the idea of dataveillance was suggested, defined as sustained and systemic surveillance attention. He also clearly established his academic credentials by referring to Bentham the Panopticon and Foucoult in almost the same sentence. Chuck Cohen then jumped in by offering a series of examples that seemed to suggest virtual worlds were impossible to monitor. Michael Schrage added his spin and suggested that the title of the conference being plateau was nonsense given the tendency towards rapid improvisation in technology. He also introduced the phrase – malevolent mashups – by way of explaining how the convergence of these systems can be exploited in a variety of ways by a variety of bad-guys. Micheal Theis ended the formal piece of the presentation with a rundown of surveillance that is currently possible in virtual worlds and outlined his three design items for protection: trustworthiness, right-sizing permissions and effective monitoring capability. The Q and A through up some interesting ideas about the nature of torture – Mike Schrage liked the idea of connecting body parts to virtual worlds – torturing someones virtual identity however, seemed like a distinct possibility. There was also a question asked about whether it was legal to smoke virtual pot in your own virtual residence....there is a profound question lurking in there somewhere.

Overall impressions

One of the main items I took away from the conference was a discussion with Chuck Cohen about Entropia Universe and how Banking licenses could be easily manipulated in this virtual space to launder money and otherwise conduct illegal activity. Plus of course the nagging doubt about Koster and browser based worlds. While he is correct that the browser is about to dominate our interaction with cloud-computing it remains to be seen whether he is correct about virtual worlds having to have the same mechanics as the web in order to succeed.

Links to comments on Security Surveillance Panel:


New York Convergence

Contact: roderick[dot]jones[at]gmail[dot]com