Monday, February 25, 2008

Terrorists in Virtual Worlds Part II: A Fox in the MMORPG

The blogs frequented by massively multiplayer online role playing gamers and virtual world denizens are abuzz today with revelations about the "Reynard" project. It's a study of emerging social dynamics in virtual worlds and large-scale online games being conducted by the Intelligence Advanced Research Projects Activity within the Office of Science and Technology at the Office of the Director of National Intelligence.

Typical headlines: "US Government to Track Terrorists Via World of Warcraft," "U.S. Spies Want to Find Terrorists in World of Warcraft." The latter comes from a Feb. 22 post on Wired magazine's "Threat Level" blog, which appears to have set off alarms throughout the online gaming world.

Reynard came to light in a Feb. 15 unclassified report from ODNI to Congress required by the 2007 Data Mining Reporting Act. First news of the report came from "Secrecy News," the blog of the Federation of American Scientists' Project on Government Secrecy. The virtual worlds study is described as a "seedling effort" to "identify the emerging social, behavioral and cultural norms in virtual worlds and gaming environments" and then "apply the lessons learned to determine the feasibilty of automatically detecting suspicious behavior and actions in the virtual world."

Based on my own frustrating and less than illuminating experiences in Second Life, I am tempted to offer IARPA a chuckle, a nod and a "Good luck with that" about this project, but the report that unveils it deserves more serious attention.

High up in the report, DNI archly informs lawmakers that they won't be getting much real information about intelligence community data mining because they asked for the wrong thing. The law defines data mining as "a program involving pattern-based queries, searches or other analyses of 1 or more electronic databases" to "discover or locate a predictive pattern or anomoly indicative of terrorist activities." But that's not the kind of data mining DNI uses most, the report says.

"Analysis performed within the ODNI and its constituent elements for counterterrorism and similar purposes is often performed using various types of link analysis tools [which] start with a known or suspected terrorist or other subject of foreign intelligence interest and use various methods to uncover links between that known subject and potential associates or other persons with whom that subject is or has been in contact," the report says. But "the Data Mining Reporting Act does not include such analyses within its definition of 'data mining' because such analyses are not 'pattern-based." Note to Congress: Catch up. Fix your definitions.

What's more, the report explains, the few IARPA programs that do fall under the law's definition are so experimental and or cutting-edge that they generally can't meet the reporting requirement to judge their efficacy nor do they yet have a basis for determining that a pattern or an anomoly inidcates terrorist activity.

All that said, DNI does report on several projects within IARPA's incisive analysis area--the outfit designed to harness advanced analytics to help intelligence analysts sift mountains of data fast to find relevant information. The knowledge discovery and dissemination program, for example, uses data collected from across intelligence agencies. One effort "attempts to match known patterns of deception as provided by subject matter experts in foreign intelligence data."

The Tanagram project is testing the viability of a semi-autonomous surveillance and warning system to report the "threat likelihood" of known and unexpected "threat entities" by continually assessing information about known threats, among other things. Data mining will be or is being used to overcome incomplete and incorrect data, test threat hypotheses, warn of unexpected threats.

Video Analysis and Content Extraction attempts to automate the tedious and overwhelming process of reviewing the video feeds from surveillance cameras, such as those in subways and other public transit systems. It also is testing search capabilities to apply to video databases to retrieve terrorist events such as bombings and beheadings. Already the program has produced a video event manager that helps find events of security significance, such as a person entering and leaving a bag in a restricted area.
The ProActive Intelligence project (PAINT) studies "the dynamics of complex intelligence targets (inclusive of terrorist organizations) by examining patterns of causal relationships that are indicative of nefarious activity."
And finally, there is Reynard, which will "conduct unclassified research in a public virtual world environment."

The 15-page report devotes almost a quarter of its space to research in privacy protecting technologies intended to limit the use of data and to identify and protect information about innocents. The privacy initiative was born of a series of workshops in thefall of 2006 including government and private sector experts and privacy advocates.
And what of the funny name for the virtual worlds project? Well the logical allusion is to Reynard the Fox, hero of Medieval satires about social manners and classes. Here's how the Encyclopedia Britannica Online describes him: "Though Reynard is sly, amoral, cowardly, and self-seeking, he is still a sympathetic hero, whose cunning is a necessity for survival. He symbolizes the triumph of craft over brute strength." Hmm, or should that be "spy craft" over brute strength?


Anonymous said...

Your write-up implies that the Act has become final, but it has not, as far as I can tell. Have I missed something in the last few weeks of Congress?

Anne Laurent said...

Presuming you are referring to the data mining reporting law, it's official name is "The Federal Agency Data Mining Reporting Act of 2007" and it is Section 804 of the Implementing the Recommendations of the 9/11 Act of 2007, acording to the DNI report.