NSA, Other Agencies, Have Been Spying On World of Warcraft and Xbox Live For a Long Time
Fearing terrorists could use virtual worlds as a planning and recruiting ground, the National Security Agency and other intelligence agencies have planted spies in games like World of Warcraft and Second Life, and have monitored communications on Xbox Live. Some video game spying activities have been going on since at least 2008.
Another NSA leak by ex-NSA contractor Edward Snowden has led to the latest round of reports by The New York Times, Pro Publica, and The Guardian on the agency's top-secret spying activities. Spies from NSA, CIA, the Pentagon, FBI and the GCHQ have all been deployed at one time or another in virtual gaming worlds in recent years. So many, according to the documents reported by Pro Publica and others, that the CIA, FBI, and Pentagon spies needed a "deconfliction" group to avoid bumping in to each other and duplicating efforts on Second Life.
An 2008 NSA document describes how online games could be "private meeting places, and can be used for planning, comms [communication], and training, etc.," and how the games could be a "target-rich communications network," that gave targets of investigations "a way to hide in plain sight."
Besides intelligence agencies planting real agents inside the games, the NSA and its U.K. counterpart, the GCHQ, vacuumed up communications data from World of Warcraft, Second Life, and Xbox Live. Part of this effort seemed to be testing the extent of the agencies' powers, as the 2008 documents notes "with a few exceptions, NSA can't even recognize the [game-game specific] traffic" on the internet, "and therefore it is impossible to even say what percentage of the environment is [game data]; let alone determine how targets are using the communications features" of the game. That memo advocates that the NSA's signal intelligence group "needs to begin taking action now to plan for collection, processing, presentation, and analysis of these communications."
Along the same lines, the GCHQ noted later that year some success with being "able to get the discussions between different game players on Xbox Live." According to Pro Publica, by 2009, the GCHQ conducted a test on Second Life, successfully gathering a total of 176,677 lines of data, including chat, instant message, and financial transactions.
The reasoning behind the spying seems to be that all of the features common to online gaming - fake avatars, closed conversations via voice or text, and transactions between players - are tools used as an established matter of practice for terrorism and espionage. However, the documents obtained by the three news outlets have not cited any specific counterterrorism successes from spying on games.
According to the documents, the GCHQ was able to help a London police investigation on credit card fraud in Second Life with the aid of an informer who volunteered information on the cybercriminals' activities. The same agency also reported success identifying real-life engineers, embassy drivers, scientists, and other potential foreign intelligence operatives for recruitment as friendly agents in World of Warcraft. However, most of the positive outcomes from the invasive game-spying and data collection program seem to be related to the agencies gaining a broader knowledge of how the systems work and how to collect and analyze data from these virtual worlds.
It should be noted that these virtual worlds and online gaming systems are all run by companies that reserve the right to monitor user conversations in order to ban those who display abusive or illegal behavior - something that would be a clear red flag for anyone seriously attempting to meet up inside these systems in order to organize or otherwise communicate with fellow terrorists. Spokespeople for World of Warcraft's owner Blizzard Entertainment and Microsoft, proprietor of Xbox Live, both said the companies were unaware of the government activity and that if it happened, it was without their consent.
Later, Microsoft legal representative Brad Smith went further for the company - which has clearly reached its limit for tolerating government snooping within its services and products - saying, "People won't use technology they don't trust. Governments have put this trust at risk, and government need to help restore it."