Very very interesting session on surveillance and security on virtual worlds. I actually thought it would be all about ‘Muslim terrorists’ and I was quite apprehensive, but then found the session to be absolutely fantastic and very informative.
Here are my notes on the session:
Intro from British intelligence: What can they do for bad-guys: Voip, recruitment..
What can it do for good-guys: twitter for example. There was an operation Crevice to bomb London.
Wikipedia, twitter, facebook, vertical content: the possibility of it spilling over in VW is great. Re the future of VWs going to be where warfare is conducted? [e during the Gaza war: Gaza and Israel in SL].
Bart Simon: perfect surveillance – worries about invasion of privacy. Jeremy Bentham and Foucault’s panoptic. It is not about being watched, but it is about a state that requires minimal surveillance. It is about the people watching themselves – they do the surveillance themselves and they start watching and get info about themselves to police themselves. Surveillance is a systematic exertion of influence on someone’s life and the second is systematic attention. People don’t watch people any more. Now we have dataveillance: where data is collected and put in a database. The surveillance is not of the person but the data about that person and the key is to connect the data to the person. It ends when that person ‘confesses’ that you got him. But VWs make that difficult because you disengage who you are from the data about you.
Oscillating between the concept that VWs is dangerous and the concept that it is not. We don’t want their confessions any more but we want their genetic information. When we increase the individuization of avatars people make surveillance easier because they claim their data directly.
Everything in VWs lets you act as who you are not – it encourages role play and encourages you to be someone else – which real life is difficult to do. How do we create a VW where people will not role play? This is for example for marketing projects.
Charles Cohen: is surveillance technically possible? And is it lawful? [a murder case where normally you would talk to friends etc.. and trace behavior, but he spent 20 hrs online and they decided they had to go there to make the investigation]. Distribution and production of child porn. Found in VWs but as it gets more photorealistic it becomes more difficult to prosecute: is this really a child? How to prove that?
Currently it is more of a challenge than an opportunity. What about servers outside US jurisdiction?
Michael Schrage: raises sociological and legal questions. You design honeypots – in VW what constitutes a honey pot where you trap avatars to do get them – which may sound like entrapment. How do you design a honey pot? The issue is how the VW interacts with the real life. The rise is malevolent mashups. VW as media for trust and media for verficiation. Trust but verify as Reagan said. How do you verify?
Creating jihadi bots. Assembling botnets is not that hard.
The evocative aspect is not the evolution of VWs but because of the proliferation of devices we will see grey markets and black markets and improvisation. It will create interesting collaborations in the community.
Michael Theis: the world has changed fundamentally in such a way that people can steal stuff because it is in a computer in some place. It takes 3 things for protection:
1- An aspect of trustworthiness: what do I trust and who
2- Right size my permissions: the software does what it is designed to do. Information about them but not give out info about myself.
3- Effective monitoring capability: not surveillance but monitoring.
We look at people in real life, and see how they would act in cyberspace. Would someone who shares music steal from best buy for example? Not necessarily.
Trustworthiness: looking at people and assessing facial and physical expressions during an investigation. It is difficult to do that in VWs and cyberspace.
People believe in anonymity but it is not true. In voice it is an issue of meter and tone etc.. pausing, the ummms.. Could I do that in VW? Could I ask questions to determine their trustworthiness?
People also act differently in different VWs. Anamiah.. people could take on multiple personalities but then after a while you can tell that the two are the same people. What is needed is something that identifies those aspects.
We have to consider how we go about doing monitoring.
From the question/answer session:
Could griefers be prosecuted? For example for sexual harassment?
In terms of constitutional law, how much can you do in terms of going into someone’s virtual home? It has to be viewed as an intercept to do that rather than as a search of the home that needs a warrant. Currently the law does not specify that at all. But also that should fall into the laps of the VW owners and their TOS.