Lately there has been some rather bizarre hype about the potential threat from terrorists in cyberspace. Security specialists have been expressing increasing concern about the potential for mischief with Web 2.0. In particular, during the past six months a spate of newspaper articles have been citing security experts about the alleged danger that terrorists will use virtual worlds for nefarious purposes. Groups such as the U.S. government’s Intelligence Advanced Research Projects Activity say they fear that terrorists — using virtual personas called “avatars” — will recruit new members online, transfer funds in ways that cannot be traced, and may engage in training exercises that are useful for real-world terrorist operations. They point to existing “terrorist groups” operating on virtual reality sites as an ominous sign.
Granted, militant jihadists have long used the Internet as a propaganda tool; recently, Osama bin Laden’s No. 2 man, Ayman al-Zawahiri, was even planning an online advice column for followers of al-Qaida worldwide. But what’s the real game here?
Entering a virtual world is as easy as signing up for a Web-based e-mail account or bulletin board. But instead of being represented on-screen by a cursor arrow, you are present as a cartoonlike body, or avatar, and can wander around buildings and parks as though playing a character in an animated feature film.
But the notion that wandering around such an imaginary world with a computerized body is dangerous to anyone seems itself cartoonish and calls into question the public hand-wringing by security experts. It’s long been clear that the Bush administration authorized illegal, warrantless wiretaps on the American public, and that major U.S. telecom companies often cooperated in these activities. Vice President Dick Cheney recently urged making this type of unchecked domestic surveillance permanent. There is also evidence, as Salon was first to report in 2006, that the Bush administration has been secretly monitoring Internet traffic inside the United States. Could all the recent discussion of terrorists disguised as avatars be just another bogeyman to support an argument for wide-ranging electronic surveillance by the U.S. government, at will and free from oversight?
As in the real world, the avatars of residents in virtual worlds can meet, talk, exchange information and codes, and even spend currency, which can be changed into real dollars. Since the virtual worlds allow persons to contact each other across national boundaries and to pass on plans and money, they in theory could be useful to terrorists. But the evidence supporting these fears is thin at best.
For starters, my own foray at the end of January into the virtual reality world “Second Life” suggested that the platform is unreliable — not a promising sign for would-be virtual terrorist operatives. “Second Life,” begun in 2003, was established by Linden Labs. Blogger Jay Ackroyd, who goes by the moniker Jimbo Hoyer, hosts an interview show there called “Virtually Speaking” on Thursday evenings. I arrived in the VS amphitheater, set up with a table and virtual chairs, and took a seat while the audience gradually filed in to listen to the voice interview, conducted by conference call.
There were some technical glitches at first in setting up the audio, and the interview was cut short when “Second Life” suddenly announced they were closing down that area for cyberspace for repairs. Although these minor difficulties were no more than annoyances for an author interview, you would not have wanted a sensitive security operation to be dependent on a smoothly working platform.
Worse, the week before my appearance, banks in “Second Life” were closed down to protect residents from fraudulent promises of high interest rates. The institutional frameworks are to date so unreliable that terrorists likely could not count on a money-launderer to be able to follow through on any pledges made.
Jim Cooper, a political scientist with a background in security studies who is now a market analyst in Monrovia, Calif., is a “Second Life” resident. I asked him about the concerns over terrorism, and he replied by e-mail that he thought the idea of al-Qaida in “Second Life” and other virtual reality worlds was “laughable.” “For what purpose do they believe AQ might use them?” he asked. “Training, recruiting? Hardly comparable to real world stuff.” He has a point. If the July 7, 2005, bombers of the London Underground could so easily be recruited in a gym in Leeds, why go to all the trouble of creating an avatar? Would, indeed, a shadowy computer-graphic figure be as convincing as a real-life recruiter?
The typical “security risk” article of late begins by noting that in the summer of 2006, “Second Life” stopped requiring credit card information to open an account. A simple e-mail account would suffice. This step raised the possibility that terrorists could more easily remain anonymous in that virtual world. But those fears seem overblown, as “Second Life” admits to gathering key information from computers of users that can be used to identify repeat offenders against site rules. That is, users are not in fact anonymous. The site’s proprietors say that they keep that information encrypted, or “hashed,” and that only employees of Linden Labs have access to it. In other words, identifying information sought by security agencies could in fact be gained by warrant or subpoena, just as it could from telecom companies if the authorities have legitimate suspicions of illegal activity.
The “terrorism experts” cited in the media recently — who appear never to have actually wandered around virtual worlds such as “Second Life” — have also expressed concerns that terrorists could “get training” there. In an article in the Australian, one expert talked about terrorists spreading knowledge of “how to start terrorist cells and carry out jihad.” The report darkly observed that one can find stockpiles of weapons in virtual worlds, without seeming to take note of the fact that those weapons are … cartoon weapons.
Indeed, the journalists and security experts examining this issue do not seem to have grasped the difference between real actions and virtual ones. Learning to make your avatar do the tango or shoot a gun at someone in “Second Life” in no realistic way translates into knowledge that would help you carry out those actions in the real world. Likewise, nothing you could do with a gun in a virtual world would teach you how to, say, fire accurately or under pressure in the real world. Even the Internet war-game sites — known in geek terms as MMORPGs, or massively multiplayer online role-playing games, which include “Worlds of Warcraft” — would probably just make most terrorists overweight and addicted to the Internet.
One recent article breathlessly pointed to the outbreak of cyberterrorism at “Second Life,” in the form of the Second Life Liberation Army. This shadowy, anonymous group of virtual residents, however, has little to do with anything resembling al-Qaida in the real world. (They are subscribers to “Second Life” who resent having limited rights in the virtual world that they helped build; now, they are demanding that Linden Labs take the business public and allow residents to purchase stock shares.) Although this group has set off what look like explosions in “Second Life,” these events are in fact merely computer code cleverly inserted into the program, not unlike a computer virus. They pledge that “the SLLA will not seek to harm the normal operation of the world and will only attack agents of the state [Linden Labs] and other strategically important sites within Second Life.” Cooper remarked of the group, “as for SL Liberation Front … it’s a joke. We’re all supposed to laugh at art imitating life.”
The recent alarmism about terrorist activity in virtual worlds seems designed to prey on the fears of the Internet common among the Great Unwired. Most of the concerns are simply unreasonable.
Any monitoring by law enforcement of innocuous activity and communication in a virtual world, conducted broadly and without oversight, would be unconstitutional and could invade the privacy of millions of persons. I found no evidence based on my own observations that a virtual world is suitable for planning a terror operation. The anxieties of terrorism “experts” and government officials may also reflect a fear of being not so easily able to extend broad, unchecked surveillance into this new virtual frontier, even if doing so may well accomplish nothing in terms of protecting national security.