For government departments that are considering developing a forensic audit capacity I would recommend the article written by Alan Gilmore in the Financial Management Institute of Canada’s FMI*IGF Journal Volume 20, No. 1, Autumn 2008. The article is published in both English and French and is available from the Financial Management Institute’s website.

A brief welcome to the students of the Internet Research as an Investigative Tool course at Algonquin College.

I am very excited to have the opportunity to work with you all over the next 10 weeks and look forward to the new ideas and approaches that inevitably surface from classes like these.

Chris

If you have 10 minutes and are interested in the future direction of Canadian copyright law I would invite you to watch the video posted below. It’s from the Globetechnology (as in The Globe and Mail newspaper) YouTube Channel. It features two videoed interviews with Michael Giest, University of Ottawa Law Professor and Barry Sookman, IP lawyer from the firm McCarthy Tétrault. The questions are asked and then the respondent’s comments are played back to back.

If you’re a reader interested in tools and resources for social network analysis (the traditional kind and the web 2.0 kind) then you’ll want to give Digital Bear a look. This site has a lot of cool stuff.

According to Dusan Writer’s Metaverse the FBI is now using Second Life to post pictures of its 10 most wanted, to connect to the FBI’s job board and to connect to the Internet Crime Complaint Center. Its good to see another example of policing agencies adopting new technologies to reach a broader audience.

I have recently completed reading Steven Davis’ book “Protecting Games.” In short I would recommend it to anyone interested in security and investigation aspects of multi-player digital games or games involving the Internet, regardless of the genre they are involved in. I really enjoyed the book and have already found it a useful resource for my work.

With that in mind there are a few things I think prospective readers should know about the book in advance:

1) It is aimed at the business of games. In fact a particularly appropriate quote from the book to summarize this is on page 243 “…game companies are not governments; their goal is to maximize revenues and keep their customers satisfied not meet out “justice””.

The thrust of the book is about platform owners protecting their investments. Outside of the fairly obvious issues of the protection of children and compliance with laws, the book does not really take a moral or ethical stance on piracy, privacy, griefing, ownership of intellectual property, etc. but it addresses these issues as concerns of an ongoing business interested in sustainability and growth.

2) It is broad. The book covers a lot of ground from general security; piracy, gold farming/frauding; payment systems; gambling; how to deal with law enforcement, etc.

The potential criticism of this approach is that it could end up being too broad for some readers interests if they are looking for very specific information. I would not describe that as a fault of the book, it would be impossible to cover every detail of every subject in one text.

For example, the first three sections of the book describe various security issues such as cheating, piracy and hacking, as well as listing some of the methods that platform owners have tried in the past to mitigate these issues. The book describes many, many of these solutions, but does so in general terms to recognize that 1) each platform may have different, specific design requirements and; 2) there are commercial software security solutions that are well understood in the industry and therefore do not require additional explanation in the book. There are references to how code might be structured, but beware if you’re looking for long sections of detailed programming code however, because they won’t be found here.

The same can be said about the other legal and process related domains covered in the book.

People who are subject matter experts may find that the book is light in their particular areas of expertise; but that is okay. It is detailed enough that they will benefit from seeing how their area of expertise intersects with others. Furthermore, it is always useful to learn from activities in other, closely related industries or genres.

3) It is well researched. On page 362 Davis issues a slight taunt at the reader “I’ve included hundreds of footnotes in this book to lend credence to my argument that game security is an important issue (how many have you checked, by the way?)”

I haven’t checked the number of footnotes in the book but there are a lot. For example Chapter 29 cites 37 different sources in the footnotes. There is also a 7 page index of “selected game security incidents” that is worth reviewing. Finally, the book includes a few formulae that are useful for business cases, such as calculating the net potential loss due to piracy for example.

For security or law enforcement professionals who require content for their presentations and business cases these examples be very useful.

The inclusion of Marcus Eikenberry’s commentary is also great for context. I especially liked the story about the Russian carders selling game codes.

Finally Joseph Price was very helpful for providing insight into the law (from a U.S. perspective) that may arise with respect to game security, piracy, the protection of children, etc. I’m sure that in the future versions of this book, Price could write full chapters on comparing jurisdictional approaches to these issues.

I was happy to see that Davis addresses the issues of privacy, identity and anonymity in the book. Throughout the text he identifies several ways that the actions of players within the game might be tied to them, but he does concede that the threat of litigation or fines from government authorities for improperly securing player’s personal information can be very financially damaging to game operators. It may be beneficial to collect this information but platforms have to be very wary of how it is collected, disclosure, retention, protection, etc.

I was also in agreement with his point that at the moment, virtual worlds and MMORPGs are more likely to be used by, or targeted by criminals rather than terrorists for any number of types of bad behavior from money laundering to piracy. He makes some compelling arguments about this in the later chapters of his book which echo those of Bruce Schneier.

Finally the constant theme in the book is that security must be considered at the outset of game design, rather than as an afterthought when production is near completion. He identifies a few pretty practical ways of organizing development teams to make sure that happens.

I am happy to recommend this book as a good general resource for professionals in the game industry as well as those with an interest in the field such as researchers and members of government agencies.

I’m also interested in reading what other people have to say, please either post here or write something on your own site and send me a link.

For critical emergency management services it is imperative to have information on a timely basis. It can take a long time to deploy people to an area to of concern before you get real time information on what is happening so why not get up to date information on twitter or blogs that is produced by citizen journalists at the scene. This is one of the tools used by LAFD firefighter Brian Humphrey to keep an eye on trends and issues that might affect emergency management according to Wired Magazine.

Furthermore, by monitoring disease trends as reported by social and traditional media world wide, researchers and citizens can gain an understanding of what issues they might face next. If you (or your manager) needs convincing that this would be a helpful tool you should check out the talk given by Larry Brilliant at the Technology Entertainment Design (TED) conference in 2006.

A good place to learn about some tools that can help with this exercise is the WebIntel blog where they have published their “Top Five Health & Disease Monitoring and Warning Sources”. Incidentally, there are actually seven tools provided, now that’s value!

In November 2008 I provided readers with a link to the European Network and Information Security Agency’s paper on privacy and security in virtual worlds. At the time I didn’t realize that the same organization had also had published a paper specifically looking at virtual worlds aimed at children called “Children on virtual worlds: What parents should know.” Readers may also be interested in that paper.

The Canadian Office of the Privacy Commissioner has recently posted a research paper on their website. The paper, which was written in April 2008, describes privacy concerns relating to virtual worlds, specifically Second Life.

It is titled “Second Life: Privacy in Virtual Worlds” and it provides a general background on these environments, some of the marquis cases that have affected user’s privacy and finally analyzes some of these concerns against the principles set forth in the Privacy Act.

It is a good read for researchers, but will also give virtual world/mmorpg businesses a sense of the direction that Canadian privacy authorities are heading in with respect to these environments.

For readers who are interested in what activities that Governments are involved in with respect to virtual worlds, you may wish to visit the Federal Consortium of Virtual Worlds. The presentations, videos and other information posted there will provide readers with a view into how different agencies are using virtual worlds for training; networking, modeling, research and communication. You’ll also get a sense of which private sector companies are meeting these demands.

Another place you may wish to check out is the Digital Ontario Island in Second Life. There are various kiosks and buildings that users can visit which cover things such as tourism and investment opportunities (personally I think the Muskoka chairs are a nice touch).

According to an article on Reuters Myspace has found and removed some 90,000 sex offenders from its site over the last two years using the help of a kind of a national sex offender registry that it created using the help of a company called Sentinel Safe Tech Holdings Corp.

The article indicates that Connecticut Attorney General Richard Blumenthal, who was the person behind these inquiries, has also issued a similar subpoena to Facebook. It appears that Facebook has not formally responded to the subpoena as yet, but Facebook’s Chief Privacy Officer, stated that the site “has not yet had to handle a case of a registered sex offender meeting a minor through Facebook.”

The article did not specify whether a similar subpoena was issued to any of the other gazillion social networking sites or other platforms, but we may be hearing about this issue more in the future.

On the opposing side of the argument, a separate report commissioned by the National Association of Attorneys General called “Enhancing Child Safety & Online Technologies” finds that “the image presented by the media of an older male deceiving and preying on a young child does not paint an accurate picture of the nature of the majority of sexual solicitations.” The report also found cyber-bullying is in fact a much larger problem.

Interestingly, a Wired article described how Connecticut Attorney General Richard Blumentha and South Carolina Attorney General Henry McMaster were two of the avid dissenters of the report’s findings. They may now be gathering evidence to help bolster their case.

From an academic perspective it may be completely accurate that the majority of solicitations that youth receive on-line are from other youth. It may also be accurate that media and other sources play up the threat of predators on social networking sites because they make good headlines but 90,000 registered sex offenders on a given social networking site is a pretty big number and warrants some consideration. It certainly creates a confusing environment for parents and lawmakers alike.

There was no indication in the article that all of the 90,000 offenders were actually using the social networking site to prey on youth, but rather that this was a proactive gesture on the part of Myspace to remove the offenders based on the information that they compiled in their sex-offender database. The article also seems to indicate that the 90,000 includes only US citizens. MySpace is an international platform so it makes one wonder if similar statistics would be found elsewhere.

To be honest I’m still making my way through the 278 pages of the Attorneys General report, but one paragraph in the Executive Summary did grab my attention. The report does indicate that the best way to protect children on line is comprehensive and multifaceted. Specifically it states:

“Technology can play a helpful role, but there is no one technological solution or specific combination of technological solutions to the problem of online safety for minors. Instead, a combination of technologies, in concert with parental oversight, education, social services, law enforcement, and sound policies by social network sites and service providers may assist in addressing specific problems that minors face online.”

Not an easy task, but if you believe the old saying that it takes a village to raise a child then this statement couldn’t be more accurate.

For more information on child safety on line parents can visit any number of great sites, including US based www.WiredSafey.org and www.connectsafely.org. The site www.kidsintheknow.ca is a Canadian site that is a great resource which is affiliated with www.cybertip.ca. Finally there is a United Kingdom based site called www.bullying.co.uk if you’re looking for resources on cyber-bullying.