by Andrew Brehaut
Modern technologies, such as cellphones and the internet, are often a thorn in the side of the horror or thriller GM. Typical responses involve negating the use of this technology, be it through remote locations (no signal), dead batteries, villainous forethought (the cell towers have been damaged), the people contacted simply not believing the PCs’ story, or simply setting the game prior to the existence of such technology.
An alternative to outright negation is to look for ways that the technology may work only partially: the web of trust breaks and confidential information gets into the wrong hands, or information is corrupted or misunderstood. This is particularly suited to thriller games with espionage elements. Games with active magical forces can obviously go above and beyond the suggestions presented here.
These suggests are not intended to be used to hose the players; instead, when they use modern technology, they open themselves up to new problems. Consider these suggests to be “Yes, and” twists.
In keeping with the spirit of GUMSHOE, try to choose twists that not only cause trouble for the players, but introduce new information. The type of attack reveals something about the enemy. If the attackers reach through corrupt authorities to track your cell, that says something different to a black-bag job on an assets computer.
The following suggestions are based on generalities about cryptography and encryption. As I am not a cryptographer I am certain to have misconstrued some some of the fine points.
Characters in Fear Itself are typically less competent at the technical necessities required to keep communications private and concealed than the agents in a Night’s Black Agents game. As a result, you have more latitude for Fear Itself characters to be the instigators of their own failures than you do in Night’s Black Agents.
A simple guideline to consider is that if the character should be competent, then the failure should only come from depending on a (compromised or lazy) asset or NPC, or when a failed die roll presents an opportunity.
An example of this might be that the player blows a preparedness test for a cellphone in a tight spot. Instead of failing and not getting the phone, the GM might rule that they have a phone, but it has been compromised.
In Nights Black Agents, any network contacts whose pool has dropped to zero – or in a Mirror mode game, any flipped contacts (NBA pg 32) – are perfectly placed to be the weak link in the security chain. They may reveal cellphone numbers, secure keys, passwords, or any other secret information the character uses.
Less competent characters are unlikely to use secure methods at all. The GM has more latitude to hand-wave the details in this context.
Trust and Authenticity
The backbone of digital secret sharing is authenticity; sophisticated mathematical tools provide ways of ensuring that a communication is from who you think it is from, and that only the intended recipient can access it. Authenticity allows an increase in trust in the communications. Typically these schemes require a non-secret ‘key’ (part of a key pair, with one key secret, and the other non-secret) to be shared between the appropriate parties. Given an opportunity to trade encryption keys, and sufficient bits in those keys, this encryption is sufficiently secure that it will not be feasible to break using brute force in a reasonable amount of time. Not to mention, brute force cracking is lazy story telling, especially in a spy game1.
The math involved is the strongest part of any cryptographic system. Instead, the system is more easily broken by attacking the humans involved, or any secondary mechanisms used. While the math is typically tough, it requires that its process is followed strictly; deviation may introduce subtle weaknesses. Not only does the human angle make for a more believable story, it makes for a more interesting one.
A good guideline here is that the human link that breaks should never be the player characters. If they are competent enough to be using secure methods to begin with, it undermines the characters to suddenly cause them to make a mistake. Only in a crunch (e.g. if preparedness is involved) might they not use a secure channel, and in that instance they clearly know. This also means that PC to PC communication is guaranteed to be secure, which avoids an always check for hidden doors situation where the players waste time worrying about their intra-party communications.
The takeaway here is that you need to trust every link in the chain that has access to the secret keys. If the chain is secure, then any secret communicated with those keys is secure. Adding links to the chain increases the chances that the chain is compromised. As mentioned above, these mistakes and unnecessary links should occur at the NPC end.
When unsecured communications are being used, especially textual, there is little guarantee that whoever is at the other end of the system is who they claim to be. Snooping and supplying misinformation are trivial.
Secure communication relies on the sender having the recipient’s public key, and the recipient being able to get the sender’s in a trusted way. Without this, unsecured methods have to be used. The implication here is that communicating with people outside the existing circle of trust leaves you wide open: the police can’t be called without eavesdroppers having an opportunity to listen in.
One final point: Cryptography is extraordinarily hard. Cryptographers typically cannot see the flaws in a system of their own devising. Competent characters should know that they cannot invent their own cryptography safely, but if players push for it, then they are wide open and asking for trouble.
Aliens and Brute Force
Aliens present a reasonable excuse for brute force encryption breaking. Presumably their computational war chest vastly outstrips our own, so they would be able to brute force nearly all encryption with relative ease. The exception here is one-time pads which are still likely to be secure assuming aliens obey our same mathematical laws.
With people as the weak link in a cryptographic system, it helps to know some potential attacks that may be deployed against them:
- Probably the most common method for acquiring secrets is via social engineering. This is basically a confidence game. Email phishing is a blunt form of this. When the target works out of a large organisation, posing as a network administrator will often get easy physical access to a machine, and the willing cooperation of the target.
- Extortion, threats or torture that leverage vices, family, friends or debts is a very direct method for extracting secrets, but effective.
- Another direct method is the black bag job. Simply break in to the physical location containing a computer or device and either copying data or just stealing it.
Sometimes communications must travel through an insecure network. In this case, even when a message is communicated securely, an observer may still be able to gain information. Examples of an insecure network include wireless networks, cell networks, the wider internet, and local wired networks controlled by a third party.
Establishing a secure network on top of an insecure network (a tunnel, or a virtual private network) is possible, but is subject to the same secret sharing challenges sending the message in the first place. One development here is anonymizing networks such as Tor; with Tor, an observer could see you connect to Tor, but have no idea where the information goes2.
Transmitting secrets over an insecure network allows an observer to collect “meta” details about the communication. Things like: when the message was sent, the duration of connection and/or size of the message, where the message was sent from, and possibly where it was sent to. Proxy networks and other tools may be used to obscure the specific details, but with less latitude than true security.
In more complex systems (such as server software like websites or email systems), information inadvertently disclosed by the system may allow an attacker to find weak points or, in a particularly egregious situation, piece together information from the revealed pieces. This is especially dangerous when the information can be correlated with other sources.
Cellphones, especially smartphones, provide many options for problematic twists.
SMS messages and phone calls are not encrypted end to end, and can be accessed relatively easily via the network. Users of iPhones have access to Apple’s iMessage network which sends arbitrarily large messages and images with end to end encryption. However, if an iPhone cannot access the iMessage server for any reason, it falls back to unencrypted SMS by default. Harried characters may forget to check this, or assets may be lax at checking the setting. One other potential weak point of iMessage is that multiple devices can be configured to receive messages at a given address; someone may snoop on encrypted conversations without you realising. You can safely assume similar foibles of any consumer messaging service.
Competent agents can be assumed to have installed apps on smart phones they control to let them securely communicate and that avoid the risks of using consumer messaging. However, the phone itself is still vulnerable to attack at levels lower than the messaging application.
Smartphones such as Android phones, and jail-broken iPhones, allow for arbitrary software to be installed, and in doing so can replace or augment the operating system’s core software. A simple example of an attack at this layer is a key logger: by planting listening code into the software keyboard, the phone can record every piece of text entered system-wide, and secretly broadcast it, thus circumventing any encryption used. A compromised device may also use the device’s cameras, microphone and GPS to capture a broad range of additional ‘passive’ data.
Jailbreaking a phone is done by taking advantage of security vulnerabilities in the phone’s operating system. While typical jailbreaking does require some user intervention (partly as it is intended to be an intentional attack), there have been jailbreaks that only required visiting a website. If a smartphone that is considered secure has been used to access untrusted websites (and any website that is not delivered securely with known-good certificates can be considered untrusted) then it could possibly have been compromised by a malicious site. In the real world the chances of such an attack vector being viable are extremely narrow, but in the fictional world of a spy thriller where agents may not have opportunities to keep their devices up-to-date and are frequently accessing servers in the seedy underside of the internet, the risks rise. A competent agent with time and access is going to use a disposable or public computer to access these sites, but under pressure there may be no choice.
Obviously, if a smartphone with secret keys on it is stolen or lost, it is a serious risk until it can be remotely deactivated. Lock screens are a weak defence against an attacker; iOS and Android have both suffered multiple security holes allowing lock screens to be bypassed.
Light, Sound and other Emissions
Modern mobile devices have more direct ways of creating trouble too. To function they must emit radio waves on various frequency bands, as well as light and/or sound to be functional.
With phones from sloppy assets, or that have been appropriated, there is also a risk of alarms and other sounds occurring. The iPhone, for example, has a switch that disables the ringer but does not disable all sound system wide. The system’s policy allows some sounds, such as alarms, to occur even when the ringer is disabled. This is a particularly appropriate “gotcha” for normal people thrust into dire situations without warning, such as in Fear Itself.
Another class of potential attack in the modern world (and form of information leakage) is that devices such as cellphones that connect to wireless and cell systems broadcast unique device IDs to those networks. In both cases the attacker could compromise the network itself, but because these devices must broadcast their communication, it is often easier to use malicious base stations and traffic snoopers. For wifi this can easily be achieved with cheap plug computers. In both cases basic identifying information can be harvested without the target being aware.
This is possible because the devices need to maintain a low level of background traffic to maintain a presence on a given network (e.g. so that calls or data can be routed to the device). This information can then be pooled over time. For instance if the same IDs appear in networks of two or three geographically separate locations, a conspirator could reasonably assume that it is not a coincidence.
Particularly with wifi, the range of each network is small enough that with a collection of networks or malicious base-stations, a particular device’s movements could reliably be tracked in a known area.
TEMPEST Monitors (NBA Pg 100) are another risk of carrying a cellphone or other broadcasting device.
In games with supernatural, in addition to creatures being extra sensitive to light and sound, they may perceive frequency ranges well above even ultra violet; In these spectrums the radio signals from cell and wifi systems would be clearly visible bursts emanating from the characters.
If the creatures communicate with each other in these frequency ranges, it is possible that may even mask cell or wifi signal for short bursts.
In a situation where a character must be separated from a device, such as at a meeting with criminal elements, they should be concerned about tampering. The question is what could have been tampered with in the time window, and what the signs of it would be.
Some devices are easier to tamper with than others. Those with battery access for instance; a matter of seconds may be all that is needed. Phones without user accessible batteries may seem less vulnerable to tampering, but with the appropriate tools (such as the right screwdriver, a special prybar and a suction cup for an iPhone) you can have it open and closed again in a couple of minutes. The easiest way to check for physical tampering is to open the device and examine it.
Software tampering is harder to identify, but may take longer to perform. This is the equivalent of a jailbreak. It may be achieved over a network, or by connecting the device to a computer. Between five and fifteen minutes for a competent attacker to determine and use the correct attack vector and required waiting for software installs and device restarts would not be unreasonable. Tampered devices may run hotter and/or use battery faster than the usage would suggest. With the appropriate hardware and software tools and some time, the image of a device can be checked against a known good copy and if need be restored.
Finally, devices with SIM cards are vulnerable to tampering. It takes only a couple of minutes and some text messages. This allows trivial call and message snooping.
Back of the sticks?
An alternative to just denying characters use of cellphones due to lack of signal in the remote locations is to allow them to find a patch of poor signal; if they use it, they may be pinned in one spot while making a call, or waiting for their encrypted data to transfer. Maybe not your first choice when being stalked by a vampire.
An alternative to smart phones is cheap, disposable ‘feature’ phones (called ‘burners’) with prepaid data. These can be purchased with cash, no personal information, and can be trivially disposed of after use.
Relying on burners allows trivial anonymity as long as the burners only contact other burners, and do not contact a device known by the observer (that allows the entire network to then be unravelled).
The main downsides to burners is that they can’t have cryptographic keys or software loaded onto them easily. This means that communications are necessarily insecure, but it also means that there is no reliable (cryptographically speaking) way to authenticate with others. Anonymity and trust are naturally opposed. Weak secrets such as pass phrases or PINs can be trivially snooped by any observer that has either compromised the network or has the target surveilled.
Some smartphone burners exist. These often suffer from antiquated operating system versions with plentiful known vulnerabilities and no way to upgrade.
Accessing the wider internet is relatively safe; you can do so anonymously from a variety of publicly accessible computers (Libraries, internet cafés etc) without needing to put your own hardware at risk, with limited chance of your location being uncovered beyond the typical physical risks, and without too much concern about key logging or other snooping.
The biggest restriction is that the character may not be able to get the machine out of its kiosk mode, which means being limited to only the web browser, and potentially some coarse filtered view of the web (administered at a firewall).
If the machine can be accessed out of a kiosk mode (surreptitiously), then it is relatively trivial to connect more securely and directly to known good machines (perhaps virtual machines) to then access out into wider internet unobstructed.
One potential problem here is that the character may need to relay their secret key via USB stick. Beyond the dangers inherent to carrying the key (leaving the key behind would be a potential disaster), there is the risk of any malware on the computer infecting the USB stick, and then in turn the characters own computers. This is more likely to cause a computer to run sluggishly and/or unreliably than it is specifically going to leak information to the enemy.
Characters with heat (see Night’s Black Agents pg 87-88) from government agencies may experience difficulty crossing borders: a failed heat roll may result in laptops and phones being seized for searching (and copying or tampering). While consumer operating systems now provide full disk encryption, characters may be subjected to extra scrutiny due to its presence (“If you have nothing to hide, why do you need the encryption?”); the characters will of course be able to manufacture convincing reasons, but the argument may still be leveraged as an excuse to detain them.
Alerting the Authorities
Players may at some stage wish to call in reinforcements in the form of law enforcement, or media. Instead of ruling it out completely, consider allowing it. Keep in mind that the characters are unlikely to be able (or want) to use authenticated channels to make this communication, so there is limited trust involved. Any respondents will act accordingly.
The characters will probably do one of two things: lie about the situation, or come off sounding like cranks. If they lie, then whoever investigates is likely to be wildly unprepared for what is happening. Meat for the grinder, and stability tests for the characters. With the crank option, the response is likely to be slower arriving.
For law enforcement, consider having a couple of uniforms roll up to investigate. The characters will have to work extra hard to achieve their original objective and keep them alive. If the officers die at the scene, the characters can expect their heat to rise, and attached with it records of the call and tags for any weirdness mentioned. These unexplained deaths will surely crop up again later, too, perhaps pinned to the characters.
In the case of media, a reporter given a crazy but potentially promising tip may wish to do some initial research, and perhaps meet up with the informants. Again, the characters are going to have to work to keep the reporter alive. In a Night’s Black Agents game offering up a small story may only take out a single low level cell of the conspiracy, but is reasonably achievable. Tip offs with larger scope take a lot more time to come to fruition, and will end up endangering more people.
Competent characters will be aware of the security risk of most of these problems. Don’t try to hide this from the players to spring on them later; let them stew in their own juices and make the decision in the heat of the moment. They always get their message in or out, but they know they have let something slip in the process. Allow Sense Trouble rolls to alert characters, particularly if they have points in the appropriate abilities (Cryptography, Electronic Surveillance, etc)
When a network contact is turned, an agent may see telltale signs that their communications have been breached, but not know what exactly.
- If you are interested in reading more about the strength of cryptography, check out the PGP FAQ. While some weaker keys have been cracked, the amount of computing power needed is phenomenal. Using strong keys, and regular secure key rotation should mitigate most of the risk.
1.The default setting of Night’s Black Agents (pg 28) assumes that government agencies do possess tools to crack even the strongest keys. You may prefer to assume this in your games.
- Tor is not perfect though. This article is an interesting read about one attack on Tor using malicious end points.
See P. XX
A column on roleplaying
by Robin D. Laws
For a pivotal feature of the roleplaying experience, the ability of players to make choices that alter the course of events can be awfully easy to lose track of.
The way in which an adventure is devised and delivered tends to alter both the number of choices given to the players, and the impact of those choices.
In a purely improvised adventure, a collaborative GM can most easily respond to player initiative. She doesn’t have to envision a complex set of branching eventualities. When the party encounters a challenge, players tell her what they plan to do about it. They conference about this before arriving at a proposal, giving the GM time to imagine likely approaches and outcomes. Or she can sit there attending to some other bit of planning and respond with well-honed common sense to whatever the plan of action turns out to be. Through some combination of rules resolution and fiat, she works out whether the plan succeeds or fails. Then she narrates the consequences of that outcome. Bingo, the players have made a choice, seen a result of that choice, and now move on from that result to their next obstacle, where the pass/fail cycle repeats itself. Choices not made remain invisible, except to the extent that the players consider making them during the conference phase, but then don’t.
In a prepared adventure, and most particularly in an adventure written by a designer for another GM to run, the introduction and communication of choice points complicates itself.
When you prep an adventure for yourself, you’re probably leaving in room for adjustment and improvisation as you go. You likely don’t write it out in full prose, as a designer of a published adventure has to do. You only need enough notes to remind you of what had in mind ahead of time. Within the bullet points lies lots of room to improvise.
Published adventures have to spell out much more of the author’s intention. In this process the author can constrict his intention, limiting player choice—or force you to compensate on the fly when you hit a result that should have been accounted for. To compensate for this, adventures should explicitly include plenty of choice points and make it easy for GMs to spot and deploy them.
A couple of obstacles stand in the way of that, though.
One, it’s all too easy even for an experienced adventurer writer to slip into full-on narrative mode, describing what’s happening as if in a screenplay, rather than sticking to a blueprint for the GM so she can tell the story. Some of my earliest adventures fall into this trap. You might call this the distinction between story-mapping, in which you lay out choices for the GM to set out in front of the players, and storytelling, in which you present a vivid chain of events she somehow has to wrangle them into. Storytelling tempts the adventure writer because it is more fun to write and therefore to read. People who buy adventures to imagine running them, as opposed to actually running them, may enjoy a storytelling style more—it’s clearer and more exciting.
A story-mapping style, on the other hand, bursts with if-statements.
- If the PCs go down into the basement, they encounter the charioteer’s ghost.
- If they decline to go down there, they’re confronted by the caretaker.
- If they present themselves to the caretaker as reliable citizens, he warns them to leave.
- If they upset him somehow, he calls the cops.
To test an adventure for choice points, see if it keeps using, along with a profusion of ifs, words like might, probably, possibly, perhaps and maybe. A story-mapped adventure has to lay out a variety of roads, most of which will not be taken, and their consequences. Then it has to make them easy to find during play.
Certain tricks can aid in this. If the main choice before the players is which scenes they involve themselves in, and in what order, the individual scenes don’t necessarily require a ton of if-statements that chain into other if-statements. On a macro level, GUMSHOE scenarios often work like this. It doesn’t mean much, though, unless the order in which scenes occur makes a difference to the overall outcome of the story, or introduces some other long-term effect into the series.
Zooming in further, a GUMSHOE investigative scene also poses the choice of where to look for clues, how to gather them, and, most importantly, how to put those clues together to either move forward toward the ultimate solution of the mystery.
Fight scenes offer an array of choices—perhaps too many if you like your scraps simple but the rules system doesn’t. As with the clues in an investigative game, these are baked into the structure of the rules set. The designer or GM drops the creature stats, terrain and situation into play, and the game’s basic dynamic takes care of the rest. When the fight starts, players decide who to engage, what to hit them with, and then how to change the situation to their benefit as the dust-up continues. That’s why they work so well and are such a staple of roleplaying, as we see gloriously celebrated in 13th Age. Fights offer an array of choices all bundled together outside a messy nest of if-statements.
It’s scenes between the extremes of mystery solving and head-bashing that require the greatest attention to bake in meaningful choices. These scenes include negotiation, politicking, and exploration, to name a few.
As pure text, even with bullet points, a scene consisting of possibilities and if-statements can prove hard to decipher. For a recent Pelgrane adventure I visually mapped a couple of particularly branchy scenes to bring the text into focus. This is not only clearer for the GM who has to untangle the thicket of choice points, but forces you as adventure designer to consider dangling options and ensure that the choices matter to the players.
This is a model any GM can follow when prepping a scene. When writing an adventure only for yourself, branching diagrams might largely replace text. That makes your adventure not only tighter and richer, but faster to notate.
In this diagram, you’ve chosen to grant the most benefit to the risky move of hiding from the caretaker—if it succeeds. The less dangerous choice of talking to him misses out on the documents, which happen to be wherever the group chooses to hide.
During the game, refer to your scene map not only to bring in the choice points, but to remind you to show the players that their choices mattered. Find a way to hint that they did something well, and that it helped them in a concrete way. In the above example, you might note that if they hadn’t hidden from the caretaker, they would never have found the documents.
As I begin planning future Ken Writes About Stuff pieces, a number of solid GUMSHOE campaign frames occur to me. Longer than the frames in the corebooks, but not super complex, such settings make good KWAS PDFs. They might not support a whole book (although then again they might, if sales of the basic PDF drive me to write sequels or expansions) but they are worth exploring for a few thousand words. Frames like 1970s UFO investigation, or menagerie hunters in a fantastic Byzantine Empire, or cyberpunk resistance in a Soviet-occupied Japan, or superpowered spies a la S.H.I.E.L.D. or Suicide Squad are easy to adapt. Roles for both Investigative and General abilities are clear; the stories feel like other GUMSHOE games already.
Sometimes, however, the potential campaign frame needs something else.
As one might expect of a longtime Lovecraftian and sometime consulting occultist, I am a great admirer of William Hope Hodgson’s horror fiction. I first discovered Hodgson in the Ballantine Adult Fantasy edition of The Boats of the ‘Glen Carrig,’ an inescapably weird blend of sea story and horror sequence. But as a game designer, I am drawn inexorably to Hodgson’s nine tales (written between 1910 and 1918) of Carnacki, the “Ghost Finder.” (One of those tales, “The Hog,” shares enough imagery in common with Hodgson’s 1908 novel The House on the Borderland to make that magnificent haunted-house thriller also part of the Carnacki-verse.) Carnacki acts as a sort of proto-steampunk private occult detective, looking into reputed hauntings and, if he finds them genuine, using his “electric pentacle” to thwart the evil spirits responsible.
If you haven’t read any Carnacki stories, the rest of this column may constitute spoilers. So go read them.
Pretty much everyone’s favorite parts of Carnacki are the strange supernatural elements (the Sigsand Manuscript, the Aeiirii and Saiitii Entities, the Saamaa Ritual), the weird technology (not just electric pentacles but dream-readers, “repellent vibration apparatus,” and a whole hinted world of ghost-breaking scholarship), and the wild proto-Derlethian cosmology of Outer Beings formed from the ether held in check by sunlight and the occasional Protective Presence. You can add those to your Trail of Cthulhu or Esoterrorists game and move on happily.
But to model the actual Carnacki stories requires us to drill down and find out how those stories work in GUMSHOE. The Investigative abilities are very obvious and fairly standard — Carnacki spends Architecture in almost every tale, for example, to make sure there isn’t a mundane explanation such as creaking floorboards or drafts. So it’s the General ability opportunities that we’re looking for.What are their big conflicts? Where, in GUMSHOE terms, is the threat of failure truly present and interesting?
Real fast, then: Here are the threat points in each of the nine stories, presented in a deliberately bald and stripped-down fashion. (They’re much better than these summaries make them sound.) The General Abilities Carnacki seems to use are in parentheses afterward.
- “The Gateway of the Monster”: Investigating a haunted room, Carnacki nearly upsets his own pentacle three times. The next night, he foolishly brings a magic ring he found inside his pentacle but resists its power, and manages to jump the pentacle and escape in time. (Stability, Athletics)
- “The House Among the Laurels”: Carnacki’s investigation proves that the so-called haunting is caused by a criminal gang. When he returns with the police, the party makes too much noise and the gang escapes, but Carnacki has “laid the ghost.” (Stealth)
- “The Whistling Room”: After discovering the horror in the room, Carnacki is tricked into entering it by the mimicked voice of his client. An unknown voice chants an incantation allowing him to jump out the window and free himself. (Stability? Athletics?)
- “The Horse of the Invisible”: Carnacki and his client wound a jilted suitor in a fight, exposing his attempt to fake a haunting. A genuine ghost then kills the suitor and the hauntings stop (for now). (Firearms and Scuffling, used at penalties for darkness)
- “The Searcher of the End House”: Carnacki successfully traps the man who has been trying to scare the tenants from the house, which is coincidentally haunted by two presences. Carnacki doesn’t even try to exorcise the presences. (Mechanics)
- “The Thing Invisible”: Carnacki’s investigation discovers a deadly booby-trap with no supernatural component.
- “The Hog”: A horrible monster slowly overwhelms Carnacki’s defenses. At the last minute, a defending spirit rescues Carnacki and his client. (Mechanics? Stability)
- “The Haunted Jarvee“: Carnacki’s attempts to cleanse a haunted ship of evil vibrations fail, as a demonic storm overturns his devices. (Mechanics)
- “The Find”: Pure deduction unravels the mystery of a no-longer-unique (and non-supernatural) book. Excellent seed for a Book-Hounds of London scenario, though.
In GUMSHOE terms, “The Thing Invisible” and “The Find” use Investigative abilities exclusively. “End House,” “Laurels,” and even “Horse of the Invisible” are conventional “Scooby-Doo” type stories, with the occasional haunting as unnerving scenery: again, mostly Investigative abilities, with a few Mechanics, Stealth, or Weapons ability tests at the end against human foes. All very standard stuff, Hodgson’s engaging prose notwithstanding.
What we really need is a system to model the confrontations with the “ab-Human” entities in “Gateway,” “Whistling Room,” “The Hog,” and “Jarvee.” These confrontations have two big systemic problems:
- the ab-Human foes cannot be weakened (although Carnacki tries in “Jarvee” with his “repellent vibration emitter”) — this means only the PCs’ defensive rolls count. This is boring, the mechanical equivalent of “roll ten CON saves against dying in the desert.” Similarly …
- a single failure by Carnacki means doom. This essentially one-and-done format makes the final scene anticlimactic, or a death trap. Worse, a boring death trap. (“Roll again. You survived? Roll again. You survived? Roll again.”)
Mechanically, this leads to passive, un-suspenseful, irritating play. Hodgson covers up the essential passivity of Carnacki by vigorous narration (including the cocksure “summing up” at the end), and covers the essential lack of suspense (we know Carnacki survived, because he’s telling the story after surviving it) during the confrontation with evocative, terrifying prose. But a game system can’t depend on such things. Even Hodgson had to pull a GM fiat out of his hat and have NPC “Protective Forces” show up in two of the four tales. So how do we build Carnacki-style confrontations with the supernatural (“sittings”) into GUMSHOE?
I can think of two options using existing GUMSHOE mechanics:
- Change the cosmology such that a “sitting” becomes a fight; perhaps each “round” is an hour of sitting. (Hours the contest goes on = hours of nightfall, or from midnight to dawn.) Carnacki rolls and spends from his Pentacle ability pool, weakening the Ab-human’s Aberrance. (The better the pentacle, the higher the bonus, just like weapons.) The Ab-human rolls and spends from its Aberrance ability pool, weakening Carnacki’s Stability. (Does the creature gain Hit Threshold from being super-Aberrant, or do bonus Stability damage, or both? Should Stability damage vary by manifestation?) When Aberrance reaches 0, the thing is exorcised or prevented from harmful manifestation until the next sundown. When Stability reaches 0 (or -6), Carnacki does something panicky or twitchy to open the pentacle, and he gets munched.
- Run the sitting as a Thriller Chase, as in Night’s Black Agents. Again, perhaps each “round” is an hour of sitting. Carnacki rolls and spends from his Stability pool; the Ab-human rolls and spends from its Aberrance pool. The side with the higher result moves the Psychic Balance toward 0 (exorcism/prevention) or toward 10 (pentacle overwhelmed; Carnacki munched). Pentacles add bonuses to Stability rolls (or act as “armor” against Aberrance rolls; same thing mechanically).
Ab-humans might have automatic “spends” on every roll, being inhuman; or, possibly, just add an automatic bonus, like an Alertness Modifier (Vileness modifier?), such that the Ab-human has no pool to drain. This provides mechanical distinction (an Ab-human now doesn’t “feel” like a normal GUMSHOE monster) but the invariance might flatten the contests back out.
Maybe the Pentacle always depends on a Mechanics test to set up, preventing the “oh, well, it’s just a poltergeist and my pentacle automatically gives me +3″ ennui. Further, maybe the difficulty of the Mechanics test varies depending on how much of the underlying manifestation Carnacki understands. This works once (the first time the GM reveals the modifier) but not consistently, but adding one more mystery factor might still be worth it.
Like combats and Thriller Chases, both will still depend on GM and player narration to add color to the bald dice contest, but at least we’ve got a contest in both directions. I suspect a little thought will give us ways to use other abilities to influence the contest, as with Tactical Fact-Finding Bonuses. If the Ab-human powers vary, and the NPCs can be counted on to respond in dangerous and panicky fashion, that also varies the showdowns.
That takes care of the first big problem; for the second, we could possibly add a Fleeing/Athletics parachute (as in “Gateway” and possibly “Whistling Room”) to allow Carnacki to get away from the haunting site alive, though scarred somehow. Or, if a successful exorcism grants Carnacki XP (to apply to better pentacles, etc.) then a sudden life-saving intervention (as in “Whistling Room” and “The Hog”) costs XP.
Even then, potential Carnacki Files GMs should probably follow Hodgson’s lead and restrict pure “sittings” to a minority of adventures. Lots of other mundane plots, or manifestations that don’t rise to the level of catastrophic, or excellent steampunk adventures, can be fit into the Carnacki frame. And when I figure out exactly which system to use (or if my so-far inchoate notion of rolling all the Ab-human’s dice at the beginning and applying them throughout the haunt pans out) then I’ll have a frame to fit them into.
Out you go!