Recently, Peter Schaar, the Federal Data Protection Commissioner for Germany called the Xbox One Kinect‘s upgraded features a “twisted nightmare”. Given the recent government scandal concerning PRISM, the Xbox One’s Kinect poses some interesting privacy concerns to potential consumers.
Why do the Xbox One and the Xbox Kinect pose a threat to privacy? Current gaming consoles require users to connect to the internet for updates, software patches, DLC, online game shopping and a variety of other internet necessary functions. Where the Xbox One gets sketchy is the amount of time the console is required to be connected to the internet and the necessity. Originally, the Xbox One would have required users to login to an online account through their console a minimum of once every twenty-four hours even when playing games with an actual disc. Users who choose not to login would not be able to use their console. Microsoft has since amended the consoles’ internet policies due to an overwhelming public outcry. Though Microsoft has stated that the original internet connectivity requirements of their next-generation console were created because they perceived users would want to take advantage of updated technology to access the cloud and downloadable games there is much speculation in regards to the data Microsoft could or would collect had they kept their original policies.
Adding to concerns about the potential invasive capabilities of the Xbox One is the Xbox Kinect. The next-generation Kinect will be equipped with a variety of new features including voice command and facial recognition software. The new capabilities of the Kinect device don’t by themselves sound particularly threatening but read the fine print. The Kinect will turn on with a voice command meaning while your console may not be turned-on 24/7, the Kinect device will be. Having a device that can see and record it’s users movements whenever they are in range as well as collect data on it’s users sounds less like an immersive gaming experience and more like an Orwellian vision of a distopian gaming future. Microsoft has already addressed mounting concerns that the Kinect, though on, will not be listening for anything other than a voice command to turn on the console when the Xbox One is powered down. Microsoft has also stressed that while the Kinect will receive and store data on it’s users, the data collected will be for the purposes of improving the user’s console experience and that the information collected by the Kinect will “never” be available to outside parties. Don’t breathe a sigh of relief just yet. The Kinect data collection can be used to monitor users for breaches of software and console policies. This means that if a user violates an established Microsoft policy, Microsoft can collect the evidence of that violation and put simply, use it to charge you extra.
Microsoft may also live to eat it’s words about the availability of user information to outside parties. Can Microsoft really retain exclusive control over the information it collects, enter PRISM and the Patriot Act. PRISM is a government program that acts as an anti-terrorist data collection agency. Recent congressional hearings have focused on the amount and type of data the government has been collecting and who that data is being collected from. Under the guise of protecting the country from terrorist threats and fraud, the NSA and other government agencies have been quietly collecting all sorts of data from US citizens for the last five years. According to the Patriot Act and other terrorist prevention acts including the Protect America Act and the FISA Amendments Act, Microsoft does not have a choice if the government asks for user information collected by next-generation consoles. But the government can only collect specific information like phone records and bank statements and emails right? Wrong…one of the controversial aspects of The Patriot Act is National Security Letters (NSL’s) which DO NOT require approval from any judicial branch unlike their warrant/subpoena counterparts. NSL’s can be used by government agencies to obtain transactional records, phone numbers, emails and were expanded in 2001 to include ANY information in regards to an investigation of terrorism or covert intelligence activities. Recipients of NSL’s are also legally bound by gag orders which prevent them from revealing to anyone, including an attorney, the contents of the NSL. Should the government ask, Microsoft is required, by law, to give government agencies user information. Under the FISA Amendments act, corporations that cooperate with government agencies in intelligence collection are immune to prosecution. Legally, an individual whose information could potentially be revealed to the government under anti-terrorism laws could not sue the company who disclosed their information.
The go-to argument of many politicians and government officials in regards to the collection of information on US citizens is “If you aren’t doing anything wrong, you have nothing to worry about.” This is far from the truth. If you think that your Kinect information will be safe because you are a law-abiding citizen recent information revealed by government whistleblowers proves otherwise. How does the government decide which citizens to collect data from? Software is used to scan data for indicators of “foreignness”. Currently the software is 51% accurate. That is an exponential margin of error especially given that the information and manner of collection would be considered a major violation of constitutional rights if not for The Patriot Act. Why is Microsoft such a danger? 98% of PRISM production and data collection is based on information provided by Yahoo, Google and Microsoft. To say that we should be wary of Microsoft’s ability to protect the data it’s consoles will accumulate on users would be a massive understatement and with the Kinect device, government agencies will soon have unrestricted access to a whole new level of data simply by issuing a letter. Is having a faster more convenient option for your gaming and entertainment needs worth the destruction of your privacy? Feel free to sound off in the comments section below.