Is the Xbox One a Covert Surveillance Device?

Three aspects raise concerns. Firstly the device requires connection to the internet (although not apparently, the continuous connection originally thought). Secondly, it does require continuous connection to Kinect. And thirdly, Kinect is always on. These three aspects mean that anything in front of the device can be recorded, both sound and video, and can be transmitted back to Microsoft over the internet while it is connected.

Germany’s federal data protection commissioner for Berlin, Peter Schaar, gave his concerns to Spiegel Online: “The Xbox continuously records all sorts of personal information about me. Reaction rates, my learning or emotional states. [These] are then processed on an external server, and possibly even passed on to third parties. Whether they will ever [be] deleted, the [user] can not influence.” (Google translation)

Tim Vines, director at Civil Liberties Australia, is equally concerned. "Microsoft's new Xbox meets the definition of a surveillance device under some Australian laws,” he told GamesFIX, “so they need to be upfront and tell customers whether anyone else can intercept their information or remotely access their device.”

Microsoft for its part has been quick to dispel fears. “Microsoft has very, very good policies around privacy,” corporate Vice President Phil Harrison told EuroGamer. “We’re a leader in the world of privacy, I think you’ll find. We take it very seriously. We aren’t using Kinect to snoop on anybody at all. We listen for the word ‘Xbox on’ and then switch on the machine, but we don’t transmit personal data in any way, shape or form that could be personally identifiable to you, unless you explicitly opt into that.”

What he means by ‘opt in’ may be a reference to a patent the company submitted to the US Patent and Trademark office earlier this month – a plan to reward television viewers for watching advertisements (reports the Daily Mail). “Additionally, by tying the awards and achievements to particular items of video or advertising content, viewers may be encouraged to increase their viewership of the content, thus increasing advertising opportunities,” says the application. The patent is not linked to any particular device, but given that the xBox One is described as ‘The all-in-one entertainment system,’ there can be little doubt about its applicability. For such a system to work, personal data – after opting in – would necessarily need to be sent to the server.

But there still remains a problem. Kinect is always on and always listening – ostensibly for that command, ‘Xbox on’. What is not yet clear is what would happen if the ‘Xbox on’ command came from US law enforcement rather than the user. Would Microsoft respond favorably? Could the camera and recording aspects be switched on remotely and surreptitiously following a request from the FBI? It’s not possible to switch off Kinect’s microphone, and the camera is infra-red, meaning it can ‘see’ in the dark and through objects or tape meant to obscure it.

Microsoft may not intend the Xbox One to be a surveillance device; but the fact remains that the technology is capable of being just that.

What’s Hot on Infosecurity Magazine?