Xbox One Raises the Burden of Privacy Safeguards: 5 Questions for Microsoft

Xbox One will be Microsoft's eyes and ears in your home, but that only increases the company's burden to safeguard our privacy.

  • Share
  • Read Later
Nick Adams / Reuters

Xbox One is shown on display during a press event unveiling Microsoft's new Xbox in Redmond, Washington May 21, 2013.

Some things you take for granted, like the fact that in Star Trek, there’s a computer that’s always listening, always observing, always standing by cataloging data. Who owns that data? Where’s it stored? Who determines how it’s used? Who knows. The shows chose to slide by those questions and focus on others. The holodeck was creepy because, whoops, maybe you’d get trapped, or addicted, or its fictional denizens might inexplicably come to life, not because the computer was collating and archiving everything you did, whether hiking a simulation of the Appalachian trail or indulging some crazy erotic fantasy.

Microsoft’s Xbox One won’t surround you with holographic fir trees, azaleas and mountain laurels, nor, as far as I know, will it dish out interactive porn. But it is going to be listening — and capturing data, and transmitting that data back to Microsoft — in ways no device in your household has ever listened to or observed you before.

When Stan Lee wrote “With great power comes great responsibility” in Amazing Fantasy #15 back in 1962, he packed a longstanding philosophical notion into six culturally resonant words. Those words couldn’t be more relevant today, with our lives awash in cloud-connected technology, generating and beaming back mountains of abstractly defined information that’s quietly sifted by complex machine algorithms and pored over by corporations in search of new ways to further secure footholds in our future lives.

So with Xbox One, which promises to streamline how we interact with TV, movies, music and games by introducing always-on, always-connected digital ears and eyes to our living rooms, I’d argue the burden on Microsoft to safeguard our privacy (and articulate that in a meaningful, non-pandering way) just shot through the roof.

Consider what we know about Xbox One for starters: The new console will come with Microsoft’s refined Kinect sensor, a detachable hammerhead-like camera with microphone that you’ll probably position somewhere high up in your entertainment center, where its upgraded 1080p widescreen eye can easily sweep your play-space. Unlike the Xbox 360, which functions whether the Kinect camera is attached to the console or not, Xbox One won’t work without Kinect plugged in. At least part of the reason for this is that Microsoft wants its new system to be instantly responsive and interactively seamless — so tuned to your physiology that the company is saying it can even measure your heartbeat simply by “looking” at you (courtesy its new infrared camera). But that sort of granularity also raises obvious and completely reasonable privacy concerns.

Microsoft’s been making the rounds in post-Xbox-One-reveal interviews, claiming that it’ll provide configurable privacy settings, but it’s been elliptical about what that means in specific terms; all we know for sure is that, at minimum, Kinect will have to be attached to the system for Xbox One to function. (To be fair, some of this pre-launch hedging is doubtless intentional, as the design team makes last minute changes — and decisions — about exactly how much control over privacy we’ll be allowed.)

We’ve also been told that while Xbox One won’t cease to function should you a suffer temporary loss of Internet, Internet connectivity will, as rumored, be required; we don’t have full details yet, but it sounds like the console will require a hotline back to Microsoft HQ at least once a day.

Bearing these things in mind, here’s my initial question list about Xbox One, narrowly focused on privacy and security concerns.

Will we be able to shut Xbox One’s camera and microphone completely off?

In an interview with CNET, Xbox group program manager Jeff Henshaw explained that while we won’t be able to remove Kinect without crippling the system, we will be able to completely disable the camera. That should please anyone worried about having to shell out extra for duct tape (you know, to manually cover the lens). But assuming Henshaw’s properly describing the final shipping product here, note that he says nothing about disabling the microphone. Will we be able to disable Xbox One’s “ears,” too? And can we disable both of these things permanently, or will we have to do so each time we reengage the console?

Can we opt out of transmitting general behavior and performance data?

Many companies allow you to transmit information about how you use their services, but allow you to opt out completely if you so choose; Apple, for instance, lets you transmit information about how you use OS X, but doesn’t require it. Microsoft, by contrast, already requires certain types of data collection when using Kinect with the Xbox 360. For instance, according to the company’s Privacy and Online Safety FAQ referring to “Kinect Performance Data”:

This information helps us continuously improve Kinect performance. It does not personally identify you, and collection of this data cannot be disabled. As you play, we collect information on how your Kinect device and platform software are functioning, usage patterns within the Xbox Dashboard applications, and other data that does not directly or personally identify you.

Notice the reference to “other data that does not directly or personally identify you.” That reference reappears in subsequent sections describing other types of Kinect data. Are claims of anonymity sufficient without disclosing what this “other data” is?

I realize other services (say, Steam) gather reams of anonymous, generalized usage metrics in trade for service access, then shop that data out to third parties, but just because no one’s cared enough to raise a fuss doesn’t mean it ought to be status quo. With Xbox One, the possibility of capturing consumer data at an unprecedented data-point resolution level in traditionally off-limits environments may seem a godsend to corporate marketing departments, but at what point does trading away your ability to control how information you’ve generated is used for access to whatever service cross the line between reasonable and invasive? If you’re going to turn your consumer base at least partially into free marketing fodder, you should at least give them the option not to participate.

Why are Microsoft’s references to “targeted advertising” so vague?

I believe Microsoft when it says Xbox One won’t try to target-advertise to individuals based on what they say or do while engaging with Xbox One. But I’m not at all convinced Microsoft won’t pass aggregate data on to third parties to use in more general terms. In a sense, you’re looking at a hypothetically vast and unparalleled sociological experiment about to embark, where companies can quietly gather behavioral information about us from within the intimacy of our households, collate that data (all while claiming, probably accurately, that it’s being done anonymously) then use it for marketing and who-knows-what-other purposes, potentially extending well beyond the scope of Xbox One. As noted earlier, just because collected taste-related data’s being anonymized doesn’t preclude us from being targeted at the demographic level.

How is Microsoft safeguarding Xbox One from hackers? What sort of security measures is it taking, both on the client and server sides?

This isn’t just paranoid thinking. Consider the case against furniture retailer Aaron’s Inc., which — whether itself or via franchisees — leased computers harboring illicit spyware to customers, computers that eventually sent some 185,000 emails containing sensitive information back to corporate computers. The idea that computers in intimate settings might, for one reason or another, surreptitiously capture what we’re doing and transmit that information illicitly isn’t fanciful worst-casing: it’s already happened.

Over the past few years, we’ve seen everything from Sony’s PlayStation Network to Stratfor to the C.I.A. hacked, whether to deface or disrupt web services or to pilfer personal information or shame companies by distributing that information en masse. An always-on, always-listening system that lives with us in our homes requires extraordinary attention to security — much more than just a wink and a smile from Microsoft in its terms and conditions assuring that everything’s under control.

Should companies that hope to place a device like this into tens of millions of households have to submit to independent, periodic security reviews? It’s worth asking the question. I don’t want to overreach, but then imagine how people might react if someone managed to hack into Xbox One — server- or client-side — captured someone engaged in highly sensitive activity, then pushed that online for public viewing.

Less a question than a request: Don’t patronize us in your upcoming Xbox One privacy FAQ, and don’t assume the only thing we care about when it comes to data aggregation and transmission is anonymity (or that that’s a sufficient definition of privacy and security).

I’m not fundamentally opposed to the idea that technology might track my comings and goings and doings at home, or that it might relay that information on to a company like Microsoft, which I’m sure intends to use it in at least some capacity to simply improve the service. Making what you do friendlier, more efficient and more relevant is an important aspect of any contemporary, Internet-connected service and there’s definitely a “glass half full” angle to much of this. But we deserve better explanations about these processes as well as reasonably broad control over how they work. And while I have no issue with a console requiring Internet connectivity to function in 2013, I do take issue with this idea that giving up certain privacy rights is an acceptable exchange for access to Xbox One’s traditional services.

In other words, if Microsoft wants to kick this “eyes and ears in your home” can down the road some more, fine, but the barrier to entry ought to be higher — a lot higher — than it’s ever been before.

22 comments
a_liaquat
a_liaquat

Interesting article. Cloud is the future, and there is no doubt about it. Interestingly, cloud is no longer just for the Fortune 500. Even the small businesses are adopting this future technology, and experiencing benefits never seen before. Here's my recent article on Why cloud computing is important for small businesses, and what benefits these small business owners can drive by moving to the cloud.. http://www.dincloud.com/blog/why-cloud-computing-for-small-business

PedroSmith
PedroSmith

Not buying one. I dont care about TV or charting my movement aroudn the room, I care about quality games. Which seems to be the only thing microsoft no longer cares about. Thats why they wont allow indy games. Greedy kids arent getting a sale from me.

Elihude
Elihude

I wish they would come up with something useful like oxygen generator by splitting carbon dioxide or a vehicle that uses pure air.... in stead of these stupid gaming devices!

KobebryantBlackmamba
KobebryantBlackmamba

That's cool, but the only problem is apps such as "instant heart rate" on Androids already can do that. Console gaming's dying. 

TimeNinja
TimeNinja

I guess the next meeting of the Al-Qaeda support group is probably going to want to turn their Xbox off first.

TimeNinja
TimeNinja like.author.displayName 1 Like

Uh oh, Microsoft is going to find out that that a lot of console gamers are overweight and at risk for heart disease...then they're gonna tell everyone!

exudd1
exudd1

Excellent article. It is very troubling that Microsoft appears to be purposely ambiguous about providing its customers the option of turning off the camera and the microphone on its Xbox 1, to protect his or her privacy. Shouldn't a person's privacy take precedence over Microsoft's eagerness to sell more products using its customers as unpaid subjects for their product development and future marketing research? It should use other methods as other manufacturers do. I for one will not buy this product unless given the option of turning the camera AND the microphone off at my discretion, permanently if I so decide, without hampering its promised performance.

StevenHowell
StevenHowell

people u are already being tracked and watched all day!  privacy issues, what a joke!

DuncanBurnham
DuncanBurnham

This author is so biased against this system and it is so very apparent in his writing that I am forced to wonder if he is a stockholder in some competing company like Sony. While many of the points and questions raised are good ones, the tone of them is quite disturbing.

misterkushie
misterkushie like.author.displayName 1 Like

@DuncanBurnham I think that may be because to some people, the implications of this technology is very disturbing. I'm by no means a Sony fanboy (in fact, the last Playstation console I owned was the original) but I won't buy an Xbox One for exactly the reasons outlined in this article. I find it disturbing as well. It's possible to voice a dissenting opinion without being in the pockets of the opposition.

We should also keep in mind the recent controversy surrounding Microsoft/Skype, which, despite their attempts to spin it, is more than a little unsettling.

DuncanBurnham
DuncanBurnham

@misterkushie @DuncanBurnham Don't get me wrong. I am not saying I approve (or disapprove) of Microsoft's technologies or their applications of it. I was merely commenting on the perceived bias of the article. I am not a gamer of any kind (unless you count Scrabble or Pinochle) and I hate to watch people sit and wile away their lives in front of the idiot box. But, I can say this because I am not writing for a national publication! I just wish the media would be able to present the facts without added color.

DuncanBurnham
DuncanBurnham

@JasonDStanfield @DuncanBurnham You are absolutely correct that I did not see the word OPINION posted. For that I am wrong in assuming this was to be an unbiased piece. the fact that I am not a gamer, however, in no way discounts MY opinion or concerns. Have a nice night.

JasonDStanfield
JasonDStanfield

@DuncanBurnham @DuncanBurnham Its very clearly an 'opinion' piece... right at the top of the article, right above the title. if you want an unbiased article you came to the wrong place... And the fact you are not a gamer, makes your input even less important. go away and comment on subjects that are important to you.

Bowlingalley
Bowlingalley like.author.displayName like.author.displayName like.author.displayName 3 Like

What I don't like about these kinds of things is the fact that you have to sign up for all these things in order to play. I guess it's about offering 'a seamless experience' or something like that, but what if I just want to plug it to my TV and play some games? No, I'll have to register to an account, install a Microsoft security camera in my living room and send data to their HQ all the time.

What I would like to see is the option to just play. And if you want any other services, you enable them one by one.

therealdude
therealdude

I wasn't planning on buying the new Xbox but after reading this there's no way I'd even let one into my home, even if it was given to me. I never liked sending "anonymous" info, so cameras and mics sending God only knows what back to Microsoft are completely out of the question. It will be interesting to see how the public deals handles this--do they go ahead and buy it and accept some eavesdropping into their homes as a part of the price of ownership OR will it bomb as a product? If it succeeds, count on other companies to put their cameras and mics into your homes as well.

IPFletcher
IPFletcher like.author.displayName 1 Like

Agreed. I'm very curious as to what Sony's approach with the PS4 is going to be now and whether it'll be counterpoint to some of the issues raised with the XBox One.