Xbox One Raises the Burden of Privacy Safeguards: 5 Questions for Microsoft

Xbox One will be Microsoft's eyes and ears in your home, but that only increases the company's burden to safeguard our privacy.

  • Share
  • Read Later
Nick Adams / Reuters

Xbox One is shown on display during a press event unveiling Microsoft's new Xbox in Redmond, Washington May 21, 2013.

Some things you take for granted, like the fact that in Star Trek, there’s a computer that’s always listening, always observing, always standing by cataloging data. Who owns that data? Where’s it stored? Who determines how it’s used? Who knows. The shows chose to slide by those questions and focus on others. The holodeck was creepy because, whoops, maybe you’d get trapped, or addicted, or its fictional denizens might inexplicably come to life, not because the computer was collating and archiving everything you did, whether hiking a simulation of the Appalachian trail or indulging some crazy erotic fantasy.

Microsoft’s Xbox One won’t surround you with holographic fir trees, azaleas and mountain laurels, nor, as far as I know, will it dish out interactive porn. But it is going to be listening — and capturing data, and transmitting that data back to Microsoft — in ways no device in your household has ever listened to or observed you before.

When Stan Lee wrote “With great power comes great responsibility” in Amazing Fantasy #15 back in 1962, he packed a longstanding philosophical notion into six culturally resonant words. Those words couldn’t be more relevant today, with our lives awash in cloud-connected technology, generating and beaming back mountains of abstractly defined information that’s quietly sifted by complex machine algorithms and pored over by corporations in search of new ways to further secure footholds in our future lives.

So with Xbox One, which promises to streamline how we interact with TV, movies, music and games by introducing always-on, always-connected digital ears and eyes to our living rooms, I’d argue the burden on Microsoft to safeguard our privacy (and articulate that in a meaningful, non-pandering way) just shot through the roof.

Consider what we know about Xbox One for starters: The new console will come with Microsoft’s refined Kinect sensor, a detachable hammerhead-like camera with microphone that you’ll probably position somewhere high up in your entertainment center, where its upgraded 1080p widescreen eye can easily sweep your play-space. Unlike the Xbox 360, which functions whether the Kinect camera is attached to the console or not, Xbox One won’t work without Kinect plugged in. At least part of the reason for this is that Microsoft wants its new system to be instantly responsive and interactively seamless — so tuned to your physiology that the company is saying it can even measure your heartbeat simply by “looking” at you (courtesy its new infrared camera). But that sort of granularity also raises obvious and completely reasonable privacy concerns.

Microsoft’s been making the rounds in post-Xbox-One-reveal interviews, claiming that it’ll provide configurable privacy settings, but it’s been elliptical about what that means in specific terms; all we know for sure is that, at minimum, Kinect will have to be attached to the system for Xbox One to function. (To be fair, some of this pre-launch hedging is doubtless intentional, as the design team makes last minute changes — and decisions — about exactly how much control over privacy we’ll be allowed.)

We’ve also been told that while Xbox One won’t cease to function should you a suffer temporary loss of Internet, Internet connectivity will, as rumored, be required; we don’t have full details yet, but it sounds like the console will require a hotline back to Microsoft HQ at least once a day.

Bearing these things in mind, here’s my initial question list about Xbox One, narrowly focused on privacy and security concerns.

Will we be able to shut Xbox One’s camera and microphone completely off?

In an interview with CNET, Xbox group program manager Jeff Henshaw explained that while we won’t be able to remove Kinect without crippling the system, we will be able to completely disable the camera. That should please anyone worried about having to shell out extra for duct tape (you know, to manually cover the lens). But assuming Henshaw’s properly describing the final shipping product here, note that he says nothing about disabling the microphone. Will we be able to disable Xbox One’s “ears,” too? And can we disable both of these things permanently, or will we have to do so each time we reengage the console?

Can we opt out of transmitting general behavior and performance data?

Many companies allow you to transmit information about how you use their services, but allow you to opt out completely if you so choose; Apple, for instance, lets you transmit information about how you use OS X, but doesn’t require it. Microsoft, by contrast, already requires certain types of data collection when using Kinect with the Xbox 360. For instance, according to the company’s Privacy and Online Safety FAQ referring to “Kinect Performance Data”:

This information helps us continuously improve Kinect performance. It does not personally identify you, and collection of this data cannot be disabled. As you play, we collect information on how your Kinect device and platform software are functioning, usage patterns within the Xbox Dashboard applications, and other data that does not directly or personally identify you.

Notice the reference to “other data that does not directly or personally identify you.” That reference reappears in subsequent sections describing other types of Kinect data. Are claims of anonymity sufficient without disclosing what this “other data” is?

I realize other services (say, Steam) gather reams of anonymous, generalized usage metrics in trade for service access, then shop that data out to third parties, but just because no one’s cared enough to raise a fuss doesn’t mean it ought to be status quo. With Xbox One, the possibility of capturing consumer data at an unprecedented data-point resolution level in traditionally off-limits environments may seem a godsend to corporate marketing departments, but at what point does trading away your ability to control how information you’ve generated is used for access to whatever service cross the line between reasonable and invasive? If you’re going to turn your consumer base at least partially into free marketing fodder, you should at least give them the option not to participate.

Why are Microsoft’s references to “targeted advertising” so vague?

I believe Microsoft when it says Xbox One won’t try to target-advertise to individuals based on what they say or do while engaging with Xbox One. But I’m not at all convinced Microsoft won’t pass aggregate data on to third parties to use in more general terms. In a sense, you’re looking at a hypothetically vast and unparalleled sociological experiment about to embark, where companies can quietly gather behavioral information about us from within the intimacy of our households, collate that data (all while claiming, probably accurately, that it’s being done anonymously) then use it for marketing and who-knows-what-other purposes, potentially extending well beyond the scope of Xbox One. As noted earlier, just because collected taste-related data’s being anonymized doesn’t preclude us from being targeted at the demographic level.

How is Microsoft safeguarding Xbox One from hackers? What sort of security measures is it taking, both on the client and server sides?

This isn’t just paranoid thinking. Consider the case against furniture retailer Aaron’s Inc., which — whether itself or via franchisees — leased computers harboring illicit spyware to customers, computers that eventually sent some 185,000 emails containing sensitive information back to corporate computers. The idea that computers in intimate settings might, for one reason or another, surreptitiously capture what we’re doing and transmit that information illicitly isn’t fanciful worst-casing: it’s already happened.

Over the past few years, we’ve seen everything from Sony’s PlayStation Network to Stratfor to the C.I.A. hacked, whether to deface or disrupt web services or to pilfer personal information or shame companies by distributing that information en masse. An always-on, always-listening system that lives with us in our homes requires extraordinary attention to security — much more than just a wink and a smile from Microsoft in its terms and conditions assuring that everything’s under control.

Should companies that hope to place a device like this into tens of millions of households have to submit to independent, periodic security reviews? It’s worth asking the question. I don’t want to overreach, but then imagine how people might react if someone managed to hack into Xbox One — server- or client-side — captured someone engaged in highly sensitive activity, then pushed that online for public viewing.

Less a question than a request: Don’t patronize us in your upcoming Xbox One privacy FAQ, and don’t assume the only thing we care about when it comes to data aggregation and transmission is anonymity (or that that’s a sufficient definition of privacy and security).

I’m not fundamentally opposed to the idea that technology might track my comings and goings and doings at home, or that it might relay that information on to a company like Microsoft, which I’m sure intends to use it in at least some capacity to simply improve the service. Making what you do friendlier, more efficient and more relevant is an important aspect of any contemporary, Internet-connected service and there’s definitely a “glass half full” angle to much of this. But we deserve better explanations about these processes as well as reasonably broad control over how they work. And while I have no issue with a console requiring Internet connectivity to function in 2013, I do take issue with this idea that giving up certain privacy rights is an acceptable exchange for access to Xbox One’s traditional services.

In other words, if Microsoft wants to kick this “eyes and ears in your home” can down the road some more, fine, but the barrier to entry ought to be higher — a lot higher — than it’s ever been before.