Microsoft vs Your Rights - Can they be Trusted?

By: Ricard Julianti

Have you heard? Microsoft removed the DRM restrictions for the Xbox One! Gaming is saved and it’s okay to love Microsoft! They won’t try to violate our rights ever again! The internet won, right? Well, not exactly…

You see, rumors about the DRM policies were flying around long before Microsoft revealed the Xbox One in May. Comment sections on those rumor articles around the internet were filled with people saying how stupid MS would have to be in order to try something like that. There was a rumor in early May about an internal memo sent out to Microsoft employees that supposedly debunked the “always online” rumor. A man even lost his job after becoming an internet meme when he told fans to “Deal with it” while referring to online restrictions.

After all of the negative press and word of mouth the still-unconfirmed console received, you would think Microsoft would come out and officially denounce the rumors if they weren’t true. Instead they let the flames burn far and wide, even tossing a barrel of gasoline in the mix when they confirmed the rumors on May 21st. Gamers went so far as to create a Twitter hashtag campaign, that got noticed by the mainstream media, in an attempt to keep DRM restrictions off of the Playstation 4 and for Microsoft to reverse their policies.

“If all you want is gaming, you’ll still pick us. The super core guys, they buy everything,” they said, confident that once they showed the Xbox One’s E3 line-up people wouldn’t mind their rights being stripped away. They were wrong. Once pre-orders for both the PS4 and X1 were available, it was clear which console was favored regardless of games or other features. This was the key decision in Microsoft’s turn-around. Money.

If Microsoft was actually listening to the complaints of fans, they would have done everything in their power to remove the restrictions before revealing the console. Instead, they say that those without adequate internet can simply buy the Xbox 360. Despite claims from Major Nelson (at the 11:33 mark), removing a 24-hour online check and the one-time transfer is in fact a simple matter. Lines of code in the system kernel would need to be changed, but nothing would need to be done from a hardware standpoint. Four days after his statement, MS reversed their policies. Thing is they forgot a major factor, the Kinect sensor.

The new Kinect has the ability to function in a low-power state so the system can be turned on with a simple command of “Xbox. On.” This brought up major concerns with people since they want their privacy to be protected. The Kinect sensor is required for the Xbox One to function so you can’t simply keep it in the box and never use it. However, it does have the ability to be turned off so that it doesn’t even listen passively. It doesn’t record conversations, upload them to the cloud or anything violating, so it seems.

Even though it only listens passively while on, it still hears everything regardless of command. In the past, nothing short of a firewall from a computer security company like McAfee would prevent a hacker from activating a webcam that’s connected to a computer. Even when those webcams are completely off they can be accessed. These PC’s usually run the Windows operating system which predominantly uses an x86 architecture, exactly like the Xbox One. Windows itself has been plagued with viruses and other methods of hacking from the start and the Xbox One uses the same kernel for one of its three operating systems. Sadly, people with nefarious intentions aren’t the only ones people should be worried about.

Microsoft claims in recent ads that “Your privacy is our priority.” If by that they mean “Our priority is how to get around your right to privacy,” then they are absolutely right. Edward Snowden, former technical contractor for the National Security Agency, discovered a program put in place in 2007 called PRISM. PRISM operates as a domestic surveillance program where the NSA gathers information using “extensive, in-depth surveillance on live communications and stored information.” This includes things such as emails, social media outlets, photos, videos, voice-over-IP chats and even private phone calls.

Voice-over-IP should raise some major red flags as that is the technical term for what Skype is. If you say, “But Microsoft wouldn’t allow the government to collect our private information like that! It’s illegal!” you would only be half right. It is in fact illegal in the United States according to the 4th Amendment to the Constitution. The 4th Amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” which basically boils down to, “The government cannot hold or search you or your property without a warrant or probable cause.” Some legislators claim that the legality of PRISM hinges on the Patriot Act, but if that is true then the Patriot Act is unconstitutional as well. However, this is reaching into a big political discussion which no one wants.

Microsoft was directly implicated in the scandal as being partners with the NSA in handing over information about their customers. This is their initial statement regarding the program, “We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.” While that is all well and good, it is also a blatant lie.

Recently, documents have surfaced that show just how closely Microsoft has been working with the NSA on information collection. If they only gave customer data when it involved “specific accounts or identifiers,” why would they work with the NSA to bypass encryption on Outlook, provide PRISM with the ability to collect Skype video calls and allow the NSA access to their SkyDrive cloud service? Nothing there involves “specific accounts or identifiers” and instead covers the services in their entirety. Microsoft has basically handed them the keys to the castle.

Why should the Xbox One be excluded when it runs on the Windows kernel, uses Outlook for every XBL account, has integrated Skype as a major selling point, and connects to Microsoft’s Cloud where the data would be readily available to anyone holding the keys? If your average hacker can access powered-off webcams using something as simple as a malicious email, think about what the NSA could do without having to jump through hoops. It may sound like a conspiracy theory, but the NSA already has access to every one of those aspects outside of the Xbox One. One bright spot with the 180 Microsoft pulled on the DRM is that you only have to connect the console to the internet once to download the Day 1 update. Yes, it still requires a connection…but only once.

So can Microsoft be trusted to protect our privacy and not send any and all personal data to the NSA? Well, that’s for you to decide. Personally, I don’t think they can be and hopefully the exposure they are getting in this leads to some changes. Of course judging by their history, they will only change if they start to see any chance of money being lost. Even then it may take a while and they would more than likely work out some other secret deal while putting up a front of change.

If the negative press and complaints from fans had any effect on Microsoft’s decision, instead of just removing the online requirement (kind of), they would have done more to quell the fears of people’s private lives being invaded; not get exposed in an international scandal involving the disclosure of private information.

Wave hello to the NSA everyone, they’re probably watching.

By Jonathan Suedmeyer a.k.a. “Ricard Julianti”