Home > Gaming > Terms & Conditions: The Xbox One will watch…

Terms & Conditions: The Xbox One will watch and listen (but what can it share?)

Xbox Live Terms and Conditions

 The Xbox One is finally here – and with it, renewed concerns about what Microsoft’s gaming console means for living room privacy. In addition to improved memory, processing power, storage, and other updated the features, the Xbox One (which is already being called the XB1 or Xbone, DT’s gaming editors tell me) comes packaged with an impressive new Kinect motion controller. It is the new Kinect – which apparently allows for some impressive hands-free gameplay – that is causing all the hoopla over the potential for in-home snooping. It packs a high-resolution 1080p camera that can “see” in the dark and multiple microphones, after all. What could be the problem?

Adding to the controversy over the new Kinect is its “always listening” mode, revealed to Polygon by Microsoft hardware program manager John Link, which means the Kinect’s microphones can detect voice commands at all times – even when the console is powered off. Fortunately, Jeff Henshaw, one of the executives tasked with Xbox development, clarified to Cnet that Microsoft “will give you modes that ensure your privacy,” meaning that you can probably turn “always listening” off – Henshaw doesn’t say so explicitly, however – and definitely keep the camera’s prying eye from invading your living room at all times (this he does address head on).

So that’s at least tentatively reassuring – which is to say, not reassuring at all. Then there’s the matter of what kinds of protections Microsoft’s terms of service and privacy policy give to users. Here, we’ll dig through the Xbox Live legalese – from its range of rules and regulations to its flavor of privacy protections – to see just what you can expect when the new Kinect invades your living room.

Terms of Use

Microsoft recently revamped its terms to make it easier for people without a law degree to understand, which we love to see here at T&C. That said, the sheer length of the document likely ensures that few people – and certainly no teenagers – will ever read the thing. So here are the key bits.

Not for sale

For starters, Microsoft makes clear that it forbids users to “sell, assign, or otherwise transfer your account to another person.” It is also against the Xbox Live ToU to share your password with someone else – and doing so could result in a cancelled Xbox Live account, if Microsoft managed to find out (which is unlikely).

Please, behave

Microsoft has a whole separate “Code of Conduct” for Xbox Live that is part of its Terms of Use – and that means you must abide, or face the consequences. Fortunately for users, Microsoft has laid out the “dos and don’ts” of its online gaming service in extremely straightforward language (i.e. “Be polite and treat others with respect. Just because you’re online doesn’t mean you should be a jerk.”). It also lays out exactly what the consequences are in equally clear terms. They basically boil down to don’t be a punk, don’t cheat, don’t share porn, don’t hack anything, and don’t do anything else illegal. Fail that, and your account might be suspended. That said, I suggest you read these in full before signing on – it’s an instructive, quick list, and could help you avoid a lot of problems.

Hack attack

In addition to the rules outlined in the Code of Conduct, the Xbox Live ToU strictly forbids console modding of any kind. From the terms: “You can’t use unauthorized software or hardware to access the Services, nor can you modify an Authorized Device in any unauthorized way (e.g., through unauthorized repairs, unauthorized upgrades, or unauthorized downloads).”

Not only does Microsoft not allow users to hack its game consoles, but doing so is actually against federal law. According to the Digital Millennium Copyright Act, console owners are strictly forbidden from modding or otherwise hacking their Xbox consoles to run unauthorized software. Do so, and you could be hit with some serious lawsuits.

You’ve been deleted

Any long-time reader of T&C knows that I am not a fan of the “auto-delete” provision, which allows companies to terminate your account and cut off access to all associated content at any time, and for any reason. I just don’t think it’s fair to impose such a mandate on people who pay hard-earned money for a product or service.

Not surprisingly, Microsoft is one of the many companies with this provision in its terms, saying that the company “may disable access to Microsoft and third-party content associated with your account for any reason.” Yes, this may be necessary to protect the company, but that doesn’t make it any less lame.

There’s a price

If you pay for an Xbox Live membership, or buy a game or other product through the service, don’t count on getting a refund if you don’t like what you bought – all sales are final, unless otherwise stated (and you won’t see that stated very often). Furthermore, prices for apps, games, or services can change at any time – so don’t go crying to Microsoft if your friend got a better deal than you. Them’s the breaks.

Don’t sue me, bro

A couple of years ago, gamers got their panties in a bunch after Microsoft added a mandatory arbitration provision to its terms, which basically said you can’t sue the company for any alleged wrongdoing – you can only settle out of court. It is possible to opt out of any FUTURE changes to the arbitration agreement, but whatever’s in there on the day you signup for Xbox Live stands.

Moreover, Microsoft makes it clear that the arbitration agreement does not apply to copyright violations – in fact, it screams as much in the ToU: “This section applies to any dispute EXCEPT IT DOES NOT INCLUDE A DISPUTE RELATING TO THE ENFORCEMENT OR VALIDITY OF YOUR, MICROSOFT’S, OR EITHER OF OUR LICENSORS’ INTELLECTUAL PROPERTY RIGHTS.”

Put another way, Microsoft will sue you if you mess with its copyrighted works.

Privacy Policy

While Microsoft has dumbed down the language of its privacy policy in the same manner as its ToU, it has also confused matters terribly by spreading out its stance on privacy all over the place, providing at least three different Web pages that address user privacy, and mixing in a variety of important privacy statements into its ToU. I don’t believe Microsoft is intentionally trying to confuse people – but that’s certainly the effect. For the record, this page is the one that matters most.

Privacy? We don’t need no stinking privacy

First, let’s address the important privacy provision that is actually in the ToU, not the privacy policy. Microsoft says that “your privacy is important to us,” which is a nice thing to say. Unfortunately, that is soon followed by a rather troubling statement: “You should not expect any level of privacy concerning your use of the live communication features (for example, voice chat, video and communications in live-hosted gameplay sessions) offered through the Xbox LIVE/Games for Windows-LIVE service.”

That’s right – expect zero privacy when using Microsoft’s Xbox Live communication services. Microsoft says that it “annot monitor the entire Services and make no attempt to do so,” but stipulates that other users can record what you say over Xbox Live, if they so choose. So don’t say anything you might regret.

Kinect, you’re scaring me

Ok, so now that you know you shouldn’t expect to have any privacy, let’s dig into exactly what Microsoft might monitor with your Kinect. The answer, in short, is a hell of a lot. Your voice, your face, your entire body, even how much you exercise – “calories burned, time spent playing, and physical intensity of your movements” – all of this very personal data is sent to Microsoft and stored on its servers.

Kinect ID, a type of “biometric sign-in,” allows users to sign in via facial recognition, which might be enough to fighten some people away entirely. The good news is, this information is not actually sent to Microsoft in a form that allows the company (or hackers) to gather meaningful information about your mug. Instead, according to the Kinect privacy FAQs, “This data is stored permanently on your console to enable sign in to your gamer profile, and is not returned to Microsoft. This information is stored as a long series of numbers, and it does not personally identify you.” Plus, you don’t have to use Kinect ID at all, if it gives you the willies. 

Power down

As for the “always listening” or “always watching” mode of the Kinect, you have a couple of options. First, you can presumably turn this off in the Kinect settings – and I recommend that you do so. The other option, of course, is to simply unplug your Kinect from your console, which completely turns off the device. That is the absolutely best way to protect any possible invasions of privacy, from Microsoft or possible hackers. 

Calm and collected

 In addition to collecting speech and physical data, Microsoft collects all types of other metrics, including all of your login details, your payment details, and a whole slew of usage data – how you are using your Xbox and Kinect. Microsoft says this usage data is anonymized, so it won’t be connected directly to you. But still – the company is gathering hoards of data about its customers, and that can be used in all types of ways, from targeted advertising to making improvements to the system

I would be more specific, but that’s about all that Microsoft reveals on the matter. We just don’t know exactly what Microsoft is doing with its data. And even if it is anonymized before they use the information, there’s no guaranteeing that it is stored that way in the company’s system.