Recent years have brought reports of the U.S. government eavesdropping on phone conversations, e-mails, even tweets -- all in the name of fighting terrorism. But surely your Xbox must be safe from the prying eyes of Big Brother?
Not for long. You might not immediately think that slaying dragons or driving like a maniac through virtual streets is all that interesting to intelligence agents, but the U.S. government believes there might be law enforcement gold on your Xbox. Government researchers say that hacking into consoles will allow police to catch pedophiles and terrorists. Meanwhile, privacy advocates worry that gamers may leave sensitive data -- and not just credit card information -- on their Nintendos without knowing it.
At the cutting edge of this development is Obscure Technologies, a small San Francisco-based company that performs computer forensics and which has just been awarded a $177,237 sole-source research contract to develop "hardware and software tools that can be used for extracting data from video game systems," and "a collection of data (disk images; flash memory dumps; configuration settings) extracted from new video game systems and used game systems purchased on the secondary market," according to the contract award from the U.S. Navy. (Law enforcement agencies contacted the Department of Homeland Security's Science and Technology Directorate for help on a tool to examine gaming console data. The Department of Homeland Security (DHS) then asked the Naval Postgraduate School (NPS) to execute the contract and spearhead the research because of the expertise of Simson Garfinkel, a computer science professor at the NPS in Monterrey, Calif. -- hence the U.S. Navy contract.)
The project, called the "Gaming Systems Monitoring and Analysis Project," originated in 2008, when law enforcement authorities were concerned about pedophiles using video game consoles to find victims. "Today's gaming systems are increasingly being used by criminals as a primary tool in exploiting children and, as a result, are being recovered by U.S. law enforcement organizations during court-authorized searches," says Garfinkel, a computer forensics expert. Indeed, the FBI warns that pedophiles often use online gaming forums as their hunting grounds. However, "there is a suspicion" that terrorists are also using online games to communicate, says John Verrico, spokesman for DHS's Science and Technology Directorate. While homeland security is the primary DHS mission, it also supports domestic law enforcement and first responders, Verrico says.
The ultimate goal is to "improve the current state-of-the-art of computer forensics by developing new tools for extracting information from popular game systems, and by building a corpus of data from second-hand game system that can be used to further the development of computer forensic tools," Garfinkel said in an email to Foreign Policy. Though the research is being overseen by NPS, the contract award states that the tools developed by Obscure will be delivered to DHS.
Monitoring gaming consoles is harder than you might think. Consoles such as the Microsoft Xbox 360, Sony Playstation 3, and Nintendo Wii encrypt their devices to prevent piracy and tampering. Indeed, the contract states that "analysis of the game systems requires specific knowledge of working with the hardware of embedded systems that have significant anti-tampering technology." But this is more than hacking; the government wants tools that can apply computer forensics, which look for legally admissible evidence, to consoles.
While there have been some attempts to use computer forensics on consoles, researchers say this is relatively new ground. The DHS project is "exploratory research and development," said Obscure Technologies president Greg May. "It will be interesting to see, because it's new to us as well. A lot of this stuff hasn't been done. We're not sure how complicated it is."
Of course, what the government is interested in is not the game itself, but the platform -- and the way you use it. Video game consoles have evolved beyond simple entertainment machines into powerful all-purpose devices that are used to watch movies, post on Facebook, or -- more important to an FBI or CIA agent -- chat with other players. "You wouldn't intentionally store sensitive data on a console," says Parker Higgins, a spokesman for the online privacy group, the Electronic Freedom Foundation (EFF). "But I can think of things like connection logs and conversation logs that are incidentally stored data. And it's even more alarming because users might not know that the data is created."