A recent batch of emails released by Anonymous as part of Operation AntiSec show how US police use Xbox and PlayStation consoles in investigations.
I can't condone Anonymous disclosing the contents of a California Department of Justice computer crime investigator's Gmail account. It has nevertheless provided an interesting window into contemporary policing practices.
An in-depth report by ars technica shows what was discovered after sifting through the glut of 38,000 published emails.
Devices like the Xbox, PS3 and iPads are now a key focus area for digital forensics teams seeking evidence. Two investigative practices particularly caught my attention:
First, accessing content on seized gaming consoles is crucial in many investigations. Finding illegal material on hard drives remains a primary focus, but gaming logs are increasingly important. Time stamps on saved games, checkpoints and even screenshots (through the Xbox Kinect for example) showing a subject playing all provide evidence that can help establish an alibi or guilt.
Second, police increasingly use online environments, like Xbox Live, as a forum for communicating with suspected criminals and reportedly record conversations ars technica notes that Microsoft has registered a patent for "Legal Intercept". Legal Intercept allows the interception of internet calls, including on gaming systems like Xbox Live and Skype.
The report also notes how Microsoft actively discloses information like "IP addresses for Xbox Live logins, registration and billing information, titles of games accessed etc" to the police.
Clearly, the closer ties companies and law enforcement have can be beneficial to criminal investigations. However, there also needs to be increased accountability and transparency within this relationship.
In the UK, for example, s29 of the Data Protection Act 1998 allows a company to voluntarily disclose the personal data of a user to assist the police in criminal investigations. Under the Act, the user loses his/her right to be notified and his/her access to verify the accuracy of the data is limited.
Voluntary disclosures means that different companies will vary in their willingness to cooperate with the police, creating a fragmented environment for protection of personal information and user privacy.
In a nutshell, Xbox Live players might might find that their information is more or less private than PlayStation gamers.
Also, companies will have a different standards of due process from publically accountable organisations.
Companies are often the gatekeepers providing police access to our 'data doubles'. When these companies allow access, will they consistently be guided by principles of transparency, proportionality and necessity? As it stands today, I would say this is questionable.
Something to think about the next time you settle into an online multiplayer game of Call of Duty 3 on Xbox Live.
Wouldn't you like to know what information companies are
prepared to share with law enforcement about you?