Department of Homeland security believes used console data could help catch terrorists
The U.S. government has awarded a $177,000 contract to Obscure Technologies to develop tools that can be used to extract data from video games systems.
The research, headed by the Naval Postgraduate School, is designed to retrieve data from used consoles that can be used to prosecute pedophiles and suspected terrorists.
"Today's gaming systems are increasingly being used by criminals as a primary tool in exploiting children and, as a result, are being recovered by U.S. law enforcement organizations during court-authorized searches," said Simson Garfinkel, a computer science professor at the NPS in Monterrey, California.
The "Gaming Systems Monitoring and Analysis Project" has been underway since 2008, and originally targeted pedophiles.
But John Verrico, spokesman for the Department of Homeland Security's Science and Technology Directorate, says "there is a suspicion" that terrorists are also using games to communicate.
The goal is to "improve the current state-of-the-art of computer forensics by developing new tools for extracting information from popular game systems, and by building a corpus of data from second-hand game system that can be used to further the development of computer forensic tools," Garfinkel told Foreign Policy.
It isn't the games themselves that have the attention of government agencies, but the way they are now used. With new social apps and chat channels available on consoles, the government wants a way to be able to montor communications from suspected criminals.
This isn't as easy as it sounds.
"A lot of this stuff hasn't been done, said Obscure Technologies president Greg May. "We're not sure how complicated it is."
Data on consoles is deliberately encrypted to prevent hackers from obtaining personal data, and building forensic tools means developing a system that generates data useable as evidence.
The contract has drawn attention from privacy advocates, who worry about the amount of data users can unknowingly leave on a console.
"You wouldn't intentionally store sensitive data on a console," says Parker Higgins, a spokesman for the Electronic Freedom Foundation.
"But I can think of things like connection logs and conversation logs that are incidentally stored data. And it's even more alarming because users might not know that the data is created."
Due to these concerns, the DHS will only be purchasing systems in foreign markets, and data pertaining to U.S. citizens will be "removed from the corpus".
The issue of console security is relatively new, and one hindered by government regulations that prevent tampering with copyright protected tech, but the EFF is lobbying for an expemption that would allow the owners of consoles to install essential security software.
Until then, it is best that console users be aware of the security risks that come with selling their systems. You never know who is looking at your data.