Accountability: Xbox Live and The Playstation Network

It was about nine in the morning on Easter Sunday. I was halfway through brushing my teeth when I remembered, quite spontaneously, that on the next day my Xbox Live Gold account would automatically renew for another twelve months. I had received the email from Microsoft a month earlier, warning me they would be using my credit card to take another $80 from my bank account and, at the time, I thought little of it.

But in the intervening weeks, two things had happened. Firstly, I paid rent and a few bills that I had forgotten about, diminishing my poor, postgraduate bank balance down to a meagre $57. Secondly, and possibly related to an ill-fated attempt to open the jammed disc tray with a cheese knife, my 360 became inoperable after succumbing to the Red Ring of Death.

So there I was, a mouth full of toothpaste and less than twenty-four hours to disable the auto-renewal of my useless Live account if I was to eat this week. I logged onto Xbox’s website and went to my account settings, searching for the checkbox that I assumed I could simply untick to disable the auto-renewal and prevent starvation. I mean, that is all it would take, right? A box that says “Auto-renew Gold subscription?” with a checkbox next to it?

Well, no, surprisingly. It turned out I could not disable Gold on the website. I would have to call Microsoft with a telephone if I wanted to prevent Microsoft from spending my money. I live in Australia, and yet I failed to find an Australian number on Microsoft’s website, and I did not want to waste what little money I had calling the American number on Easter Sunday, when I assumed I wouldn’t get an answer anyway. Fortunately, I had another crafty plan up my sleeve. I would just delete my credit card details from my account. They can’t renew my account if I can’t pay for it, can they?

Alas, Microsoft was having none of that. I couldn’t delete my card because it was the only payment option attached to my account. See, if I deleted it, I wouldn’t be able to pay for future purchases, such as... a renewed Live subscription for my bricked console. I was infuriated. Whether or not Microsoft spent my money, it seemed, was entirely up to them. I couldn’t disable anything; I had to phone them and ask them ever so politely to do it.

Eventually, I found my way onto a webpage with an Australian phone number for me to call and, surprisingly, spoke to a real person—in an American call centre. To be fair, I should note that Brad, the pleasant chap who helped me out, was able to turn off the auto-renewal in a mere twelve minutes. However, the entire saga was a wake up call for me. It made me realise that in this situation, I was not entirely in control of my money or how it was spent. Who else, other than Microsoft, had I unknowingly given direct control over my money? Who else would I one day have to call up and beg to not spend my savings?

Six days later, the identity theft of 77 million Playstation Network users was headlining not just IGN and Kotaku, but every major news outlet. Locally, it was being called Australia’s biggest security and privacy breach. The jury is still out as to whether or not credit card details are secure, but as I write this, yet another attack is being reported to have befallen Sony Online Entertainment, with 12,700 credit card numbers stolen. Days before, I was checking my bank account to ensure Microsoft wasn't using the information I gave them to spend my money without my permission. Just days later I was checking it to ensure the information I entrusted to Sony for safeguarding hadn't met the same fate.

At first glance, these situations are hardly comparable. One was a failure of Sony to safeguard the confidential information of its customers. The other was me, the customer, failing to read the fine print of the contract I was entering with Microsoft before handing over my information. Yet both have reminded me just how much of my identity I give away on the internet, and how little of my digital self I retain sole control over.

Ten years ago, I would never have dreamt of spending real money on the internet, or using my real name to register on a website—and certainly not my real address. But times changed, didn’t they? The internet became less scary and more welcoming. Perhaps it started with using my real first name on a forum, then perhaps I used my credit card on eBay, just to buy that one game not available in Australia. A couple of years later, Steam asks me if it can save my credit card details. Sure, why not? Better than having to track down my wallet every time Steam has a sale.

We became so trusting and so self-assured. We would chuckle at our computer-illiterate relatives as they got all flustered about hackers and viruses and phishing scams (Oh my!) We felt safe in the knowledge that we were clever enough never to get caught ourselves, even as we saved our credit card numbers online and let Firefox remember all our passwords. Microsoft and Playstation don’t even ask you if you want your credit card details saved. If you use a credit card, it just gets saved onto your account.

And now it seems it’s finally coming back to haunt us. We aren’t falling for email phishing scams from Nigerian royalty, we are willingly and unquestioningly handing our identities over to corporations, trusting them to do no wrong by us.

Corporations and hackers alike have the ability to use my identity and my money on purchases that I don’t want. Am I angry with Sony for losing my information? Certainly. Am I angry with Microsoft for making it so hard for me not to spend my own money? Certainly. But it was I who gave Sony all that information in the first place. It was I who agreed to Microsoft’s terms and conditions without reading them carefully.

Somewhere in this house is my DSi. I don’t know where I exactly I last left it, but it contains my credit card details, saved from the one time I made a DSiWare purchase. I would never just leave my credit card sitting around like that, but these last couple of weeks have shown me that in cyberspace, I often do that very thing.

We, as consumers, should be furious at corporations when they abuse our trust. But whatever made us think it was okay to trust them so much in the first place?

---

Brendan Keogh is a freelance writer for such publications as Gamasutra, Hyper, Kill Screen, IndustryGamers, Pixel Hunt, and CraftHub. He blogs at Critdamage.blogspot.com and can be found on Twitter @BRKeogh.