The Guardian, a UK newspaper, opened up a can of constitutional worms with a story that flat out accused Microsoft of helping the National Security Agency (NSA) intercept consumer communications and even skirt its security encryption.
The Guardian cited "top-secret" security documents. The paper claims it has files that prove Microsoft also "helped the FBI allow the NSA easier access via Prism to its cloud storage service SkyDrive." The story alleges Skype video calls were also being collected.
"The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's Outlook.com portal from the moment the company began testing the service in July last year," The Guardian reports. "Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats."
Smith Talks Back
Brad Smith, general counsel and executive vice president at Microsoft, wrote a blog post to clear up the matter. He said there are "significant inaccuracies" in the interpretations of leaked government documents reported in the media last week.
"Microsoft does not provide any government with direct and unfettered access to our customer's data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand," Smith said.
"If a government wants customer data -- including for national security purposes -- it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information," he said.
Smith went on to say that Microsoft only responds to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft's customer data, he said, and the aggregate data the company has been able to publish shows clearly that only a tiny fraction -- fractions of a percent -- of Microsoft customers have ever been subject to a government demand related to criminal law or national security.
"Microsoft is obligated to comply with the applicable laws that governments around the world -- not just the United States -- pass, and this includes responding to legal demands for customer data," Smith said. "All of us now live in a world in which companies and government agencies are using big data, and it would be a mistake to assume this somehow is confined to the United States. Agencies likely obtain this information from a variety of sources and in a variety of ways, but if they seek customer data from Microsoft they must follow legal processes."
How Critical Is This?
We caught up with Rob Helm, an analyst at Directions on Microsoft, to get his take on the controversy. He told us Microsoft is working hard to build trust with customers -- and U.S. government policy is getting in the way.
"Microsoft is basically handcuffed because they can't defend themselves without disclosing information supposedly of national security importance," Helm said. Smith makes it clear in his letter that he believes Microsoft is within its rights under the U.S. Constitution to disclose much more about the data it collects for government agencies.
"This is a critical issue for Microsoft because the company is looking to its cloud services to reinvent its software business," Helm said. "If you look at what Steve Ballmer says the company's primary priorities are, it's devices and services. The services plank will be wobbly as long as people don't know that their data are safe from snooping."
Posted: 2013-07-17 @ 3:32pm PT
I'm surprised it took Microsoft so long to speak out. As their legal counsel observes, electronic surveillance requires a court order, is confined to targeted individuals and has a set time limit after which the "tap" must be turned off. There's no Big Brother with blanked authority to access our personal info & communications.
Surveillance is dull hard work. Not particularly sexy. It takes an Ed Snowjob and paranoid fantasies to help sell British tabloids.