Microsoft accused of handing NSA access to encrypted messages

Microsoft accused of handing NSA access to encrypted messages

Summary: A report following the U.S. government's outed spying program accuses Microsoft of handing over secure and encrypted emails and messages to the National Security Agency.

SHARE:
TOPICS: Security, Privacy
56
Building_99_Redmond_Campus_2_Web
(Credit: Microsoft)

Latest reports from The Guardian accuse Microsoft of close collaboration with the National Security Agency (NSA), a month after the first disclosures came detailing the U.S. government's mass surveillance program.

The report, published on Thursday, cites a document provided by former NSA contractor turned whistleblower Edward Snowden, claim to indicate the "scale of co-operation" between Silicon Valley technology giants and the intelligence community.

Read this

Latest NSA leak details PRISM's bigger picture

Latest NSA leak details PRISM's bigger picture

Another leaked batch of top secret slides relating to the U.S. National Security Agency's PRISM data collection program sheds further light on how non-U.S. data is collected from various tech firms, and how under law, U.S. data is filtered out — albeit not always.

The document, which was not published at the time of The Guardian's initial reporting, is also understood to shed new light on the PRISM program, a system that is believed to automate the process in which orders under the Foreign Intelligence Surveillance Act (FISA) are issued to data-holding companies.

Among the allegations, the files provided by Snowden seem to show Microsoft helped the NSA "circumvent its encryption" to enable Web chats to be intercepted in its Hotmail replacement, Outlook.com. The report cites an NSA internal December newsletter, stating that Microsoft "developed a surveillance capability" to deal with encryption issues.

This was tested and went live in mid-December 2012, said the report, just months before Outlook.com replaced Hotmail in February 2013.

Also, it's alleged that Skype, which was bought by Microsoft in October 2011, also worked with U.S. intelligence agencies to allow analysts to access video and audio conversations through PRISM.

PRISM is just one strand of a two-pronged operation out of the NSA's mass surveillance program. PRISM is designed to be used in conjunction with another system. Dubbed "Upstream," investigative reporting by ZDNet in June detailed how Tier 1 fiber companies were likely ordered under law to allow vast amounts of data belonging to U.S. citizens and foreign nationals to be wiretapped.

The new document is also understood to detail how the NSA shares data with the Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI), in what is reportedly described as a "team sport." 

Another leaked slide from the Snowden collection in late June offered a wider picture of the PRISM program. The data flow diagram noted that in conjunction with the NSA, the FBI's Data Interception Technology Unit (DITU) role was disclosed. The FBI's DITU is understood to be the unit acting domestically on U.S. soil to wiretap Tier 1 companies.

Skype said at the time in 2008 that it "would not be able to comply" with wiretap requests.

However, in late June, just weeks after the PRISM program came to light, Skype principal architect Matthew Kaufman took to an email list to claim the move from peer-to-peer nodes to Microsoft-owned cloud servers was for scalability, not surveillance. 

However, later statements by Skype in mid-2012 state that, "Skype to Skype calls do not flow through our data centres." The Microsoft-owned unit stated: "These calls continue to be established directly between participating Skype nodes (clients)."

The FBI's DITU unit was also "working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes," according to another newsletter entry cited by the publication, dated April 2013. Just two months later in mid-June, Microsoft announced it would swap out linked accounts — multiple accounts that could be easily switched between — for aliases — which would allow users to set up multiple inboxes. The software giant said this was a security measure.

In a statement to the publication, Microsoft said it has "clear principles" which guides how the software giant deals with government demands for law enforcement. It also said it examines "all demands very closely, and we reject them if we believe they aren't valid."

"We only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate."

In March, Microsoft revealed its first transparency report following pressure from civil liberties and privacy groups. Out of 75,300 requests, just 1,558 disclosures — or 2.2 percent — were made to law enforcement.

Microsoft emailed over the same statement to The Guardian, but reiterated that it "does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product."

Topics: Security, Privacy

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

56 comments
Log in or register to join the discussion
  • 1984

    So can we start labelling any Microsoft employee as a spy now? I guess Apple was pretty close in their superbowl ad, just off by a couple decades.
    NathanDrake
    • Just imagine what Google must be doing to help the NSA

      At the WPC Microsoft said Google has more data c
      Jabe124
      • Accidents pressed submit button

        enters than Microsoft does. They even said "Google is bigger than i. There is a very likely chance that Google stores more data than Microsoft does in those data centers and as long as they are legally compelled to do so they have to give data to the go erent of the gov wants it. If they decide to completely move their business out of the U.S. and stop being in their market then maybe they could not be required to give the NSA info. All this applies to Microsoft as well as any other American company too. Microsoft is no more guilty than Google is.
        Jabe124
        • disgusting Microsoft apologizers

          what kind of low life can justify MS actions? They prefer to talk about Google instead of facing reality.
          theo_durcan
        • Ditch both

          Go Linux, use a VPN, and stop searching on Google and Bing, but whatever you do, do not use Chrome OS or Windows.
          T1Oracle
  • one provider

    Of course, Microsoft wants to be the One provide of all your digital life... soon to come to your real life as well.
    danbi
    • Agreed. Just like Google and Apple

      want to be the One provide of all your digital life... soon to come to your real life as well.

      So what was your point? If your data is going to be handled over to the NSA, you'd rather it be from Google or Apple? Sounds like you have a vested interest in one of those two aforementioned companies.

      Talk about the need for transparency...
      William Farrel
      • Not really

        Google will at least inform the end user if theres a request for your data.. Microsoft been known to have a nsa backdoor in XP when it came out.. After years of denial its so believable now.
        Anthony E
        • Errrmmm ... no.

          "nsa backdoor in XP "

          Don't you think that such a back-door would have been discovered and disclosed by now considering that XP is the most-hacked OS in history?

          Remember, just because someone claims something to be true doesn't make it so.
          bitcrazed
          • Remember when the Iranian nuclear enrichment plants were hacked?

            What OS do you think they were using? Of course XP has a backdoor, they just hid it well. I bet the Chinese know about it, but why would they tell you?

            http://www.dailymail.co.uk/news/article-2178781/Iran-nuclear-facilities-hit-cyber-attack-plays-AC-DCs-Thunderstruck-volume.html
            T1Oracle
      • Re: Just like Google and Apple

        No, much worse. Microsoft not Google made a whole case of "your emails are being snooped by Google, we of course don't do such thing!", they seem to be doing much worse. What a hypocrisy...
        eulampius
        • Microsoft may still be telling the truth, and Google is spying

          on all of your data and browsing and emails and anything else that you use Google for.

          Microsoft might still not be spying on your data and emails, but they might be turning over data and emails and browsing history to the NSA. The NSA is not Microsoft, and the NSA is government, and government can intimidate and threaten, which a lot of companies don't want to use any of their money and assets to combat against.
          adornoe@...
      • It's not about this

        No, fanboy. It is not about Microsoft vs. Somebodyelse.

        It is that when someone, anyone promises me they will solve all my problems, that small red light goes on and I know they took me for some fool.

        By the way, you are imagining things. Go check with the NSA what my interest is.
        danbi
  • I have no problem with Microsoft working directly with the NSA

    Its betten than letting the wacho in Congress let the NRA & the Zimmerans of the world get away with carrying guns just because they think were still living in the 1700 and there will be fight today at the OK Corral.
    Over and Out
    • excellent

      your loyalty and unquestionable support of the NSA program will not go unnoticed by the NSA.
      archan127
      • you mean

        He gets a medal with "YAI" on it?
        danbi
    • Oh...My...God!

      Besides the fact that you are willing to give up your (and my) Second Amendment rights, you do realize that the "Gunfight at the OK Corral" occurred in 1881, NOT in 1700. In 1700 we wouldn't have had any Second Amendment because the Constitution wasn't written until 1787; we were under the rule of King William III of England and had NO rights whatsoever.

      And besides, Zimmerman had a concealed carry permit. How is that bad? Nearly everyone in all 50 states can get such a permit.

      While I agree with you that no one in Congress should be allowed to view my personal data, it's abhorrent that Microsoft was working with the NSA to provide such access.
      benched42
    • Stupidest post of the year.

      Nice going champ.

      BTW, are you smart enough to notice how what you just approve of, would be in direct violation of 2 of our rights, under our bill of rights?

      Frankly, you belong in a different country, because you have no respect for our constitution and our rights and freedoms.
      adornoe@...
    • Ja wohl!

      "My Führer! As we have performed our duties in the past, so shall we also in future, wait solely for your order, your order alone."
      IanRoy
  • Ah well, so much for privacy in any sense

    After all, apparently (every)one's stuff must be made available so it can be determined if one is more may be a criminal/terrorist/voter for the other guy/etc. Well played Microsoft!
    ego.sum.stig