Microsoft sucked into ever-growing NSA vortex: who's next?

Microsoft sucked into ever-growing NSA vortex: who's next?

Summary: Did Microsoft's "reasonable assistance" go too far, becoming an NSA branch office and betraying their customers? What about other service providers?


With every new day that journalists dig through the secret files released by Edward Snowden, with every new astonishment as we discover the sheer enormity, nay, the truly pan-galactic scale of the NSA's baleen whale of surveillance, scooping up every nybble and bit of data that might contain, somewhere in its subatomic structure, the hint of an odour of a dream of a terrorist plot, the more I think that the great American writer Hunter S Thompson has already specified the only recipe that could possibly brace our minds to cope with this insanity.

"We had two bags of grass, seventy-five pellets of mescaline, five sheets of high powered blotter acid, a salt shaker half full of cocaine, and a whole galaxy of multi-colored uppers, downers, screamers, laughers... and also a quart of tequila, a quart of rum, a case of Budweiser, a pint of raw ether and two dozen amyls," said Raoul Duke, the drug-addled protagonist of Thompson's 1971 novel Fear and Loathing in Las Vegas.

"Not that we needed all that for the trip, but once you get locked into a serious drug collection, the tendency is to push it as far as you can."

The NSA has shown that once you get locked into a serious data collection, the tendency is to push that as far as you can too.

Once the NSA was tasked with collecting international communications and data, and analysing it for foreign intelligence matters. Now it seems to be tasked with gathering well, pretty much everything about everything by everyone everywhere.

The NSA's allies in the Five Eyes nations have been lending a hand, including the UK's Government Communications Headquarters (GCHQ). Yet even the UK's security service MI5 has complained that things have gone too far. The backlash against the NSA isn't your everyday gripe about over-enthusiastic spooks colouring outside the lines of the law.

No less a security luminary than Bruce Schneier has called the NSA's surveillance programs "unconstitutional". He's joined the board of the Electronic Frontier Foundation (EFF), one of the most influential digital rights and civil liberties lobby groups, and wants the programs shut down.

We can expect some tough political negotiating. The NSA reckons it's simply extending its work into the cyber realm to protect us from emerging cyberthreats. Its opponents reckon they've crossed the line into a surveillance state, and that for all their talk of terrorists we'd be better off launching a war against bathtubs.

Such matters extend into a political realm that extends beyond the remit of these technology news pages. But today's news from The Guardian — that Microsoft has given the NSA access to email flowing through at a "pre-encryption stage", that they helped the NSA circumvent Skype's video encryption, and much more — raises a question that goes to the very heart of the technology industry.

"Who do you serve?"

As The Guardian points out, Microsoft's latest marketing campaign includes the claim: "Your privacy is our priority." The privacy policy for Microsoft-owned Skype says: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

Clearly that's not the full picture.

Particularly if you're a Microsoft customer in a country that's, oh, not America.

Microsoft is hardly a renegade outfit. It has to follow the law and cooperate with lawful requests from intelligence services, and there is such a thing as lawful communications interception. But there's a difference between providing reasonable assistance where it's appropriate, while still working hard to prevent the transfer of customer data — that's what Microsoft promised, remember — and doing the exact opposite by becoming what is, in effect, a branch office of the NSA.

Raoul Duke's substance abuse might excuse him for not perceiving the conflict of interest here. A rationally managed corporation has no such excuse.

Over coming weeks we'll presumably hear how other major technology and communications companies across the Five Eyes nations have approached these issues.

Indeed, as reported on Friday, Telstra signed an agreement in 2001 with the FBI and US Department of Justice to retain metadata on communications carried across its cable linking Asia to the US.

"Telstra, at the time majority owned and controlled by the Howard Government, struck a deal to allow 24/7 surveillance of calls going in and out of the United States, including calls made by Australians. The cables in question are operated by Telstra subsidiary Reach, which controls more than 40 major telecommunications cables in the region, including cables in and out of China and Australia," Greens communications spokesperson Scott Ludlam said.

Snowden's document dump has already triggered the biggest questioning of the Five Eyes intelligence agencies' powers in decades, but now it seems there's still much more to come. The questions are moving beyond the power relationship between those agencies and ordinary citizens, to wider questions about the role of the industry itself, and how vendors should balance the conflicting interests of customers, citizens and governments.

The rise of private, encrypted communications services like Silent Circle suggests that the right balance might lie elsewhere. But then so does the rise of services like Kim Dotcom's Mega.

And the political question could even become a personal one for every employee. "When they finally dismantled the surveillance states of the early 21st century, were you just following orders?"

It's a long road ahead. Better open that tequila.

Topics: Microsoft, Privacy, Security, Telstra


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Yes and No. There is a difference between a company

    that has to follow a government mandated "request" for access to data, a government agency that really doesn't give a rats butt what shampoo you buy, or who you voted for on American Idol, vs. a corporate entity acting on it's own interests, where what shampoo you buy, or who you voted for on American Idol IS of great importance to them in reference to how much money they can make with that info, making it available to their "partners" with the right amount of cash.
    William Farrel
    • worst

      Actually this is worst. Knowing my likings are small matter compared to USING info. Against me which is worst
    • Actually is the opposite

      Even more if you aren't an American citizen.
      I don't care if some automated mechanism show me an ad about a new bicycle after sending an email to a friend about my next vacations.
      Who works at NSA? What are they doing with my data? Why the secrecy? Can my very innovative company in Luxemburg use Skype?! ...
    • Mares eat oats and does eat oats and little lambs eat ivy

      Microsoft just wants your trust. They are not Google and if they spy on you it is just part of their reorg. Not like google who is kicking their asses in marketing for profit...
      • Agreed. Google would NEVER spy on us.

        Oh, my nose just grew larger...
        William Farrel
        • Android is Open Source.

          Show me Goggles spy code. The source code is available for inspection. Afterall Android is Open Source.
          Tim Jordan
          • Ok, once you show me Google Services like search in Android's code

            I will show. Now don't ever claim Android is OSS, because it is not totally.
            Ram U
        • Living in wonderland!

          You must me smoking crack mate. Google, Facebook, Twitter, Yahoo and every other major data store and/or service provider (i.e. Big data related) would be directly or indirectly supporting NSA. So there is no point to take it to heart:)
          • Re: indirectly supporting NSA

            Translation: "would be indirectly or directly supported by the NSA".
    • Who's government ?

      It doesn't matter because what ? Because the request came from the Unites States government ? Since when is the USA = God ? How about a request from Korea ? Is that Ok ? Grow up Americans.
      Tim Jordan
      • Sorry to say

        NSA IS GOD.

        Look at the recent case of award winning journalist Michael Hastings. If you recall he was the one who brought down General McChrystal in an exposee.

        Michael Hastings was about to do trump Snowden with an even bigger news story when last week he got up in the morning and as he was driving down the street his car exploded with such force before hitting a tree that the engine flew off and landed 40-50 yards away.
        Hacking automobile control systems through bluetooth, cellular, or whatever wireless signals it may use is child’s-play these days.

        The purpose of surveillance is to know what someone plans to expose about you before you do so and then to prevent it from happening.

        I suspect that this form of public assassination sent a message to a lot of journalists that you don’t mess with Daddy.
    • Pray tell fanboy

      Weren't we told Microsoft does not spy on their customers?
      Weren't we labeled 'haters' when we clearly communicated that we do not trust companies like Microsoft and do not intend to let them be part of our business?

      The eternal questions: Was it about money? Or was it for more money?
  • planting backdoors in their own products

    to decrypt their own encryption is really unheard of when protecting privacy. What about bitlocker, Microsoft? Now on, when you buy/use a proprietary software, think about a backdoor it very likely contains.
    This whole wiretapping scandal is actually not a fire, it's only a whitish smoke. The real fire is in the extent of legal immunity all members of this fraternity end up receiving.
    • Re: What about bitlocker

      Has anybody in the know ever had any doubts about the "security" of BitLocker?

      Years ago, the NSA (and friends) designed the proper encryption standards that anyone in the US business is supposed to use. Including 'strong' encryption involving chips etc... with proper backdoors.
  • And MS fan-boys love to make fun of Google

    It is time for them to take a dose of their own medicine!
    • don't get too comfortable banging on ....

      .... against Microsoft. This forced cooperation with NSA is going to affect every company domiciled in the USA.

      Google, Apple, Amazon, Microsoft etc. have to obey the laws of the USA.
      • Actually....

        ..who should challenge these laws but them? They do not just have to obey the laws of the USA, they have to abide by the laws of other countries they operate in just the same and these laws force them to break the law abroad. It would be up to them to challenge these laws and ask the supreme court that they cannot be mandated to break the law abroad. Instead, they address minuscule details. They have the cash and the legal departments to challenge these laws, in contrast to John Doe activist. The question is "Why don't they?" - and that question is going to cost them quite a bit of business internationally.
        • It appears these companies are also prevented from challenging these laws,

          or even comment on them. It's eEasy to pass armchair judgments without knowing what Microsoft and others are actually allowed to disclose.
    • Odd. I mentioned no company by name, Restricted_access

      only that all companies will fall under both sides, a generic statement for all of this.

      Yet the first company you thought of when I said "a corporate entity acting on it's own interests, where what shampoo you buy, or who you voted for on American Idol IS of great importance to them in reference to how much money they can make with that info" was Google.

      Should we be surprised?
      William Farrel
  • And how about this scenario....

    A business to business email, containing information about an impending company takeover, is viewed by a "security analyst" working for the NSA or some other element of the Five Eyes network. This information is very commercially valuable and the security analyst likes to have a flutter on the stock market. All of a sudden, seemingly innocuous information, of the sort that most people would regard as not worth even thinking about, is open to massive abuse.

    Yeah, we trust the government... and all their employees ... don't we?