Microsoft sucked into ever-growing NSA vortex: who's next?

Did Microsoft's "reasonable assistance" go too far, becoming an NSA branch office and betraying their customers? What about other service providers?
Written by Stilgherrian , Contributor

With every new day that journalists dig through the secret files released by Edward Snowden, with every new astonishment as we discover the sheer enormity, nay, the truly pan-galactic scale of the NSA's baleen whale of surveillance, scooping up every nybble and bit of data that might contain, somewhere in its subatomic structure, the hint of an odour of a dream of a terrorist plot, the more I think that the great American writer Hunter S Thompson has already specified the only recipe that could possibly brace our minds to cope with this insanity.

"We had two bags of grass, seventy-five pellets of mescaline, five sheets of high powered blotter acid, a salt shaker half full of cocaine, and a whole galaxy of multi-colored uppers, downers, screamers, laughers... and also a quart of tequila, a quart of rum, a case of Budweiser, a pint of raw ether and two dozen amyls," said Raoul Duke, the drug-addled protagonist of Thompson's 1971 novel Fear and Loathing in Las Vegas.

"Not that we needed all that for the trip, but once you get locked into a serious drug collection, the tendency is to push it as far as you can."

The NSA has shown that once you get locked into a serious data collection, the tendency is to push that as far as you can too.

Once the NSA was tasked with collecting international communications and data, and analysing it for foreign intelligence matters. Now it seems to be tasked with gathering well, pretty much everything about everything by everyone everywhere.

The NSA's allies in the Five Eyes nations have been lending a hand, including the UK's Government Communications Headquarters (GCHQ). Yet even the UK's security service MI5 has complained that things have gone too far. The backlash against the NSA isn't your everyday gripe about over-enthusiastic spooks colouring outside the lines of the law.

No less a security luminary than Bruce Schneier has called the NSA's surveillance programs "unconstitutional". He's joined the board of the Electronic Frontier Foundation (EFF), one of the most influential digital rights and civil liberties lobby groups, and wants the programs shut down.

We can expect some tough political negotiating. The NSA reckons it's simply extending its work into the cyber realm to protect us from emerging cyberthreats. Its opponents reckon they've crossed the line into a surveillance state, and that for all their talk of terrorists we'd be better off launching a war against bathtubs.

Such matters extend into a political realm that extends beyond the remit of these technology news pages. But today's news from The Guardian — that Microsoft has given the NSA access to email flowing through Outlook.com at a "pre-encryption stage", that they helped the NSA circumvent Skype's video encryption, and much more — raises a question that goes to the very heart of the technology industry.

"Who do you serve?"

As The Guardian points out, Microsoft's latest marketing campaign includes the claim: "Your privacy is our priority." The privacy policy for Microsoft-owned Skype says: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

Clearly that's not the full picture.

Particularly if you're a Microsoft customer in a country that's, oh, not America.

Microsoft is hardly a renegade outfit. It has to follow the law and cooperate with lawful requests from intelligence services, and there is such a thing as lawful communications interception. But there's a difference between providing reasonable assistance where it's appropriate, while still working hard to prevent the transfer of customer data — that's what Microsoft promised, remember — and doing the exact opposite by becoming what is, in effect, a branch office of the NSA.

Raoul Duke's substance abuse might excuse him for not perceiving the conflict of interest here. A rationally managed corporation has no such excuse.

Over coming weeks we'll presumably hear how other major technology and communications companies across the Five Eyes nations have approached these issues.

Indeed, as reported on Friday, Telstra signed an agreement in 2001 with the FBI and US Department of Justice to retain metadata on communications carried across its cable linking Asia to the US.

"Telstra, at the time majority owned and controlled by the Howard Government, struck a deal to allow 24/7 surveillance of calls going in and out of the United States, including calls made by Australians. The cables in question are operated by Telstra subsidiary Reach, which controls more than 40 major telecommunications cables in the region, including cables in and out of China and Australia," Greens communications spokesperson Scott Ludlam said.

Snowden's document dump has already triggered the biggest questioning of the Five Eyes intelligence agencies' powers in decades, but now it seems there's still much more to come. The questions are moving beyond the power relationship between those agencies and ordinary citizens, to wider questions about the role of the industry itself, and how vendors should balance the conflicting interests of customers, citizens and governments.

The rise of private, encrypted communications services like Silent Circle suggests that the right balance might lie elsewhere. But then so does the rise of services like Kim Dotcom's Mega.

And the political question could even become a personal one for every employee. "When they finally dismantled the surveillance states of the early 21st century, were you just following orders?"

It's a long road ahead. Better open that tequila.

Editorial standards