DecryptedTech

Tuesday27 September 2022

Microsoft Tries to Fight Back Against NSA Cooperation Claims


Reading time is around minutes.
microsoft sign 630 flickr

Microsoft is taking great exception to the reports of their cooperation with the NSA. It seems they do not feel the reports that they have given encryption keys, created backdoors or unrestricted access to their servers is fair. Instead they are releasing some information in the hopes that they can prove they did not do anything wrong. Sadly, as is always the case, what they leave out of their statements is as important as what is in them and there is some fairly eye opening information in their actual statement.

 

One of my personal favorite comments (which raises concerns about data storage for their customers) is:

“We do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency” - Brad Smith, Microsoft general counsel

Ok now, let’s take a look at that statement. On the surface it says they only comply with legal requests. According to the NSA, FBI, FISC (Foreign Intelligence Surveillance Court) and others the PRISM program is a legal program and all requests are legal. If they (the NSA) asked for every bit of data on their servers as part of a PRISM tasking then Microsoft would be covered by their statement. The fact that they hand over data without question or argument is not something that Microsoft is going to be able to disprove. However, there is a more troubling comment in there. Your content (email, chats, documents, etc.) sit on their servers in an unencrypted state. Yeah let me say that again; your content sits on Microsoft’s servers unencrypted.

This little factoid means there you are probably not being given the highest level of protection (more like no protection). At the very least your email and data should be given basic encryption to prevent it from being read by someone gaining access to the system illegally (which happens all the time). It also means (as Google found out) that technicians with the right access could read through user documents, email and even more private information. So this comment is like saying “I could not have done that because I am too stupid to do it”.

As we (and others) have stated time and time again these statements do not even begin to cover what Microsoft may or may not be doing in cooperation with the NSA. Although they (Microsoft) continue to push for the right to detail the number of requests they get that still does not tell us anything. If they receive an order from FISC it could cover thousands of users and only show up as one request. That is the fallacy of their continued PR campaign to show how “transparent” they are. Even Google gave up on that argument when this fact was pointed out.

In the meantime the Electronic Frontier Foundation (EFF) and a group of other advocates have filed suits against the DoJ, NSA, FBI, FISC and others for what they are calling dragnet surveillance. Their goal is to bring the case and the programs out into the open. The EFF says that these programs are a threat to society because they can affect the way people respond to what is happening. An example of this effect is finding out that a political organization might have their phone information (Metadata) monitored or flagged. If you call them your information could be thrown into that grouping. This could prevent people from becoming involved or organizing in fear of governmental repercussions; it is a subtle means of control.

The NSA and administration officials are coming under increasing pressure to explain exactly what is going on with these programs. They seem to feel that the NSA has overstepped their bounds and are acting illegally with their data collection practices. Rep. Zoe Lofgren (D-Calif.) Said "I think very clearly this program has gone off the tracks legally and needs to be reined in," She was not the only one that expressed concerns including the sponsor for the Patriot Act Rep. F. James Sensenbrenner Jr. (R-Wis.).

Sensenbrenner was very clear when he said that the NSA and others needed to change the way they operated or they would soon find Section 215 of the Patriot Act gone. We have a feeling that even without that section to cover them the NSA is not going to stop their work. All we will see is an attempt to push more laws like the Cyber Intelligence Sharing and Protection Act pushed through to protect the government and corporations from any and all liability. If they can get one of these passed they can maintain secrecy on their sharing and data collection which means there is little chance to find out what is being shared, with whom and why. At this point you can forget Congressional oversight and public discourse. Microsoft, Google, Yahoo, Facebook and others will be free to do what they want with your data and there will be nothing that can be done about it.

Tell us what you think in our Forum

 

Last modified on Wednesday, 17 July 2013 16:12

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.