"We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it."
One down, several to go. If I were Google/Facebook/Yahoo executives I would be very worried right now as to what soon-to-be-released revelations say about their NSA cooperation. Sure, they may have only done that which was compelled by FISC order, but that won't preclude them from being perceived as culpable.
The interesting conflict to me is that Google et al don't appear to be fighting this battle. When it comes to other things, they are in the streets, funding lobbyists, building protest websites, and so on. But this, which threatens their entire business model (essentially trust-based), they haven't made a peep about.
It may just be a gag order thing, sure. But with the level of access required for stuff like this, I don't think they could shut the whole team up. How many people worked on this Microsoft back door? It can't have been less than a couple dozen at least. And none of them raised the issue or let someone know, a journalist for instance, or publicly raised the question?
It makes me wonder about the true extent of the programs we're freaking out about. I mean, of course they exist and they're big and threatening, but I don't buy that they could combine complete access with complete secrecy. They need the cooperation of the companies, and the companies, by NSA standards, just aren't trustworthy enough. In fact, they're full of wild cards like Snowden, denizens of newsgroups, IRC, 4chan, etc, who would LOVE to be the one to blow up an NSA attempt to write a back door into Skype.
Maybe they did, and it all faded away. But it just seems strange to me that so little has been said about the elephant that must surely have been in everyone's room for the last few years.
Honest question: how does that article contradict that statement? Everyone is bouncing off the walls about this but I honestly can't see where the story is. Microsoft + others enable NSA to access customer data when presented with court order. You can agree or not agree but is it really a shock?
Well that quote may be a technically accurate statement. They don't "provide" data directly to the NSA with out a secret FISA order. But, the new leak article seems to suggest that they weaken their cryptography, perhaps turn over private keys, re-architect their topology, and adjust their technology to allow the NSA to trivially easily intercept/get the data of every single Microsoft technology user.
A little bird told me that Microsoft was the most "helpful" out of all the big tech companies. If this new article is accurate, I hope that statement also was. I'm rather pro-US/NSA. But, even I find this new leak very disturbing
if it's accurate and true.
Being realistic, I bet all the other big American tech companies are doing similar things. For example, my thinking is still that FB gives law enforcement a "god view" of all information and communications (even if it is in a round about way, like Microsoft allegedly does).
This latest release does not contradict that. They provide user data for accounts under surveillance in real time. To place an account under surveillance, the government needs a valid court order for that account.
This document just says that surveillance was broken for chats when they did the outlook.com upgrade, but that has since been fixed.
What's sad that I'm neither surprised nor shocked about Microsoft doing this. If we hear the same about Facebook or Apple I'm not likely to be surprised either. If/when we hear the level of Google's involvement, that will be very interesting, because although a lot of people suspect that Google invades people's privacy, we've never really had any concrete proof or examples of it.
I don't get Microsoft. Are they really that hypocritical to the core and so shameless? Why in the world would they launch a "privacy" campaign against Google when they're in a glass house themselves, and so vulnerable? Why the hell would they even put themselves on the spotlight like that?
Or are they really that comfortable with lying, that they have no problem attacking others over something, even though they are just as bad, or worse(as this revelation seems to imply) Giving pre-encryption access to NSA? Really Microsoft?
To make things worse, they've just put the guy who came up with that Scroogle crap in charge of their whole marketing department, so expect a lot more hypocritical/nasty stuff like that from Microsoft in the future:
The people making these campaigns may actually be ignorant. When I was at Microsoft (long, long ago), there were portions of some source trees that were covered by security or NDAs and nobody except for the very few people signed on (and builders) could look at or know about them. For example, when Intel had a new chip, the specific developers and testers working on them would be under NDA and the tree secured so that only they could see the work on the code generators until they were released. And that's just for NDAs - I can't imagine what happens for the code or infrastructure support required for the NSA. The only reason I knew about the chip stuff is I owned the source trees in DevDiv for a while.
So, it's entirely possible that the _entire_ Skype team except for a dev, tester, "security coordinator," and one partner-level person were in the dark about this support and actually believed their marketing.
It's still a terrible situation, but it's not necessarily hypocracy/lying/nasty on the part of the people making up the campaigns.
Is there any information that the marketing department at MS was even aware of the PRISM program? It's likely that that program was need-to-know, and anyone who did know couldn't stop MS marketing from doing a campaign based on privacy because that would be revealing a Top Secret program.
Microsoft often "competes" by trying to strangle competitors revenue streams even when outside their core business, where they are happy to lose billions on Bing and their online division if it also reduces Googles primary revenue stream: http://www.zdnet.com/blog/btl/microsofts-online-sinkhole-8-5...
Since Google's products are essentially "free" to end users, they don't criticize them on value, so they build an anti-Google campaign against how Google makes money, i.e. their strategy of targeted advertising.
I would imagine that very few people in high levels of the company knew about this.
I can't exactly blame them for the marketing campaign... just imagine you work for Microsoft's marketing division... Apple/Google are completely destroying you and your company has missed the boat almost every major technological revolution of the last decade (internet, mobile, etc).
How would you exactly convince people to switch to your companies products? At the time, there was a lot of fear around Google's data collection and what they might do with it, so it's unsurprising this is the route they took (although anyone sensible would assume that Microsoft of all companies would be just as bad if not worse).
How is giving access to the government according to the law of the land the same privacy-wise as data mining personal emails to show ads?
The point of the privacy campaign was that Google mines the contents of personal email messages to show ads and to build your Google ad profile while Outlook.com doesn't.
What's hypocritical about it?
I don't like their campaigns either but lets call a spade a spade and not resort to hyperbole and needless namecalling.
"Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats"
"For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
"analysts will no longer have to make a special request to SSO", "this new capability will result in a much more complete and timely collection response". "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."
"One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture',"
Well, did you expect "privacy" to imply that your data would not be released to the government following legal requests for it? I always assumed it meant that they wouldn't share it with other businesses, but maybe that's just me.
Analogously, if one of the major phone providers started selling information to marketers, including what times of day I made phone calls, would it be inappropriate for a competitor to create a marketing campaign around "privacy" highlighting that they don't do similar things? Would you complain that since the government can still get a wiretap and listen to private conversations, there really isn't a meaningful privacy difference?
I think the best part is that Microsoft has been bragging about how they care about privacy so much more than Google therefore you should use their products/services, and now they just got caught red handed doing the worst possible privacy violations in the book.
To play devil's advocate here, what else would people have Microsoft do? Is there a scenario in which they can successfully resist enabling surveillance features in their products while operating in the US?
CALEA applies to telecommunications providers, which is a label that would seem to clearly apply to Skype. http://en.wikipedia.org/wiki/Calea
Are major companies based or operating in the US allowed to provide secure email and/or data storage without options for lawful surveillance from law enforcement?
If people do not like these policies and the cooperation from the companies operating them, I think the proper place to direct your anger is at the laws that require them to cooperate.
To play devil's advocate here, what else would people have Microsoft do? Is there a scenario in which they can successfully resist enabling surveillance features in their products while operating in the US?
Do you think the government would jail someone of Steve Ballmer's stature if he talked openly about what the government has asked of Microsoft. Because of his position he is much more protected from criminal action than almost anyone else. The reason he doesn't reject government requests is more likely that it would be bad for business not that he would suffer legal consequences.
... I think the proper place to direct your anger is at the laws that require them to cooperate.
I see the law as allowing them to cooperate. It gives them cover for not protecting the privacy of individual citizens.
> Is there a scenario in which they can successfully resist enabling surveillance features in their products while operating in the US?
Replace "in the US" with "in Nazi Germany" or "in Soviet Russia" and you'll see how chilling that sentence is. They're just following orders. It's the utter banality of evil.
"Are major companies based or operating in the US allowed to provide secure email and/or data storage without options for lawful surveillance from law enforcement?"
Compare 47 USC §1002(b)(3):
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
Also, (b)(1):
This subchapter does not authorize any law enforcement agency or officer—
(A) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services; or
(B) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
Finally, (b)(2):
The [interception capability] requirements of [...] this section do not apply to [...] information services [...]
I agree that the anger should be directed at the laws, but the problem is that we are so woefully uninformed about those laws. And not just that we're not paying enough attention - these laws are being formed and executed in secret! How can you take action against something you don't know exists?
To play devil's advocate here, what else would people have Microsoft do? Is there a scenario in which they can successfully resist enabling surveillance features in their products while operating in the US?
Take $5B out of the cash pile. Lobby to dismantle the laws or severely weaken it.
As a Microsoft contractor, I'm confused about how to feel and how to move forward. Sometimes I feel like I'll be enabling some of these practices by continuing be a contracted worker, and that this community will in part be blaming me for this situation.
These are some of the biggest corporations in the world, with resources to push back on behalf of their users---if they wanted to. Heck, at least Yahoo did something. At some point the PRISM collaborators took a calculated risk that their users would not find out, or if they did, it would be of no consequence to their business. Maybe it was the classified assurances, or maybe the whole "direct access" line for deniability. I may not have any say in NSA programs or secret courts, but I'm still a consumer and techie and can vote with my money and time. I'm gonna do my best not to support companies that actively build a surveillance state.
Protest. Lobby. Seek publicity. Take the government to court. Put up a fight.
Note that when the EU data retention directive (which is often used here under the header "see, others are doing it to", even though it doesn't even come close to what the NSA does) was initiated, that's exactly what many telecom providers and ISP's did, before and after this came into affect. It didn't stop it, but it least it has brought it out into the open, making it an (still ongoing) public issue.
The remarkable part of what's happening in the US is the utterly quiet and extremely forthcoming complicity of major companies who otherwise don't seem to have any problem throwing a lot of resources at manipulating governments foreign and domestic.
And in the case of Microsoft, in it's monopolists heydays, even up to the point of structurally breaking the law.
Also, it's not like they are only quiet about it because the law tells them so: they actively deny it, hell, they even advertise with pure lies about the privacy of their services.
These companies aren't victims anymore. They are complicit.
Lastly, it should be quiet obvious that with absolutely no restriction in the wiretapping of foreign nationals, they are breaking the law in every country they do business in. Those foreigners, like myself, have no voice in US legislation.
From my perspective as a non-American, Microsoft is complicit in a full frontal attack on our civil liberties. We can't stop the US government, but we can certainly stop Microsoft e.a. from doing business here.
they're can't be trusted, that's all that matters, how about us that that live outside? MSFT isn't putting a notice on it's homepage for people outside that it can't do anything about our rights, they sell the exact opposite image, and the internet is sold to everyone as a humankind treasure... if they can't do anything about it they could at least be honest, but they all just keep doubling down on the lies
I must be in the minority here, but I'm no more concerned now than before reading this, and I'm still not super concerned if it works the way I think it does. It doesn't answer the main question of HOW MANY USERS are being watched like this.
We already knew from Prism that Microsoft is providing data to the NSA, and we already knew that it included real time video, emails, messages, etc. So this is more of a behind-the-scenes of how it's done, but if you stopped to consider before what Prism meant then it sort of implies everything here.
BUT, I still don't know whether this tapping of Skype calls, providing of decrypted messages, etc, applies only to a few specific people who the government has warrants for, or for all of Microsoft's users. I still think it's the former based on that Prism slide that said it cost $10M/yr, which is clearly not enough to handle ALL of Microsoft's and Google's and Apple's data.
If anything, I applaud Prism in that it's just a more efficient way of doing what the NSA is already cleared to do.
I'm MORE concerned about the warrantless Verizon metadata tracking for millions of subscribers, Clapper's lies before Congress about said data, the DoJ classifying the FISC's rulings that something or other is unconstitutional, the inability of companies to discuss NSLs.
But this release is just clarification on what we already knew, and we still don't know whether PRISM is oh-my-god-the-government-is-tapped-into-everything or just a convenient front-end on the government's warrant-obtained data (which is a good thing, AFAICT).
On April 5, according to this slide, there were 117,675 active surveillance targets in PRISM's counterterrorism database. The slide does not show how many other Internet users, and among them how many Americans, have their communications collected "incidentally" during surveillance of those targets.
Yes, it's a fairly detailed description of how it's done, but to me this information doesn't seem to broaden the scope or intrusiveness of the surveillance apparatus that has been uncovered so far, the convenient interface for warranted querying that is PRISM.
Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio
This is pretty scary. When you talk about emails, it's sort of "impersonal". But collecting audio and video data from your casual chats on Skype is a fucking break in.
Think how many private business meetings have been conducted over Skype. Anything from board meetings, sensitive HR issues, acquisition or takeover discussions, to new product roadmaps.
Now think about all that corporate espionage material being in the hands of the government.
Think about how much private sexual activity between physically separated partners is conducted over Skype. Anything from a lonely grunt serving in the military trying to get a little private time with his wife back at home, to outright video sex between a prostitute or camgirl (or camboy) with a john (or jane).
Now think about all that blackmail material being in the hands of the government.
I'm sure the NSA can hardly wait for XBone's to start showing up in people's houses.
"The telescreen recieved and transmitted simultaneously. Any sound Winston made, above the level of a very low whisper, would be picked up by it; moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever the wanted to. You had to live- did live, from habit that became instinct- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized."
-1984, Book 1, Chapter One, George Orwell
>In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:
>The articles describe court-ordered surveillance – and a US company's efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.
>They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."
Does anyone else get the impression that this is an attempt by the government to limit commercial damage to these companies that may result from the revelations and subsequent exodus of customers? I imagine that, while they're certainly lobbying for increased transparency, tech companies are putting a great deal of pressure on the government to take the blame for the programs and emphasize that the companies had no choice.
Allow me to be surprised this time, I don't see much new here, compared to what we already saw about Prism (all the slides). Maybe the only thing newsworthy this time is that additional documents confirm that Prism exist?
I applaud this article of course, as it gives less chance for unnatural interpretations of the slides that we saw by pro-status-quo writers ("it's not really a direct access") -- now we have additional confirmations it's a "query API" access and a "start real time monitoring" access.
Unrelated, I'm impressed with the absolutely perfect timing for an article on the day when Microsoft presents the new reorg. Heh.
My question remains can anybody recognize something otherwise new here?
"It has been suggested that as a result of recent architecture changes Skype now monitors and records audio and video calls of our users.
False.
The move to in-house hosting of “supernodes” does not provide for monitoring or recording of calls. .."
There are more paragraphs that follow, but they can honestly say they didn't lie, since obviously they had the functionality to monitor and record the calls even before they introduced the supernodes so it is false that they introduced the supernodes for that, but it is not false that the Skype conversations can and are monitored by authorities.
Note that it's by law the job of FBI to do such monitoring, when it's about US citizens, and it's NSA's job for non-US citizens. Microsoft is definitely not breaking any laws. So when they say that it's all lawful what they do it's also true.
On a related note, I don't know how many more documents there are that Snowden provided to Greenwald or that will be released to the public but I certainly hope that they keep coming for a looooong time.
U don't consider PRISM such a big deal, to be honest.
Yes, they spy on innocent people, in an attempt to flush out (or whatever the term is) the dangerous or potentially dangerous ones. However, I genuinely doubt my privacy is very compromised, because I refuse to believe someone is getting paid to sit and read through Facebook posts or messages about my obsession with Supernatural (great TV show on CW), or read through "IF YOU DONT SEND THIS TO 7 OTHER PEOPLE A PIANO FROM THE HEAVENS WILL CRUSH YOU INTO THE PAVEMENT" emails my neighbour is forwarding.
Also, I have a friend who talks in acronyms most of the time (over Skype chat) and I have a file called deectionary.txt (her name is Dee) with around 200 lines, I find it very amusing to think some analyst spent hours trying to decode her message because it contained "bomb" in what looks like "mtwbi bombing m/i shc play asg ol" which means (used near-real example) "my twat brother is lagging my Internet so he can play a stupid game online". She has no disability, she's just very "efficient," I guess!
Besides, I don't have anything to hide, so I don't really care. If I had some top secret business I needed to attend and would care to keep secret from the NSA or CIA, I would probably (as would many of you here, too I believe) make my own thing to do the job, because I wouldn't take someone's word that they give a rat's furry bottom about my privacy.
"ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."
I have a feeling the FTC won't go after them for violating truth-in-advertising laws.
A well placed (Russian) friend told me recently that the KGB (and whatever name it goes by now) still uses typewriters (yes, mechanical, ink based thingos) for all internal documentation and correspondence, and that electrical/digital devices are banned in most secure areas.
In other words, they realized decades ago that if you value your privacy, get as far away as possible from a computer, especially one connected to the internet.
This slogan now deserves to live on in infamy alongside other prominent examples of doublespeak, like Plays for Sure•, and Don't be evil°.
What concerns me in these responses from Microsoft is the distortion of the term lawful to include any request from the NSA. If you change the meaning of words like lawful, domestic and intercept, you can of course make anything legal in some sense, but distorting meanings like that is very dangerous, and using secret interpretations of it really damages our confidence and trust in the rule of law. That said I can't see any difference on this issue between MS and any other US tech giants, apart from Twitter, who are to be commended for staying out of this program. With the breaking of encryption on things like outlook chats and delivery in real time, it appears we simply can't trust any guarantees of privacy from these companies at all. Even if they did implement client-side encryption, they'd still feel obliged to break it for the NSA (and its many partners worldwide), so no offering from them is going to protect our privacy.
This was interesting too from one of the documents:
"enables our partners to see which selectors the National Security Agency has tasked to Prism...The FBI and CIA then can request a copy of Prism collection of any selector"
This indicates that any NSA PRISM search can be accessed by any one of these agencies, so once it is in the system, this information will spread widely. Given the guidelines on access of the NSA, that could include all foreign data being automatically available to any FBI or CIA agent. I wonder if they have any limits on access to 'foreign' data at all?
° As long as you're American, and not covered by a bulk court order by the NSA, and not encrypting anything, and not communicating outside the US, and don't have a 51% chance of communicating outside the US (what does that even mean?).
I bet that Microsoft engineer who told us Skype was not re-built for spying is feeling pretty silly right now.
I know his excuses seemed "reasonable" (if you're a smart liar, you don't try to blatantly bullshit someone on their face - you find a "good reason" to hide it), but it was no less of a bullshit excuse as Microsoft's earlier rejection of WebRTC (and they ended up supporting it anyway - guess they didn't feel that strongly about that security claim to begin with).
This was the same way. Yes, it may have improved Skype's reliability a little bit, but I honestly doubt that was the main purpose for doing it. As we learn in this revelation, they don't seem to have a problem with adapting their service to suit NSA.
The bigger deal here to me is the data sharing. Who cares if one agency isn't allowed to spy on Americans? Or if another agency has this or that court oversight? All the data collected is shared between the NSA, FBI, CIA, foreign intelligence, etc. This means regardless of who you are or what you are doing, there's someone who has the authority to spy on you, and now they have all your data as well.
[+] [-] pvnick|12 years ago|reply
"We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it."
One down, several to go. If I were Google/Facebook/Yahoo executives I would be very worried right now as to what soon-to-be-released revelations say about their NSA cooperation. Sure, they may have only done that which was compelled by FISC order, but that won't preclude them from being perceived as culpable.
[+] [-] devindotcom|12 years ago|reply
It may just be a gag order thing, sure. But with the level of access required for stuff like this, I don't think they could shut the whole team up. How many people worked on this Microsoft back door? It can't have been less than a couple dozen at least. And none of them raised the issue or let someone know, a journalist for instance, or publicly raised the question?
It makes me wonder about the true extent of the programs we're freaking out about. I mean, of course they exist and they're big and threatening, but I don't buy that they could combine complete access with complete secrecy. They need the cooperation of the companies, and the companies, by NSA standards, just aren't trustworthy enough. In fact, they're full of wild cards like Snowden, denizens of newsgroups, IRC, 4chan, etc, who would LOVE to be the one to blow up an NSA attempt to write a back door into Skype.
Maybe they did, and it all faded away. But it just seems strange to me that so little has been said about the elephant that must surely have been in everyone's room for the last few years.
[+] [-] Afforess|12 years ago|reply
Oh how times change.
[+] [-] jaimzob|12 years ago|reply
[+] [-] vabmit|12 years ago|reply
A little bird told me that Microsoft was the most "helpful" out of all the big tech companies. If this new article is accurate, I hope that statement also was. I'm rather pro-US/NSA. But, even I find this new leak very disturbing if it's accurate and true.
Being realistic, I bet all the other big American tech companies are doing similar things. For example, my thinking is still that FB gives law enforcement a "god view" of all information and communications (even if it is in a round about way, like Microsoft allegedly does).
[+] [-] lern_too_spel|12 years ago|reply
This document just says that surveillance was broken for chats when they did the outlook.com upgrade, but that has since been fixed.
[+] [-] mikegerwitz|12 years ago|reply
This also provides some answers to http://www.skypeopenletter.com/.
[+] [-] mikelat|12 years ago|reply
[+] [-] thenewkid|12 years ago|reply
[+] [-] mtgx|12 years ago|reply
Or are they really that comfortable with lying, that they have no problem attacking others over something, even though they are just as bad, or worse(as this revelation seems to imply) Giving pre-encryption access to NSA? Really Microsoft?
To make things worse, they've just put the guy who came up with that Scroogle crap in charge of their whole marketing department, so expect a lot more hypocritical/nasty stuff like that from Microsoft in the future:
http://www.businessinsider.com/mark-penn-microsofts-master-o...
[+] [-] larsberg|12 years ago|reply
So, it's entirely possible that the _entire_ Skype team except for a dev, tester, "security coordinator," and one partner-level person were in the dark about this support and actually believed their marketing.
It's still a terrible situation, but it's not necessarily hypocracy/lying/nasty on the part of the people making up the campaigns.
[+] [-] secabeen|12 years ago|reply
[+] [-] mythz|12 years ago|reply
Since Google's products are essentially "free" to end users, they don't criticize them on value, so they build an anti-Google campaign against how Google makes money, i.e. their strategy of targeted advertising.
[+] [-] mikelat|12 years ago|reply
I can't exactly blame them for the marketing campaign... just imagine you work for Microsoft's marketing division... Apple/Google are completely destroying you and your company has missed the boat almost every major technological revolution of the last decade (internet, mobile, etc).
How would you exactly convince people to switch to your companies products? At the time, there was a lot of fear around Google's data collection and what they might do with it, so it's unsurprising this is the route they took (although anyone sensible would assume that Microsoft of all companies would be just as bad if not worse).
[+] [-] rgulati|12 years ago|reply
How is giving access to the government according to the law of the land the same privacy-wise as data mining personal emails to show ads?
The point of the privacy campaign was that Google mines the contents of personal email messages to show ads and to build your Google ad profile while Outlook.com doesn't. What's hypocritical about it?
I don't like their campaigns either but lets call a spade a spade and not resort to hyperbole and needless namecalling.
[+] [-] mythz|12 years ago|reply
Meaning:
"Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats"
"For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
"analysts will no longer have to make a special request to SSO", "this new capability will result in a much more complete and timely collection response". "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."
"One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture',"
[+] [-] kvb|12 years ago|reply
Analogously, if one of the major phone providers started selling information to marketers, including what times of day I made phone calls, would it be inappropriate for a competitor to create a marketing campaign around "privacy" highlighting that they don't do similar things? Would you complain that since the government can still get a wiretap and listen to private conversations, there really isn't a meaningful privacy difference?
[+] [-] mikelat|12 years ago|reply
[+] [-] brown9-2|12 years ago|reply
CALEA applies to telecommunications providers, which is a label that would seem to clearly apply to Skype. http://en.wikipedia.org/wiki/Calea
Are major companies based or operating in the US allowed to provide secure email and/or data storage without options for lawful surveillance from law enforcement?
If people do not like these policies and the cooperation from the companies operating them, I think the proper place to direct your anger is at the laws that require them to cooperate.
[+] [-] forgotAgain|12 years ago|reply
Do you think the government would jail someone of Steve Ballmer's stature if he talked openly about what the government has asked of Microsoft. Because of his position he is much more protected from criminal action than almost anyone else. The reason he doesn't reject government requests is more likely that it would be bad for business not that he would suffer legal consequences.
... I think the proper place to direct your anger is at the laws that require them to cooperate.
I see the law as allowing them to cooperate. It gives them cover for not protecting the privacy of individual citizens.
[+] [-] toyg|12 years ago|reply
Replace "in the US" with "in Nazi Germany" or "in Soviet Russia" and you'll see how chilling that sentence is. They're just following orders. It's the utter banality of evil.
[+] [-] schoen|12 years ago|reply
"Are major companies based or operating in the US allowed to provide secure email and/or data storage without options for lawful surveillance from law enforcement?"
Compare 47 USC §1002(b)(3):
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
Also, (b)(1):
This subchapter does not authorize any law enforcement agency or officer—
(A) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services; or
(B) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.
Finally, (b)(2):
The [interception capability] requirements of [...] this section do not apply to [...] information services [...]
[+] [-] tptacek|12 years ago|reply
http://paranoia.dubfire.net/2010/09/calea-and-encryption.htm...
[+] [-] devindotcom|12 years ago|reply
[+] [-] venomsnake|12 years ago|reply
Take $5B out of the cash pile. Lobby to dismantle the laws or severely weaken it.
[+] [-] stephengillie|12 years ago|reply
[+] [-] jlgreco|12 years ago|reply
[+] [-] tippytop|12 years ago|reply
[+] [-] loginalready|12 years ago|reply
Note that when the EU data retention directive (which is often used here under the header "see, others are doing it to", even though it doesn't even come close to what the NSA does) was initiated, that's exactly what many telecom providers and ISP's did, before and after this came into affect. It didn't stop it, but it least it has brought it out into the open, making it an (still ongoing) public issue.
The remarkable part of what's happening in the US is the utterly quiet and extremely forthcoming complicity of major companies who otherwise don't seem to have any problem throwing a lot of resources at manipulating governments foreign and domestic.
And in the case of Microsoft, in it's monopolists heydays, even up to the point of structurally breaking the law.
Also, it's not like they are only quiet about it because the law tells them so: they actively deny it, hell, they even advertise with pure lies about the privacy of their services.
These companies aren't victims anymore. They are complicit.
Lastly, it should be quiet obvious that with absolutely no restriction in the wiretapping of foreign nationals, they are breaking the law in every country they do business in. Those foreigners, like myself, have no voice in US legislation.
From my perspective as a non-American, Microsoft is complicit in a full frontal attack on our civil liberties. We can't stop the US government, but we can certainly stop Microsoft e.a. from doing business here.
[+] [-] Buzaga|12 years ago|reply
[+] [-] losvedir|12 years ago|reply
We already knew from Prism that Microsoft is providing data to the NSA, and we already knew that it included real time video, emails, messages, etc. So this is more of a behind-the-scenes of how it's done, but if you stopped to consider before what Prism meant then it sort of implies everything here.
BUT, I still don't know whether this tapping of Skype calls, providing of decrypted messages, etc, applies only to a few specific people who the government has warrants for, or for all of Microsoft's users. I still think it's the former based on that Prism slide that said it cost $10M/yr, which is clearly not enough to handle ALL of Microsoft's and Google's and Apple's data.
If anything, I applaud Prism in that it's just a more efficient way of doing what the NSA is already cleared to do.
I'm MORE concerned about the warrantless Verizon metadata tracking for millions of subscribers, Clapper's lies before Congress about said data, the DoJ classifying the FISC's rulings that something or other is unconstitutional, the inability of companies to discuss NSLs.
But this release is just clarification on what we already knew, and we still don't know whether PRISM is oh-my-god-the-government-is-tapped-into-everything or just a convenient front-end on the government's warrant-obtained data (which is a good thing, AFAICT).
[+] [-] ma2rten|12 years ago|reply
http://www.washingtonpost.com/wp-srv/special/politics/prism-...
[+] [-] eelke|12 years ago|reply
[+] [-] znowi|12 years ago|reply
This is pretty scary. When you talk about emails, it's sort of "impersonal". But collecting audio and video data from your casual chats on Skype is a fucking break in.
[+] [-] Asparagirl|12 years ago|reply
Now think about all that corporate espionage material being in the hands of the government.
Think about how much private sexual activity between physically separated partners is conducted over Skype. Anything from a lonely grunt serving in the military trying to get a little private time with his wife back at home, to outright video sex between a prostitute or camgirl (or camboy) with a john (or jane).
Now think about all that blackmail material being in the hands of the government.
[+] [-] hnha|12 years ago|reply
[+] [-] ratscabies|12 years ago|reply
[+] [-] redthrowaway|12 years ago|reply
>The articles describe court-ordered surveillance – and a US company's efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.
>They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."
Does anyone else get the impression that this is an attempt by the government to limit commercial damage to these companies that may result from the revelations and subsequent exodus of customers? I imagine that, while they're certainly lobbying for increased transparency, tech companies are putting a great deal of pressure on the government to take the blame for the programs and emphasize that the companies had no choice.
[+] [-] acqq|12 years ago|reply
I applaud this article of course, as it gives less chance for unnatural interpretations of the slides that we saw by pro-status-quo writers ("it's not really a direct access") -- now we have additional confirmations it's a "query API" access and a "start real time monitoring" access.
Unrelated, I'm impressed with the absolutely perfect timing for an article on the day when Microsoft presents the new reorg. Heh.
My question remains can anybody recognize something otherwise new here?
[+] [-] acqq|12 years ago|reply
http://blogs.skype.com/2012/07/26/what-does-skypes-architect...
"It has been suggested that as a result of recent architecture changes Skype now monitors and records audio and video calls of our users.
False.
The move to in-house hosting of “supernodes” does not provide for monitoring or recording of calls. .."
There are more paragraphs that follow, but they can honestly say they didn't lie, since obviously they had the functionality to monitor and record the calls even before they introduced the supernodes so it is false that they introduced the supernodes for that, but it is not false that the Skype conversations can and are monitored by authorities.
Note that it's by law the job of FBI to do such monitoring, when it's about US citizens, and it's NSA's job for non-US citizens. Microsoft is definitely not breaking any laws. So when they say that it's all lawful what they do it's also true.
[+] [-] jlgaddis|12 years ago|reply
[+] [-] sinak|12 years ago|reply
[+] [-] spoiler|12 years ago|reply
Yes, they spy on innocent people, in an attempt to flush out (or whatever the term is) the dangerous or potentially dangerous ones. However, I genuinely doubt my privacy is very compromised, because I refuse to believe someone is getting paid to sit and read through Facebook posts or messages about my obsession with Supernatural (great TV show on CW), or read through "IF YOU DONT SEND THIS TO 7 OTHER PEOPLE A PIANO FROM THE HEAVENS WILL CRUSH YOU INTO THE PAVEMENT" emails my neighbour is forwarding.
Also, I have a friend who talks in acronyms most of the time (over Skype chat) and I have a file called deectionary.txt (her name is Dee) with around 200 lines, I find it very amusing to think some analyst spent hours trying to decode her message because it contained "bomb" in what looks like "mtwbi bombing m/i shc play asg ol" which means (used near-real example) "my twat brother is lagging my Internet so he can play a stupid game online". She has no disability, she's just very "efficient," I guess!
Besides, I don't have anything to hide, so I don't really care. If I had some top secret business I needed to attend and would care to keep secret from the NSA or CIA, I would probably (as would many of you here, too I believe) make my own thing to do the job, because I wouldn't take someone's word that they give a rat's furry bottom about my privacy.
[+] [-] jivatmanx|12 years ago|reply
I have a feeling the FTC won't go after them for violating truth-in-advertising laws.
[+] [-] smegel|12 years ago|reply
In other words, they realized decades ago that if you value your privacy, get as far away as possible from a computer, especially one connected to the internet.
[+] [-] forgotAgain|12 years ago|reply
[+] [-] grey-area|12 years ago|reply
This slogan now deserves to live on in infamy alongside other prominent examples of doublespeak, like Plays for Sure•, and Don't be evil°.
What concerns me in these responses from Microsoft is the distortion of the term lawful to include any request from the NSA. If you change the meaning of words like lawful, domestic and intercept, you can of course make anything legal in some sense, but distorting meanings like that is very dangerous, and using secret interpretations of it really damages our confidence and trust in the rule of law. That said I can't see any difference on this issue between MS and any other US tech giants, apart from Twitter, who are to be commended for staying out of this program. With the breaking of encryption on things like outlook chats and delivery in real time, it appears we simply can't trust any guarantees of privacy from these companies at all. Even if they did implement client-side encryption, they'd still feel obliged to break it for the NSA (and its many partners worldwide), so no offering from them is going to protect our privacy.
This was interesting too from one of the documents:
"enables our partners to see which selectors the National Security Agency has tasked to Prism...The FBI and CIA then can request a copy of Prism collection of any selector"
This indicates that any NSA PRISM search can be accessed by any one of these agencies, so once it is in the system, this information will spread widely. Given the guidelines on access of the NSA, that could include all foreign data being automatically available to any FBI or CIA agent. I wonder if they have any limits on access to 'foreign' data at all?
° As long as you're American, and not covered by a bulk court order by the NSA, and not encrypting anything, and not communicating outside the US, and don't have a 51% chance of communicating outside the US (what does that even mean?).
• No longer
[+] [-] mtgx|12 years ago|reply
I know his excuses seemed "reasonable" (if you're a smart liar, you don't try to blatantly bullshit someone on their face - you find a "good reason" to hide it), but it was no less of a bullshit excuse as Microsoft's earlier rejection of WebRTC (and they ended up supporting it anyway - guess they didn't feel that strongly about that security claim to begin with).
This was the same way. Yes, it may have improved Skype's reliability a little bit, but I honestly doubt that was the main purpose for doing it. As we learn in this revelation, they don't seem to have a problem with adapting their service to suit NSA.
[+] [-] jlgaddis|12 years ago|reply
Since when is Redmond considered Silicon Valley?
[+] [-] dendory|12 years ago|reply