Microsoft helped NSA circumvent its encryption, report says: July 2013

Monday, July 22, 2013

Report: Microsoft helped NSA circumvent its own encryption

Microsoft helped the U.S. National Security Agency circumvent the company's own encryption in order to conduct surveillance on email accounts through Outlook.com, according to a new report in the Guardian.

Microsoft-owned Skype also worked with U.S. intelligence agencies last year to allow them to collect video conversations through the service, according to the U.K. newspaper, citing secret documents. Microsoft also worked with the U.S. Federal Bureau of Investigation this year to allow easier access to its cloud storage service, SkyDrive, the Guardian reported.

Microsoft and Skype have both emphasized their privacy protections as a benefit of using their services. Microsoft has criticized Google's privacy practices, saying in its Scroogled campaign that Google shares personal information on the Android mobile operating system with app developers.

Skype's privacy policy reads: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

Microsoft, in a statement, said it follows "clear principles" when responding to government demands for customer information.

"First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes," the company said. "Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks."

Microsoft does not provide "any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product," the company added. "There are aspects of this debate that we wish we were able to discuss more freely."

The NSA routinely shares information it collects from Prism, its email and Web communications monitoring program, with the FBI and Central Intelligence Agency, the newspaper reported. One NSA document described Prism as a "team sport," the Guardian said.

The NSA's Prism program targets Internet communications of people outside the U.S., according to recent reports in the Guardian and other outlets. The U.S. Foreign Intelligence Surveillance Court has allowed the NSA to collect mass Internet communications when NSA officials believe that there is a 51 percent chance those communications come from outside the U.S., according to news reports.

A spokesman for the U.S. Office of the Director of National Intelligence didn't immediately respond to a request for comments on the new report.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Microsoft helped NSA, FBI access user info, The Guardian reports

The Microsoft logo is seen at their offices in Bucharest on March 20, 2013. Photo by Reuters

Jun. 22, 2013 | 3:38 AM |

Jun. 8, 2013 | 12:41 PM |

Microsoft Corp worked closely with U.S. intelligence services to help them intercept users' communications, including letting the National Security Agency circumvent email encryption, the Guardian reported on Thursday.

Citing top-secret documents provided by former U.S. spy contractor Edward Snowden, the U.K. newspaper said Microsoft worked with the Federal Bureau of Investigations and the NSA to ease access via Prism - an intelligence-gathering program uncovered by the Guardian last month - to cloud storage service SkyDrive.

Microsoft also helped the Prism program collect video and audio of conversations conducted via Skype, Microsoft's online chat service, the newspaper added.

Microsoft had previously said it did not provide the NSA direct access to users' information. On Thursday, it repeated that it provides customer data only in response to lawful government requests.

"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product," the company said in a statement on its website.

Facebook Inc, Google Inc and Microsoft had all publicly urged U.S. authorities to allow them to reveal the number and scope of the surveillance requests after documents leaked to the Washington Post and the Guardian suggested they had given the government "direct access" to their computers as part of the NSA's Prism program.

The disclosures have triggered widespread concern and congressional hearings about the scope and extent of the information-gathering.

Sunday, July 21, 2013

Microsoft: Your Privacy Is Our Priority. No, Seriously. Stop Laughing!

Microsoft's cooperation with the National Security Agency isn't quite as extensive as the latest in the Guardian's series of reports on U.S. electronic surveillance efforts claims. This according to the software giant itself, which issued a statement Friday denying that it had helped the NSA circumvent its own encryption systems in order to monitor audio, video and email communications across services like Skype and Outlook.

"Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product," the company said in a response to the Guardian's report, which detailed its participation in the NSA's Prism surveillance program. Based on documents provided to the publication by Edward Snowden, that report claimed Microsoft not only gave the NSA pre-encryption stage access to Outlook.com email, but helped it monitor its Skype video chat and SkyDrive cloud storage services, as well.

Microsoft - ironically, still in the midst of a big " Your privacy is our priority " marketing campaign - disputes those allegations, but only to a point. Like other big tech companies mired in this surveillance controversy, it claims it only provides the NSA with access to customer data "in response to legal processes."

"We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues," Microsoft said. "We only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks."

That's a principled bit of reassurance, but it's largely empty without hard information about the legal queries Microsoft fields and how it handles them. And unfortunately for Microsoft, it can't really comment further, thanks to gag orders and other legal restrictions on such disclosures - though it says it really would like to.

"There are aspects of this debate that we wish we were able to discuss more freely," Microsoft said. "That's why we've argued for additional transparency that would help everyone understand and debate these important issues."

Below, Microsoft's statement in full:

In response to an article in the Guardian on July 11, Microsoft issued the following statement:

"We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues.

First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes. Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate. To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues."

Microsoft hits out at NSA reports and Obama Justice department

Microsoft Corp. says it's been getting a raw deal, subject to what it complains are exaggerations of its compliance with US government data collection deals but also bound by a gag order from the Obama Justice Department that prevents it from fully defending itself.

The Guardian reported on July 11, citing files provided by former National Security Agency (NSA) contractor Edward Snowden, that "Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption."

The paper reported that Microsoft "helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal"; that the agency "already had pre-encryption stage access to email on Outlook.com, including Hotmail;" and that Microsoft "worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide."

Hogwash, says Microsoft General Counsel Brad Smith in a blog post released on a company website yesterday.

In a letter to Attorney General Eric Holder also sent yesterday, Mr. Smith complained that the government has been slow to respond to requests by Microsoft and other companies mentioned in stories connected to Mr. Snowden's leaks that they be allowed to publicly address the nature and extent of their cooperation with the government. "In my opinion, these issues are languishing amidst discussions among multiple parts of the Government, the Constitution itself is suffering, and it will take the personal involvement of you or the President to set things right," Smith wrote to Mr. Holder.

In his blog, Smith complains "there are significant inaccuracies in the interpretations of leaked government documents reported in the media last week. We have asked the Government again for permission to discuss the issues raised by these new documents, and our request was denied by government lawyers."

RECOMMENDED: NSA surveillance 101: What US intelligence agencies are doing, what they know

He then goes on to disclose what he can. He writes: "We do not provide any government with direct access to emails or instant messages. Full stop." He writes that Microsoft provides access to information only in response to court orders and warrants, that it has not given the US or any other government access to its encryption keys or a means to break its encryption, and that "we do not provide any government with the technical capability to access user content directly or by itself. Instead, governments must continue to rely on legal process to seek from us specified information about identified account."

This doesn't necessarily mean one or the other side is wrong or lying on all of this. For instance, the Guardian wrote that the NSA "already had pre-encryption stage access to email on Outlook.com, including Hotmail." It could theoretically have that access without any help from Microsoft, and Smith does not categorically state what the NSA might have access to - just what Microsoft has or hasn't done.

Likewise with this claim in the Guardian article: "In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism (a US government data collection and analysis program)." It's certainly possible that NSA's "new capability" was created without the help or knowledge of Microsoft. Smith certainly doesn't rule it out.

"All of us now live in a world in which companies and government agencies are using big data, and it would be a mistake to assume this somehow is confined to the United States," he writes. "Agencies likely obtain this information from a variety of sources and in a variety of ways, but if they seek customer data from Microsoft they must follow legal processes."

But Smith rejects the assertion of closer collaboration made in the Guardian article. He writes:

Cutting through the technical details, all of the information in the recent leaked government documents adds up to two things. First, while we did discuss legal compliance requirements with the government as reported last week, in none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption. Second, these discussions were instead about how Microsoft would meet its continuing obligation to comply with the law by providing specific information in response to lawful government orders.

What does Microsoft want to share publicly that it says the Obama justice department is preventing? I'd sure like to know. Smith strongly implies that it's important, and relevant. And while the company disagrees with some of the assertions made by Snowden and the Guardian, they're in agreement with Snowden that something unconstitutional is going on. Smith concludes:

"The world needs a more open and public discussion of these practices. While the debate should focus on the practices of all governments, it should start with practices in the United States. In part, this is an obvious reflection of the most recent stories in the news. It's also a reflection of something more timeless. The United States has been a role model by guaranteeing a Constitutional right to free speech. We want to exercise that right. With U.S. Government lawyers stopping us from sharing more information with the public, we need the Attorney General to uphold the Constitution."

And this gets to the heart of the matter stemming from the Snowden revelations. There has been a proliferation of secret warrants and secret orders in the past decade, many from the Foreign Intelligence Surveillance Court, whose rules require secrecy compliance from private companies and individuals.

Snowden with his leaks has basically argued that the government's mantra of "trust us" is overblown. Now Microsoft, albeit for different reasons, is saying the same.

Microsoft let NSA bypass encryption on mail, chats and cloud storage, says ...

July 11, 2013 at 5:15 PM ET

Microsoft worked with the National Security Agency and the FBI to provide the agencies with the encryption workarounds they needed for access to Skype video calls, Outlook Web chats and email, and information stored on Microsoft's cloud-based SkyDrive, according to new information shared by NSA leaker Edward Snowden with the Guardian newspaper.

In the latest round of disclosures about data-gathering practices of law enforcement in a program known as "Prism," Microsoft "has collaborated closely with U.S. intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian," the newspaper reported Thursday.

The new files "provided by Edward Snowden illustrate the scale of cooperation between Silicon Valley and the intelligence agencies over the last three years," the Guardian said.

Microsoft, in a statement to NBC News, did not address the encryption workaround specifically, but said, "We only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product."

The company said when it upgrades or updates products, "legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues."

ACLU principal technologist Chris Soghoian told NBC News that the new revelations show that "time and time again, companies that specifically advertise their services as privacy protecting have been forced to circumvent those privacy protections to enable the government to spy on their customers."

Microsoft isn't the only technology company believed to be cooperating with the government to share data, but it is the first to have more details revealed since the initial disclosures last month by Snowden.

At that time, he said that Microsoft and other technology companies like Google, Facebook, Apple, Yahoo and AOL were allowing the FBI and NSA to look at Americans' video, audio, photos, emails and other data files under what is known as the Prism program. Most of the companies, including Microsoft, have since requested government permission to share the information requests that have been made to them.

According to the information shared by Snowden with the Guardian, Microsoft "helped the NSA to circumvent its encryption to address concerns that the agency would be able to intercept Web chats on the new Outlook.com portal."

Microsoft completed the transfer of its 300 million Hotmail users to Outlook.com, a more modern webmail experience, in May. The NSA "already had pre-encryption stage access to email on Outlook.com, including Hotmail," the Guardian said.

The Redmond, Wash.-based company "also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in Outlook.com that allows users to create email aliases," the newspaper said.

Video-chat service Skype "worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio," the Guardian said.

There have been concerns since Microsoft bought Skype in 2011 about what data the Redmond company is sharing with law enforcement. Last January, dozens of organizations, including the Electronic Frontier Foundation and Digital Rights Foundation, sent an open letter to Microsoft asking how, when and why the popular video chatting program complies with government requests for information.

In March, Microsoft published a transparency report about Skype, and other of its services.

"Microsoft and Skype received a total of 75,378 law enforcement requests," the company said in the report. "Those requests potentially impacted 137,424 accounts. While it is not possible to directly compare the number of requests to the number of users affected, it is likely that less than 0.02 percent of active users were affected."

The Guardian reports that Microsoft also worked with the FBI this year "to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide."

In its statement Thursday, Microsoft said it has "clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues."

The company takes its "commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes." Microsoft's compliance team "examines all demands very closely, and we reject them if we believe they aren't valid."

Snowden, 30, has worked with the Guardian since last month to share information he learned in his time as an NSA contractor about data-gathering practices of the NSA, one of the country's most secretive agencies.

He is now believed to be staying in the transit zone of Moscow's Sheremetyevo Airport, as he decides where he can go for asylum and where he can avoid being extradited to the United States. Federal prosecutors have charged Snowden with three counts of espionage.

Report: Microsoft collaborated closely with NSA

(CNN) -- Most of the big tech companies implicated in the ongoing controversy over secret government Web surveillance insist they turned over data about users to the National Security Agency only after being compelled by court orders.

But a new report claims that Microsoft willingly collaborated with the NSA and even allowed federal agents to circumvent the company's own encryption system to spy on users' messages.

The latest bombshell from the UK's Guardian newspaper, which along with the Washington Post broke the NSA snooping story last month, says that Microsoft helped the NSA circumvent its encryption to intercept Web chats on its new Outlook.com portal. The Guardian, citing "top-secret" documents, said the NSA already had access to pre-encrypted e-mail on Microsoft's Outlook, including Hotmail.

The NSA allegedly listened in on numerous video calls made via Skype, which Microsoft bought two years ago. And Microsoft also worked with the FBI this year to give the NSA easier access to its cloud storage service SkyDrive, which has more than 250 million users worldwide, according to the Guardian's report, published Thursday.

NSA leaker Snowden speaks from Russia

Releasing NSA leaks: A public service?

U.S. government spying on Americans

Rep.: Putin trying to 'poke' U.S. in eye

In a statement, Microsoft immediately denied many of the Guardian's claims, saying the company turns over data on customers only in response to legal requests.

"First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes. Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid.

"Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate," the company said.

"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product."

News reports, based in part on documents provided by former NSA contractor Edward Snowden, have described a classified U.S. intelligence system called Prism that examines e-mails, videos, online chats and other data that it collects via requests made under the Foreign Intelligence Surveillance Act.

The revelations about Prism have alarmed everyone from members of Congress and foreign leaders to privacy activists and citizens who organized anti-NSA protests across the United States on the Fourth of July.

Like Apple, Facebook, Google, Yahoo and other tech titans linked by news reports to the Prism program, Microsoft has been working in recent weeks to convince customers that it values their privacy and safeguards their personal data against wanton snooping by a government trying to root out terrorists.

In lobbying for greater transparency on national security-related requests, Microsoft revealed last month that it had received between 6,000 and 7,000 criminal and national security warrants, subpoenas and other orders in the last six months of 2012. These requests affected between 31,000 and 32,000 consumer accounts -- a tiny fraction of the company's hundreds of millions of users -- and came from local, state and federal agencies, Microsoft said.

"When we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request," Microsoft said in its statement Thursday.

"There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues."

Report: Microsoft Collaborated Closely With NSA

But a new report claims that Microsoft willingly collaborated with the NSA and even allowed federal agents to circumvent the company's own encryption system to spy on users' messages.

In a statement, Microsoft immediately denied many of the Guardian's claims, saying the company turns over data on customers only in response to legal requests.

"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product."

In lobbying for greater transparency on national security-related requests, Microsoft revealed last month that it had received between 6,000 and 7,000 criminal and national security warrants, subpoenas and other orders in the last six months of 2012. These requests affected between 31,000 and 32,000 consumer accounts - a tiny fraction of the company's hundreds of millions of users - and came from local, state and federal agencies, Microsoft said.

Friday, July 19, 2013

Microsoft hits out at NSA reports and Obama Justice department

Software giant Microsoft says NSA leak reports have overstated the level of access given to the US government of customers' data, but also complains the Justice Department is acting contrary to the First Amendment.

By , Staff writer / July 17, 2013

Skip to next paragraph

Dan Murphy

Staff writer Recent posts

Subscribe Today to the Monitor

Hogwash, says Microsoft General Counsel Brad Smith in a blog post released on a company website yesterday.

But Smith rejects the assertion of closer collaboration made in the Guardian article. He writes:

Snowden with his leaks has basically argued that the government's mantra of "trust us" is overblown. Now Microsoft, albeit for different reasons, is saying the same.

Microsoft hits out at NSA reports and Obama Justice department

By , Staff writer / July 17, 2013

Skip to next paragraph

Dan Murphy

Staff writer Recent posts

Subscribe Today to the Monitor

Hogwash, says Microsoft General Counsel Brad Smith in a blog post released on a company website yesterday.

But Smith rejects the assertion of closer collaboration made in the Guardian article. He writes:

Snowden with his leaks has basically argued that the government's mantra of "trust us" is overblown. Now Microsoft, albeit for different reasons, is saying the same.

Tuesday, July 16, 2013

Microsoft: We do not give the NSA keys to bypass email encryption

Summary: Microsoft says it does not provide the NSA or any U.S. government agency with the ability to bypass it's encryption or give "direct access" to user data.

(Credit: Microsoft)

Microsoft has denied claims first surfaced last week that it gave the U.S. government the ability to bypass its email and storage encryption or other security measures.

The Guardian newspaper on Thursday claimed that Microsoft had helped the U.S. National Security Agency to "circumvent its encryption" to enable Web chats on its Outlook.com service to be intercepted.

The paper also claimed Microsoft "developed a surveillance capability" to deal with encryption issues that the intelligence agency faced.

Skype, which was acquired by Microsoft in October 2011, is claimed to have also worked with U.S. intelligence agencies to allow NSA analysts to access video and audio conversations through PRISM.

Microsoft's general counsel Brad Smith denied these claims in a note published on Tuesday, labeling such reports as having "significant inaccuracies in the interpretations of leaked government documents reported in the media last week."

Microsoft's chief lawyer confirmed, however, that the software giant did discuss legal compliance with the U.S. government, as the report stated. "In none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption," he confirmed.

The company believes it has a constitutional right to free speech to share more information about its alleged co-operation with the government, and yet it is being prevented.

Citing a petition filed in court on June 19, Microsoft said it had yet to receive a response from the court on seeking permission to publish the specific number of "national security requests" the company gets from the U.S. government. These requests are secret, and have only recently in the past couple of years been released - albeit in number ranges, rather than specific figures.

In regards to Outlook.com, which now has 400 active million users since the Hotmail switch-off in May, Smith said: "We do not provide any government with direct access to emails or instant messages. Full stop."

He noted that like all communication service providers, Microsoft must comply with governments to turn over specific account data, subject to a valid warrant or court order.

"This is true in the United States and other countries where we store data. When we receive such a demand, we review it and, if obligated to we comply," Smith said.

He directly hit back at encryption-bypass claims, as suggested by the documents seen but not released by The Guardian last week," saying: "We do not provide any government with the technical capability to access user content directly or by itself. Instead, governments must continue to rely on legal process to seek from us specified information about identified accounts."

Smith noted that the U.S. government is not given any ability to "break the encryption" the company uses to transport data from user-to-user.

He clarified that data is stored on Microsoft's servers "in an unencrypted state," so that it can be handed to government agencies subject to valid orders.

For SkyDrive, changes were made in 2013 to comply with an increase in requests from governments around the world, but Microsoft confirmed that the process for receiving SkyDrive files is the same for any other legal request by any government, home or abroad.

Smith also confirmed that though Skype switched to a "supernode" system before Microsoft acquire the Internet calling service, Microsoft insists these changes "were not made to facilitate greater government access to audio, video, messaging or other customer data."

Confirmed by Skype's principal architect Matthew Kaufman in an email list reply in late June, he said Skype's move to the cloud was for scalability, not surveillance reasons. Kaufman however declined to comment at the time whether the infrastructure change made wiretapping and surveillance easier for governments.

Smith also noted that should Microsoft receive a request for data belonging to business or enterprise customers, the company will forward the request to the customer unless it is prevented from doing so.

Under the Patriot Act, which significantly expanded the use of National Security Letters (NSLs), or so-called gagging orders, Microsoft may not be allowed to disclose to the customer that it had to hand over their data for law enforcement purposes.

This remains rare, Microsoft said. In its 2012 transparency report released earlier this year, the software giant said it only complied with four requests. Three of those instances, Microsoft informed the customer.

"In the fourth case, the customer received the demand directly and asked Microsoft to produce the data," Smith wrote.

Smith reiterated that Microsoft only responds to requests for specific accounts and identifiers, ruling out unfettered or "direct access" to its servers. The company also refuted "blanket or indiscriminate access" to customer data, hinting but not directly naming the Foreign Intelligence Surveillance Act (FISA), which are understood to have been used against telcos to acquire vast amounts of data on fiber cables.

PRISM is just one strand of a two-pronged operation out of the NSA's mass surveillance program. PRISM is designed to be used in conjunction with another system.

Dubbed "Upstream," investigative reporting by ZDNet in June detailed how Tier 1 fiber companies were likely ordered under law to allow vast amounts of data belonging to U.S. citizens and foreign nationals to be wiretapped.

Monday, July 15, 2013

Report: Microsoft Helped NSA, FBI Get Around Encryption

The latest in The Guardian's series of reports on secret U.S. electronic surveillance efforts claims to detail the extent of Microsoft's cooperation with the National Security Agency, with the tech giant reportedly allowing agents to circumvent its own encryption system to spy on email and chats, as well as its cloud-based storage service.

Information in the newspaper's report on Thursday is sourced to Edward Snowden, the NSA leaker who has not been seen in public for weeks and whose whereabouts are the subject of continued rumor and speculation, as The Two-Way's Mark Memmott reported earlier.

According to the Guardian, Microsoft helped the NSA and FBI get around its encryption so that the agency could access Outlook.com, including Hotmail, as part of the Prism program aimed at gathering data on Internet communications. Skype, which Microsoft bought two years ago, reportedly worked with intelligence agencies to collect audio and video from the chat service. The newspaper also said that Microsoft eased access to its cloud-based SkyDrive service.

The Guardian quoted from documents it said it obtained with Snowden's help in which the NSA explains that "this new capability will result in a much more timely collection response" and that its "success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

"A separate entry identified another area for collaboration. 'The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes.'"

In a statement to the newspaper, Microsoft said:

"When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".

Source: NPR ( http://n.pr/1bsuuQQ)&nbsp ;

Microsoft Helped NSA Bypass Cloud Encryption: Report

By Pedro Hernandez | Posted 2013-07-13 Email Print

Skype, Outlook.com and SkyDrive got tangled up in the National Security Agency spying scandal.

Microsoft helped the U.S. National Security Agency (NSA) bypass the encryption safeguards on some of its popular cloud services, according to July 11 report in The Guardian. The claims are the latest in the continuing NSA spying controversy, which made international headlines after NSA contractor Edward Snowden leaked top-secret documents and thrust the PRISM intelligence-gathering program into the spotlight. Fueling the scandal were assertions that the U.S. government had direct access to the servers, and therefore the data, of major Web services providers, including Google, Facebook and Microsoft. "The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to," Snowden told The Guardian. Google and other major cloud companies were swift to push back against the accusation. In an Official Google Blog post dated June 11, Google Chief Legal Officer David Drummond wrote: "Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users' data are simply untrue. However, government nondisclosure obligations regarding the number of FISA [Foreign Intelligence Surveillance Act] national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation."

Following Google's lead, and citing its First Amendment rights, Microsoft recently requested permission from the U.S. government to disclose more details about government requests for customer data in an effort to combat charges that the company grants the intelligence community unrestricted access to its cloud servers.

"To promote additional transparency concerning the Government's lawful access to Microsoft's customer data, Microsoft seeks to report aggregate information about FISA orders and FAA [FISA Amendments Act] directives separately from all other local, state, and federal law enforcement demands," said the company in its June 19 filing with the U.S. Foreign Intelligence Surveillance Court. Now Microsoft is facing renewed scrutiny after the U.K. news organization released more details on the documents provided by Snowden. "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept Web chats on the new Outlook.com portal," said The Guardian report. Additionally, the "agency already had pre-encryption stage access to email on Outlook.com, including Hotmail," reported the paper. With the help of the FBI, Microsoft also reportedly helped the NSA give PRISM easier access to its cloud storage service, SkyDrive. Also ensnared in this latest controversy is Skype, the company's massively popular voice and video calling service. "In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism," revealed the report. While the scandal embroiled consumer-grade services, by and large, enterprises should be wary, according to Steve Weis, chief technology officer for PrivateCore, a cloud security startup. It all boils down to who manages the encryption keys. The former Google technologist, who worked on the search giant's two-factor authentication system, noted that in terms of its technology foundation, Microsoft's SkyDrive product is fundamentally the same for both enterprise users of its Office 365 product and consumers. He told eWEEK that for many cloud services, "the user isn't in control of the [encryption] keys." Such services-"not specific to Microsoft," Weis said-can be compelled by a lawful request to hand over decrypted data without the data's owner being made aware. "If you don't encrypt your data before you send your data, it's exposed," said Weis.

Report: Microsoft Cooperated with NSA Surveillance Programs

A new report from The Guardian reveals the scope of Microsoft's alleged collaboration with the National Security Agency and its PRISM domestic spying program. According to the report, which cites top secret documents obtained by the Guardian, Microsoft helped the NSA to circumvent its encryption related to its Outlook portal and web chat services; provided help with Hotmail mail services, its cloud storage service SkyDrive; and Skype. Microsoft also worked closely with the FBI's Data Intercept Unit, and - the report claims - data collected through PRISM has been routinely shared with both the FBI and the CIA.

The documents obtained by the Guardian come from the NSA's Special Source Operations (SSO) which NSA leaker Edward Snowden describes as the "crown jewel" of the agency. SSO is responsible for all programs aimed at domestic communications systems through corporate partnerships such as PRISM.

Microsoft strongly denied that the documents were accurate. The company issued a statement saying that it "does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product." The company says that it cannot discuss further details on how it cooperates with law enforcement and spy agencies because it would be breaking the law in doing so.

You can read the extent of Microsoft's alleged cooperation with the NSA and other agencies here.

Our thought on this whole situation is that if Microsoft will share encryption and other information on Skype, Outlook and SkyDrive with law enforcement and the intelligence community, it stands to reason that it would likely share information on services gamers use every day such as communication via Xbox Live and Kinect.

We will have more on this story as it develops.

Source: The Guardian

Sunday, July 14, 2013

PRISM Pulled Microsoft Deep Into NSA Rabbit Hole

Redmond has collaborated closely with the NSA to help intercept user communications, it turns out, including working to let the agency circumvent its encryption technology. "Today, our sense of privacy is misguided," said Altimeter Group analyst Alan Webber. "In a Utopian world it could exist, but in the real world there shouldn't be that expectation of privacy."

Although it initially denied involvement in the National Security Agency's PRISM surveillance program, Microsoft has in fact worked closely with U.S. intelligence agencies to monitor users' communications, even helping the NSA circumvent its own encryption to do so, new documents from whistleblower Edward Snowden suggest.

Microsoft gave the NSA pre-encryption access to chats and emails on Outlook.com, including those of Hotmail users, as well as data on its SkyDrive cloud storage service and phone calls made through Skype, according to a Thursday report in The Guardian, which originally broke the news about PRISM.

One NSA document, in fact, referred to the PRISM program as a "team sport" for the data-sharing it involved with the FBI and the CIA, The Guardian reported.

No Blanket Access

Microsoft responded to the report later on Thursday with a statement of its own to defend its practices, noting that it provides customer data only in response to legal processes and when the requests focus on specific instances.

It does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any of its other products, it added.

Microsoft did not respond to our request for further details.

'It's Hard to Compare'

"Microsoft is just another company on a list of companies that do business with the government," Alan Webber, industry analyst and managing partner at the Altimeter Group, told the E-Commerce Times. "It isn't clear how it was done, and whether it was under a court order, but any tech company that is asked to provide information to the government is going to do so."

How other companies' involvement compares with Microsoft's, meanwhile, remains to be revealed.

Spotlight on Redmond

"It's hard to compare Microsoft's collaboration with U.S. intelligence agencies to other companies which are part of PRISM because there's so much information that hasn't been made public yet," Electronic Frontier Foundation Staff Technologist Micah Lee told the E-Commerce Times.

As a result of this latest report, we simply know more about Microsoft's role than we do about those of any of the other players, Lee added.

Apple, Facebook, Google and Yahoo are among the other major tech companies involved. Since admitting their participation many of them -- including Microsoft -- have made calls for greater transparency.

'There Is a Backlash'

"Companies are fearful of a backlash," Jeffrey Silva, senior policy director for telecommunications, media and technology at Medley Global Advisors, told the E-Commerce Times. "They are trying to be good corporate citizens, but there is a backlash from trying to help the government and satisfy the customer."

In essence, it's a balancing act, he said.

Of course, it's no longer clear how much privacy can still reasonably be expected in the digital, post-9/11 era.

"As a security professional I have very little expectation for privacy," John Dickson, principal of Denim Group and a Certified Information Systems Security Professional, told the E-Commerce Times. "We've already given away expectations -- or at least should -- when we use the Internet."

'Our Sense of Privacy Is Misguided'

Indeed, "we live in a country where we can believe the government isn't unnecessarily tapping our phone; however, those protections have eroded through the years thanks to the different acts," Webber noted. "Today, our sense of privacy is misguided.

"In a Utopian world it could exist, but in the real world there shouldn't be that expectation of privacy," he added. "This is especially true as user agreements are a one-sided agreement with the company and the user, and few people read them anyway. They exist to protect the company, and they have wiggle room to do what they want as mandated by the government."

In fact, as a result of recent revelations, privacy-concerned users may increasingly begin looking to other solutions.

"We could soon see a rise in competing 'host-proof' services that won't have the ability to give user data to U.S. intelligence agencies," said EFF's Lee. "All of the data that host-proof services have access to is end-to-end encrypted so that only the users -- and not the service itself -- are able to decrypt it."

'There Is a Disconnect'

The other part of this issue, however, is whether the government's newly revealed surveillance efforts are even doing any good. In this respect, it's a balance between liberty -- including privacy -- and security.

"We have mismatched pronounced levels of privacy concerns with security concerns," Dickson said. "There is a disconnect with the public wanting privacy and expecting security."

At the same time, "there is never going to be enough access to the information for us to know why the government needed our private information," he noted. "If there is another terrorist event then this story will go away -- it is as simple as that."

Where is the ideal balancing point between privacy and security?

"It comes down to what percentage of terrorist acts do you want to catch up front, Dickson concluded. "If that number is 100 percent, then we need to understand that it means more of our privacy will be compromised."

Saturday, July 13, 2013

How Microsoft handed the NSA access to encrypted messages

Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

* Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

* The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

* The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

* Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;

* In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

* Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In a statement, Microsoft said: "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".

In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.

Since Prism's existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.

Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."

Similarly, Skype's privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.

The latest documents come from the NSA's Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."

Microsoft's co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI - which acts as the liaison between the intelligence agencies and Silicon Valley on Prism - to allow Prism access without separate authorization to its cloud storage service SkyDrive.

The document describes how this access "means that analysts will no longer have to make a special request to SSO for this - a process step that many analysts may not have known about".

The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes."

The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says.

Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."

ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that "enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism".

The document continues: "The FBI and CIA then can request a copy of Prism collection of any selector..." As a result, the author notes: "these two activities underscore the point that Prism is a team sport!"

In its statement to the Guardian, Microsoft said:

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.

Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

The articles describe court-ordered surveillance - and a US company's efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.

They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."

* This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prism collection on or around July 2012.

Microsoft says it does not give the NSA blanket access to its users ...

Skype's privacy policy reads: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

Microsoft, in a statement, said it follows "clear principles" when responding to government demands for customer information.

A spokesman for the U.S. Office of the Director of National Intelligence didn't immediately respond to a request for comments on the new report.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Report: Microsoft collaborated closely with NSA

But a new report claims that Microsoft willingly collaborated with the NSA and even allowed federal agents to circumvent the company's own encryption system to spy on users' messages.

NSA leaker Snowden speaks from Russia

Releasing NSA leaks: A public service?

U.S. Government spying on Americans

In a statement, Microsoft immediately denied many of the Guardian's claims, saying the company turns over data on customers only in response to legal requests.

"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product."

Report: Microsoft collaborated closely with NSA

July 13, 2013 -- Updated 1249 GMT (2049 HKT) | Filed under: Web

But a new report claims that Microsoft willingly collaborated with the NSA and even allowed federal agents to circumvent the company's own encryption system to spy on users' messages.

In a statement, Microsoft immediately denied many of the Guardian's claims, saying the company turns over data on customers only in response to legal requests.

"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product."

Microsoft helped NSA circumvent its own encryption

Microsoft helped the US National Security Agency circumvent the company's own encryption in order to conduct surveillance on email accounts through Outlook.com, according to a new report in The Guardian.

Microsoft-owned Skype also worked with US intelligence agencies last year to allow them to collect video conversations through the service, according to the UK newspaper, citing secret documents. Microsoft also worked with the US Federal Bureau of Investigation this year to allow easier access to its cloud storage service, SkyDrive, The Guardian reported.

Microsoft and Skype have both emphasised their privacy protections as a benefit of using their services. Microsoft has criticised Google's privacy practices, saying in its Scroogled campaign that Google shares personal information on the Android mobile operating system with app developers.

Skype's privacy policy reads: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

Microsoft, in a statement, said it follows "clear principles" when responding to Government demands for customer information.

The NSA routinely shares information it collects from Prism, its email and web communications monitoring program, with the FBI and Central Intelligence Agency, the newspaper reported. One NSA document described Prism as a "team sport", The Guardian said.

The NSA's Prism program targets internet communications of people outside the US, according to recent reports in The Guardian and other outlets. The US Foreign Intelligence Surveillance Court has allowed the NSA to collect mass internet communications when NSA officials believe that there is a 51 percent chance those communications come from outside the US, according to news reports.

A spokesman for the US Office of the Director of National Intelligence didn't immediately respond to a request for comments on the new report.

by Grant Gross, IDG News Service

Report: Microsoft gave NSA access to encrypted messages

Microsoft has been more cooperative with the National Security Agency (NSA) than originally thought, according to a report by the Guardian. The British newspaper, which broke the story about a government surveillance program called PRISM, is revealing more details from the trove of documents it obtained from former NSA contractor Edward Snowden.

The Guardian says that Microsoft helped the NSA get around its own encryption by giving it access to pre-encrypted stages of its email service Outlook.com, which includes Hotmail. The newspaper adds that Microsoft worked to give the FBI access to services, like SkyDrive and Skype.

"The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes," one entry in the documents obtained by the Guardian said.

According to the documents, Skype joined the PRISM program in February 2011 -- eight months before it was bought by Microsoft.

Skype's involvement has come under scrutiny because it once stated that its software could not be wiretapped. In a statement given to CNET in 2008, when it was owned by eBay, the company said: "We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request."

Microsoft did not comment on Skype's previous claims and released this statement to CBSNews.com:

"We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues.

To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product. Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues."

Another section of the document describes that the new access will save analysts time by eliminating a step that previously required a special request to the NSA's Special Source Operations.

According to the Guardian, in one part of the document the NSA says: "this new capability will result in a much more complete and timely collection response." And adds: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

Part of the document reveals that the NSA has automated the sharing process so that agency partners can see what search terms the NSA has tasked to PRISM -- making it possible for the FBI and CIA to request a copy of the search results.

Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA released this joint statement to the Guardian:

The articles describe court-ordered surveillance -- and a US company's efforts to comply with these legally mandated requirements. The U.S. operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.

Snowden has been a fugitive from the U.S. government wanted on espionage charges. He is believed to be living at Moscow's Sheremetyevo airport and is seeking asylum from several nations, including including Russia, Venezuela, Bolivia, Nicaragua and Ecuador.

Friday, July 12, 2013

Microsoft collaborated closely with NSA, report says

(CNN) - Most of the big tech companies implicated in the ongoing controversy over secret government Web surveillance insist they turned over data about users to the National Security Agency only after being compelled by court orders.

But a new report claims that Microsoft willingly collaborated with the NSA and even allowed federal agents to circumvent the company's own encryption system to spy on users' messages.

In a statement, Microsoft immediately denied many of the Guardian's claims, saying the company turns over data on customers only in response to legal requests.

"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product."

In lobbying for greater transparency on national security-related requests, Microsoft revealed last month that it had received between 6,000 and 7,000 criminal and national security warrants, subpoenas and other orders in the last six months of 2012. These requests affected between 31,000 and 32,000 consumer accounts - a tiny fraction of the company's hundreds of millions of users - and came from local, state and federal agencies, Microsoft said.

Monday, July 22, 2013

Sunday, July 21, 2013

Saturday, July 20, 2013

Friday, July 19, 2013

Tuesday, July 16, 2013

Monday, July 15, 2013

Sunday, July 14, 2013

Saturday, July 13, 2013

Friday, July 12, 2013