Microsoft has previously admitted to cooperating with the NSA. New revelations reveal that it is far worse than was previously disclosed giving the NSA up-to-date access to its customer data whenever the company changes its encryption and related software technology. Microsoft helped the security agency find ways to circumvent its encryption on its Outlook.com portal’s encrypted Web chat function, and the agency was given what is described as “pre-encryption stage” access to e-mail on Outlook, including Hotmail e-mail.
How Microsoft handed the NSA access to encrypted messages
by Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman and Dominic Rushe, The Guardian, Thursday 11 July 2013
• Secret files show scale of Silicon Valley co-operation on Prism
• Outlook.com encryption unlocked even before official launch
• Skype worked to enable Prism collection of video calls
• Company says it is legally compelled to comply
The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.
The documents show that:
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;
• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
While Microsoft claimed it had no choice but to cooperate arguing that it provides customer data “only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers”. Emptywheel proprietress, Marcy Wheeler is interested in some of the details about the cooperation:
For example, the story describes that this cooperation takes place through the Special Source Operations unit.
The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the “crown jewel” of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.
But we saw that when NSA approached (presumably) Microsoft in 2002, it did not approach via SSO; it used a more formal approach through counsel.
In addition, note how Skype increased cooperation in the months before Microsoft purchased it for what was then considered a hugely inflated price, and what is now being called (in other legal jurisdictions) so dominant that it doesn’t have to cooperate with others.
One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.
Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.
According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.
The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” the document stated, praising the co-operation between NSA teams and the FBI. “Collaborative teamwork was the key to the successful addition of another provider to the Prism system.”
While this isn’t as obvious as Verizon’s MCI purchase – which for the first time led that carrier to hand over Internet data – it does seem that those companies that cooperate with the NSA end up taking over their rivals.
The Guardian article includes a statement from Microsoft and a joint statement by Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA.
In his New York Times article, James Risen reports that some Silicon Valley companies fearing negative public response have begun to openly push back against the security agency:
Yahoo, for example, is now asking the Foreign Intelligence Surveillance Court, the secret court that rules on data collection requests by the government, to allow it to make public the record of its 2008 challenge to the constitutionality of the law requiring it to provide its customer data to the agency.
A Yahoo spokeswoman said Thursday that the company was “seeking permission from the FISA court to unseal the arguments and orders from the 2008 case.”
Risen also reported that Sen. Ron Wyden (D-OR) believes that the White House is considering scaling back data collection over concerns about privacy issues and public backlash against the security agency’s large-scale collection of the personal data:
“I have a feeling that the administration is getting concerned about the bulk phone records collection, and that they are thinking about whether to move administratively to stop it,” he said. He added he believed that the continuing controversy prompted by Mr. Snowden had changed the political calculus in Congress over the balance between security and civil liberties, which has been heavily weighted toward security since the Sept. 11 terrorist attacks.
“I think we are making a comeback,” Mr. Wyden said, referring to privacy and civil liberties advocates.