This article was published on July 11, 2013

Guardian: Microsoft cooperated with NSA, giving access to SkyDrive, Skype, and Outlook.com data


Guardian: Microsoft cooperated with NSA, giving access to SkyDrive, Skype, and Outlook.com data

Microsoft has reportedly been collaborating with the US National Security Agency, enabling the intelligence service to intercept user communications through the company’s servers. According to the Guardian, top-secret documents it obtained show that the Redmond, WA company voluntarily provided the NSA with the ability to circumvent its own encryption.

The Guardian listed out the contents of the documents saying that the NSA had access to user data from popular services, including the company’s Outlook.com portal, SkyDrive, and Skype. Rather than try and rehash the claims, here’s what the Guardian wrote:

  • Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
  • The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
  • The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
  • Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;
  • Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio;

Microsoft released a statement to the Guardian saying, “When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands.” Furthermore, it defended itself by reiterating the time-honored argument that it releases customer data when it’s demanded by the government and that it “only ever comply with orders for requests about specific accounts or identifiers.”

Whether this information is used to spy on American citizens is unknown, but it’s hard for President Obama’s administration to defend it this time around — after all, did the NSA really go through the extensive work to make sure that Microsoft product users were American citizens? I find that hard to believe. However, thanks to a FISA court ruling, intelligence agencies have a very liberal standard to follow: data can be collected sans warrant if the NSA has a “51 percent belief” (vague in how this is measured) that the suspect is not a US citizen and also not on US soil at the time.

If these allegations are true, Microsoft will have egg on its face after it denied participation in the NSA’s Internet surveillance program Prism. The program came to light thanks to former NSA contractor Edward Snowden, who is currently in flight, fearful of prosecution over leaking state secrets. When the news was leaked, it showed that the US intelligence agency had worked with many tech companies, mostly in Silicon Valley, to harness their user data to spy on on-going activities.

In June, the company, along with Facebook, Google, Apple, Yahoo, AOL, and PalTalk, denied cooperating with the US government and said they didn’t enable federal authorities to tap directly into their central servers. Later, the Obama administration testified in front of Congress saying that the program had helped to prevent ‘dozens’ of potential terrorist events.

The epic battle against “company said, government said” continues. It comes as companies announce plans to issue transparency reports, file lawsuits against the Obama administration, and even seek redress from the secretive US courts to reveal their arguments against cooperating with Prism.

Microsoft’s full response is below:

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues.

First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.  Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid.  Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate. To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely.  That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.

➤ Revealed: how Microsoft handled the NSA access to encrypted messages

Photo credit: Robert Giroux/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with