Microsoft revealed today that it is seeking permission from the US government to release publicly more information about how it handled national security requests for their customer information. The news comes a week after a report from the Guardian that seemed to refute the tech company’s claims that it didn’t give federal authorities direct access to its servers. Naturally, it has denied those charges.
In response to the Guardian’s report, Microsoft General Counsel and Executive Vice President of Legal & Corporate Affairs, Brad Smith, said in a blog post that the company never provided the authorities with direct access to email or instant messages. Specifically:
Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order. This is true in the United States and other countries where we store data. When we receive such a demand, we review it and, if obligated to we comply. We do not provide any government with the technical capability to access user content directly or by itself. Instead, governments must continue to rely on legal process to seek from us specified information about identified accounts.
Allegations have been made stating that Microsoft provided the National Security Agency direct access to data and even helped bypass the company’s own encryption. From the Guardian’s report:
- Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
- The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
- The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
- Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;
- Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio;
With respect to each of these claims, Smith itemized and refuted each claim. In addressing SkyDrive, Smith says that none of Microsoft’s policies state that it may provide the government with direct access to the company’s file storage service. For the government to intrude on someone’s account would require a court-approved warrant or a national security order in the US or elsewhere.
As for Skype calls, Smith says the Guardian’s report references a specific change made to the service in 2012. He states that any changes were made to improve the performance of the chat application, not to “facilitate greater government access to audio, video, messaging, or other customer data.” And as bluntly as he could put it: “We will not provide governments with direct or unfettered access to customer data or encryption keys.”
Lastly, when it comes to enterprise email and document storage, Microsoft states that it provides information about the customer only, not about the data held by its business customer. If done, the customer itself is notified unless Microsoft was legally prohibited from doing so.
The company says that it only complied with four such customer requests in 2012 and in three of them, the customer was notified. With respect to the last one, the customer received the government request directly and instructed Microsoft to produce the data.
More information is still obviously hidden from public view and can only be revealed if the US FISA court grants the company permission. However, with the recent victory by Yahoo to win disclosure of its battles, things could go Microsoft’s way.
Photo credit: Robert Giroux/Getty Images