Microsoft Fires Off Rebuttal To Latest Leak; Angry Letter To Eric Holder

from the at-this-point,-I'm-pretty-sure-no-one's-telling-the-complete-truth dept

The recent leak detailing Microsoft's extremely close work with US intelligence agencies seemed to contradict pre-leak statements made by the company concerning responses to data requests. Microsoft claimed it only did the minimum required by law, but the leaked documents portrayed the software giant as working in concert with the NSA and FBI to provide them with pre-encryption access to several services, including Outlook, SkyDrive and Skype.

Microsoft has responded to this leak via a blog post and a letter to Eric Holder. The blog post is a long refutation of every claim made in the leaked documents. Rather than give the agencies direct, pre-encryption access, as was stated in the leak, Microsoft claims it only provides metadata and content as requested -- and then only if Microsoft deems the request valid.

Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.

If a government wants customer data – including for national security purposes – it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.

We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction – fractions of a percent – of our customers have ever been subject to a government demand related to criminal law or national security.

All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the request are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.
With this across the board denial of the leaked documents' contents, we're left with only a few possibilities. Either the document isn't accurate and Microsoft's statement is truthful or the statement is false and the document is the truth. Or, somewhere in between, there's a way both can be accurate (or "least untruthful"), which boils down to subjective definitions of certain words, most notably "access." Microsoft could have provided near real-time access while still only complying with court orders. Everything stored and turned over to the NSA and FBI was technically "pre-encryption," in the fact that Microsoft had unencrypted access to the data. As we haven't actually seen a court order or national security letter directed at Microsoft, it's tough to say how direct and how close to real time this access is.

Microsoft's rebuttal doesn't entirely refute the documents, however. There's no doubt it worked closely with these agencies to provide the access, content and data they were seeking, even if it was all strictly "by request." In terms of Skype, Microsoft doesn't even bother refuting the government had access to audio and video via its Prism connection. All it addresses is the statement that claimed video production had tripled "since a new capability was added" in July of 2012.
The reporting last week made allegations about a specific change in 2012. We continue to enhance and evolve the Skype offerings and have made a number of improvements to the technical back-end for Skype, such as the 2012 move to in-house hosting of “supernodes” and the migration of much Skype IM traffic to servers in our data centers. These changes were not made to facilitate greater government access to audio, video, messaging or other customer data.
These changes may not have been made to "facilitate greater government access," but that's not what the document claims. All it says is that this new capability tripled video production. Moving to in-house hosting and migrating traffic to Microsoft data centers could certainly aid in the "production" (read: harvesting) of Skype video calls. Whatever the intent, the end result was the same -- easier, faster access to Skpe data and content for intelligence agencies.

This back-and-forth is unlikely to result in establishing definitive guilt or innocence on the part of Microsoft. Either way, it's of negligible importance. The fact is that intelligence agencies are, by way of court orders and security letters, inserting themselves deeper and deeper into the underlying fabric of online communications, something that stretches much further than Microsoft.

Microsoft itself is hoping to address the larger, more problematic issue of our growing surveillance state. In addition to its blog post, the company sent a rather irate letter to Attorney General Eric Holder [pdf]. It dispenses with most of the usual diplomatic niceties and confronts the government with the damage it's doing to American citizens and American companies with its surveillance activities.
Since the initial leak of NSA documents, Microsoft has engaged constructively with the Department of Justice, the FBI, and other members of the Intelligence Community on the ground rules governing our ability to address these issues and the leaked documents publicly. We have appreciated the good faith in which the Government has dealt with us during this challenging period. But we’re not making adequate progress. When the Department and FBI denied our requests to share more information, we went to the Foreign Intelligence Surveillance Court (FISC) on June 19 to seek relief. Almost a month later, the Government is still considering its response to our motion.

Last week we requested official permission to publicly explain practices that are the subject of newly-leaked documents that refer to Microsoft and have now been misinterpreted in news stories around the world. This request was rejected. While we understand that various government agencies are trying to reach a decision on these issues, this has been the response for weeks.
This is no surprise to anyone who's attempted to obtain information or official responses from our intelligence agencies. The standard m.o. is to wait it out while chanting "grave damage to national security." But what Microsoft adds next serves as a slap in the face to those parties attempting to wait it out.
As I know you appreciate, the Constitution guarantees the fundamental freedom to engage in free expression unless silence is required by a narrowly tailored, compelling Government interest. It’s time to face some obvious facts. Numerous documents are now in the public domain. As a result, there is no longer a compelling Government interest in stopping those of us with knowledge from sharing more information, especially when this information is likely to help allay public concerns.
In other words, "Your secrets aren't secret anymore. Get over yourselves."

At this point, only government employees who dutifully ignore what their employer tells them to ignore aren't aware of these leaked documents and their contents. If our "national security" was suffering "exceptionally grave damage" from these leaks, you'd think at least some of that damage would be noticeable. Instead, what we have is the large scale embarrassment of government officials who are now forced to explain actions that contradict the very principles they claim this country stands for -- that they say they stand for. Refusing to allow companies to discuss activities already outed by leaks is simply the most self-serving form of damage control. The threat to officials' reputations easily exceeds the threat to the security of the American public, and continuing to deny these companies an opportunity to explain their involvement does them, and the public, a disservice.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    Ninja (profile), Jul 17th, 2013 @ 6:44am

    While there has been a lot of damage to their reputation this letter adds a lot of credit back to Microsoft (tough not enough in my view to regain any trust). The damage is severe to all American companies in fact.

    Still, one gotta love how they slap the Govt in the face for their kid's play over an imaginary secrecy over documents that are pretty much common knowledge for the average Joe.

    As they said, Your secrets aren't secret anymore. Get over yourselves, out of your lethargy and apathy and start fixing the damage.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    weneedhelp (profile), Jul 17th, 2013 @ 8:00am

    Deny... deny... deny...

    when caught in a lie... How many guilty individuals, when busted say: Yup, ya got me, I did it.

     

    reply to this | link to this | view in thread ]

  3. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Jul 17th, 2013 @ 8:04am

    "This is no surprise to anyone" -- Techdirt's motto.

    About 9,760,000 results for "backdoor windows". Just taking the top, known since 1999:
    http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-199 9.html

    The real question is why supposedly savvy tech writers give ANY credence at all to Microsoft: a proven monopoly built on shoddy products, is bad enough.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    jackn, Jul 17th, 2013 @ 8:07am

    Re: "This is no surprise to anyone" -- Techdirt's motto.

    WTF, this is almost a logical train of thought. What happened to the loopy tag line.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Vidiot (profile), Jul 17th, 2013 @ 8:14am

    Planned outrage

    "You, Mr. Holder, are a dastardly fellow." [Insert winking smiley here]

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    el_segfaulto (profile), Jul 17th, 2013 @ 8:15am

    Re:

    Still too little too late for me. I used to keep a single virtual machine for running the occasional Windows only application. Now I'm at the point where I will not run anything that isn't open source (video card drivers being an annoying exception).

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 8:28am

    Everybody raise your hands if you believe that Microsoft is just trying to cover its own ass by trying to deflect the leaked document.

    Personally, I think that Microsoft is as guilty as the leaked document and that they're trying to deflect the criticism. As more and more companies are revealed to be involved with the program at the NSA, greater scrutiny is being placed on them by American consumers and greater fallout will come out of it.

    Companies, beware, we are holding you accountable. The NSA can't protect you from our expressed anger.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 8:35am

    Dear Government

    Your house of cards has fallen, please allow us to pick them up and move on now.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 8:37am

    Re:

    You would think that these corporations would realize their actions, whether justified and in accordance with the law, would piss off their customers. Even if they're not doing what it alleged, the fact that what they are doing is secret is enough to piss people off.

    What did they think would happen when everyone found out?

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    madasahatter (profile), Jul 17th, 2013 @ 8:40am

    Damage control

    In the recesses of MS' collective brains it must slowly be dawning on someone they need to come clean or they will have more serious near term troubles.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 8:48am

    Re: Deny... deny... deny...

    So far, most of the guilty have simply remained silent...

    Look at the telco's - barely heard a peep from them.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 8:49am

    Re: Re:

    People still buy nvidia hardware?

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 8:50am

    I find it interesting that American companies are only interested in the affects this has on American citizens, its as if they are not interested in trading with the rest of the world.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    artp (profile), Jul 17th, 2013 @ 8:52am

    Except that...

    Microsoft is claiming to have done what no other company has done, to our knowledge - it claims to have kept control of its customers' data and is keeping the government at arms' length.

    This quote absolutely stinks to high heaven, and is totally unbelievable to me:

    If a government wants customer data – including for national security purposes – it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.

    We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. ....

    All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the request are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.

    This hasn't worked for Google. It hasn't worked for Yahoo. Indeed, Yahoo had to fight to let us know that they got forced into this. It hasn't worked for any company that has resisted this. Only a few companies aren't in this situation, and that is because they entered into it whole-heartedly.

    So why do we accept this current version of Microsoft's spin-doctoring and think that they are the only company out there whoa re able to resist government spy requests? How did they get the power, or privilege, or moxie to stand up against the police state? I, for one, am not buying it.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 8:56am

    Centralisation

    One not about Skype, Put the Supernodes on US soil, and NSA get access to metadata that would otherwise be unavailable to them. That is they could see who was connecting to who in foreign countries, because the connection request hit US controlled fibres, where in the original Skype the connection management would have been outside their reach.
    This change made the data available to NSA without having to gain Microsoft's direct co-operation.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 9:06am

    Re:

    It's not all bad, right? Okay, look at it this way. The companies are manning up, to some extent. They're actually listening to people and trying to make things better. They realize that their life relies on their customers. They're putting some effort out there where the US Government isn't.

    The government is turning its back on its people. The companies it dragged into this mess, they aren't so keen to do that, to be dragged along further. They care about their customers (Well, their wallets, but still). They care enough to stand up and cry foul, To try and save themselves in front of us.

    It's not fair to pin any of these companies as so evil or heartless. We don't know what happened behind closed doors. This could have been forced upon them and mind you, to have the government come down on you, that's not something so easily fought back against. I can't imagine any reason why Microsoft would want to willingly hand over data to the Government. Does it benefit them? It does in the sense that it keeps the Government from wrecking their day, but beyond that, I can't imagine it's something they're happy with, even if it was easy to twist their arm.

    The government is acting as a Bully. Some kids are stronger than others. Some kids take it and cry, some kids stand and fight. We can judge the kids that cry, but we have to realize the bully that put them there.

    I'm not happy with what Microsoft has done, but I am happy that they're standing up for their customers at least in some form. They need to save face, and they're doing what they should have been doing all along. I wont give them all the credit, but I will give them some.

    Microsoft essentially finally stood up and took a swing back. It had been on the ground flailing around, and finally it gathered itself enough to stand up and take a swing back. They're still the little snot nosed kid they've always been, but at least they finally took some sort of stance that wasn't just to bend over and take it.

    I imagine it's been difficult for them. They haven't been able to defend themselves like they should have been. Regardless if what they've done is right or wrong. They're stuck between a government that wants to silence them and a consumer base that is boiling over with hate. They want to serve their costumers, they want to calm that fire. We're their money, and they know that. We're what will break them, and they know that. It's our opinion that will change how the operate, but it's the government that isn't allowing the public's opinion to have that sway like it should. Companies improve when the backlash of the public comes down on them, but the government is making it hard for them to do that.

    So, maybe they are trying to save their ass. This is what the free market is about though, isn't it? The consumers are talking, they're speaking out, and Microsoft is listening. I wouldn't ever want to be in their position. I don't like how they've handled themselves, but still. I see what it is, where they're at, the rock and a hard place they've got themselves into. Can we at least give them that? That even if they're the kid we hate, we have to give them some credence in this horrible mess that this country has been flung into?

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 9:09am

    after the way things have gone and the way the US government has reacted towards Manning and Snowden as well as towards whistle blowers that went before them, i dont trust any of the fuckers and take what they say with a pinch of salt. we've seen from statements here and videos taken at senate hearings that one of the biggest liars we have is Holder. he isn't alone by any stretch of the imagination. all heads of law enforcement agencies are as bad as each other. it has been shown the lengths they will all go to, including out and out lying to Congress (and getting not even a bit of community service as punishment!). none deserve to have the jobs they have/had. none deserve the trust or the gratitude from citizens and all are nothing less than double-standard hypocrites!

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 9:10am

    Re:

    I don't think that's true, not completely. They operate in this country, but these problems affect all their customers, world wide. Their care for their customer(')s (wallets) doesn't stop at our boarders.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 9:10am

    Until one of these companies stands up and says "fuck you, your laws are illegal and we aren't going to comply," they are all guilty of aiding and abetting the surveillance state no matter how they spin it. Let the government burn your company to the ground to show your consumers how out of control the feds are. They are too worried about their stock prices on Wall St. to do what is right.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    el_segfaulto (profile), Jul 17th, 2013 @ 9:15am

    Re: Re: Re:

    It's still a two horse race. In my experience (involving CAD, GIS, and GPU accelerated processing) Nvidia seems to have fewer hiccups on X than ATI does. As always, your mileage may vary.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 9:23am

    Re: Re:

    "video card drivers being an annoying exception"

    In the Linux world (which I presume is what you use) kernel 3.11, due to come out very soon (it is in rc1 state right now, it should become final in the next few weeks) has a huge update in the open source AMD graphics drivers.

    If you have an AMD card, I strongly urge you to try out the new drivers. I personally can't test it, as I don't have AMD hardware (I'm stuck with NVIDIA binary blobs), but from some benchmarks I've seen, the newly updated driver has performance comparable to the closed source (catalyst) driver.

    Linux is coming along nicely. I can see that many pieces are falling into place.

    Soon I (we?) will be able to get rid of windows entirely (one can dream, right?).

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 9:23am

    If you want to know why more companies aren't being forthcoming its because companies have seen lucrative profits behind handing over that data on their customers. These companies have been data mining and collecting our information for years and now they are finally getting paid by the U.S. Government to hand those records over.

    Companies always choose profits over ethics. It's the way it's always been.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    nbcart (profile), Jul 17th, 2013 @ 9:23am

    MS in Damage Control?

    I am unsure that Microsoft has any moral ground to stand on here if the reports are true that they have been feeding Zero Day exploits to the NSA (and others).

    http://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-micr osoft-others/

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    bob, Jul 17th, 2013 @ 9:25am

    they're just as afraid as the rest of us

    although MS could go and talk on first amendment grounds and fight the govt in court later, MS is also afraid of what the govt can do to it, both directly and through back door agreements. No, I don't think MS cares tremendously about the users, but they are currently trying to side with their users and can't even do that in a strong way.
    how much would it cost MS if the IRS decided to do several audits of MS, and perhaps some foreign govts changed their laws in a way that would hurt MS.. Heck, the US made europe ground the plane of a south american president. the USA is a big bully that isn't afraid of hurting people, and you don't want to get on its bad side.
    I'm surprised they're (MS) standing up as much as they are.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Not so Anonymous for the NSA, Jul 17th, 2013 @ 9:27am

    Microsoft is definitely worried about their market share. The rest of the world governments and private users who are using their backdoor OS and services.
    It's a big enough reason for many of their big customers to embrace and adopt open source operating systems.

    As a small customer of google, i'm opting out to pay for Google Drive services. Why pay for it when NSA can hold my data for me for free? :)

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    silverscarcat (profile), Jul 17th, 2013 @ 9:31am

    Re: they're just as afraid as the rest of us

    Aren't you supposed to be against big software and big hardware, bob?

     

    reply to this | link to this | view in thread ]

  27.  
    icon
    el_segfaulto (profile), Jul 17th, 2013 @ 9:34am

    Re: Re: Re:

    Really glad to hear that! I haven't been keeping up with the kernel development as much as I used to. Like you I'm stuck with Nvidia's proprietary garbage where even compiling the driver with DKMS enabled is a crapshoot, it's annoying having to recompile my video driver every time I make a kernel adjustment. Looks like I'm AMD bound on my next hardware refresh!

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Chris Brand, Jul 17th, 2013 @ 9:36am

    Re: Re:

    Maybe. It's also easy to speculate, though, that this public outrage was accompanied by a very private "please please please don't release any of the stuff that we're asking for - leave us our plausible deniability".

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 9:44am

    And Microsoft wonders why people are worried about Kinect being always on.

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 9:52am

    Re: Damage control

    Their fear may be that the level of their customer's trust in their products (specifically Outlook's communication security) may get recalibrated to the level of their customer's trust in their government...

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Corporate Mendacity, Jul 17th, 2013 @ 10:04am

    Did Microsoft happen to mention exactly why it chose to become the very first company to join PRISM?!?

    Did Microsoft happen to mention exactly when they were planning to tell Skype users that every single word they said, along with pictures of them saying it, were being forwarded in real time to the NSA?!?

    Open Source is the only way. As for Microsoft - kill it now & kill it with fire!!

     

    reply to this | link to this | view in thread ]

  32.  
    icon
    Ninja (profile), Jul 17th, 2013 @ 10:16am

    Re: Re: Re:

    Amen, brother, amen. Wine has improved drastically over the years too so we may see the day when Windows is rendered obsolete soon.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    Ninja (profile), Jul 17th, 2013 @ 10:17am

    Re: Except that...

    Agreed!

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    Ninja (profile), Jul 17th, 2013 @ 10:19am

    Re: Re: "This is no surprise to anyone" -- Techdirt's motto.

    And he didn't mention Google plus he got an insightful vote from me. Strange times...

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    Hephaestus (profile), Jul 17th, 2013 @ 10:21am

    Re: Re: Re:

    NVIDIA ... ever try running anything else with Blender?

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    madasahatter (profile), Jul 17th, 2013 @ 10:29am

    Re: Re: Damage control

    Level of trust in government - virtually nil if you have an IQ above a potato.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 10:34am

    Re: "This is no surprise to anyone" -- Techdirt's motto.

    Who are you?

     

    reply to this | link to this | view in thread ]

  38.  
    icon
    madasahatter (profile), Jul 17th, 2013 @ 10:36am

    Re: Money

    The company's concern is ultimatey to get customers to spend money on their products. If potential customers refuse they go out of business. MS specifically has problems with consumer preceptions about their products (fair or not). But if customers are scared to trust you and your products you are toast. Ultimately businesses rely on trust, the customer has to believe they are providing value and will keep confidential information confidential.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 11:43am

    I will never trust anything with a Microsoft Logo on it ever again!

     

    reply to this | link to this | view in thread ]

  40.  
    icon
    Jon Frey, Richmond Computer (profile), Jul 17th, 2013 @ 12:08pm

    Don't be surprised

    With technology being an interwoven part of society, why would anyone expect the government to not monitor internet use, e-mail, video conferences, SMS text messages and web surfing history? Before computers, the government monitored telephones. They still do today, but in different ways.

    Microsoft is due credit for proactively tackling the constitutional issues, however it is possible they are doing this not to be "good guys", but to limit their liability by disclosing what information the government harvests from Microsoft customers.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    No way dude..., Jul 17th, 2013 @ 12:13pm

    Re: Don't be surprised

    Maybe it's because of something we call the CONSTITUTION?!? You know, that document that is supposed to keep the government from misbehaving?!?

    Microsoft is more obnoxious than raw sewage. Die, Microsoft, die!!!

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    MikeW_CA, Jul 17th, 2013 @ 12:24pm

    This is how it gets done.

    THIS is how we will get our civil liberties restored, if we can manage to do so: Big, powerful corporations with lots of money demanding that the Government stop stomping on the Constitution because it's BAD FOR BUSINESS.

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    el_segfaulto (profile), Jul 17th, 2013 @ 12:57pm

    Re: Re: Re: Re:

    When I was in grad school, the viz researchers had an Open Suse system with 4 workstation class ATI cards that they used for Blender (real-time stereo vision and and as a render farm). They always swore by ATI. I'm a server jockey and a code monkey and Nvidia's CUDA libraries have a lot more support for offloading processing intensive tasks. I'm not really a gamer or a designer, for me the graphics card is more like a math coprocessor than anything else.

     

    reply to this | link to this | view in thread ]

  44.  
    icon
    Arthur Moore (profile), Jul 17th, 2013 @ 1:19pm

    Re: Re: Re: Damage control

    Ahh, but what about other governments?

    You'll occasionally hear stories about some foreign government department moving to Linux, then never hear anything about it again. That's because moving to Linux is mostly used as a bargaining chip when negotiating Microsoft Volume Licenses.

    Now it turns out that the NSA can snoop on almost anyone using Windows or other big name Microsoft products. How will China and Russia, among others, deal with the fact that MS is telling the NSA about exploits in their software before patching them?

    Some European countries already are stopping schools from using the cloud, or things like Gmail. Unlike the US, Europe has privacy laws.

    In the end US businesses are being harmed by all this. Mainly because any country with sense is going to switch to Linux and in house/country operations.

     

    reply to this | link to this | view in thread ]

  45.  
    icon
    Arthur Moore (profile), Jul 17th, 2013 @ 1:25pm

    Re: Centralisation

    Yeah.

    That's the thing about the internet. You can't stop people from knowing who you're talking to. You can only stop them from knowing what you're saying. Even then, they can probably guess how you're saying it (Skype, tor, https, etc...). All tor and VPNs do is forward your messages for you.

    Of course, if nothing ever hits a US data tap they can't see it, but as the parent said MS moved all the Supernodes in house.

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 1:38pm

    Re: "This is no surprise to anyone" -- Techdirt's motto.

    Probably because, like it or not, Microsoft is still one of the most prolific companies in the space.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    FM Hilton, Jul 17th, 2013 @ 2:00pm

    A Letter to Microsoft

    Dear MS:

    We received your letter of this past week, and thank you for your version of events. We do truly appreciate your candor.

    However, due to some rulings in the past, we're still partners, and we'll be sending copies of this letter to the relevant parties.

    Hope to be doing further business with you real soon!

    Sincerely,

    The NSA

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 2:30pm

    Re: Re: Re: Re: Damage Control

    China already HAS a national version of Linux - Ubuntu Kylin

    http://www.wired.com/wiredenterprise/2013/03/ubuntu-china/

    That's in addition to Red Flag Linux:

    http://en.wikipedia.org/wiki/Red_Flag_Linux

     

    reply to this | link to this | view in thread ]

  49.  
    icon
    Rich Fiscus (profile), Jul 17th, 2013 @ 3:33pm

    How to read a press release

    Mad Magazine used to occasionally run a feature called, "When They Say... They Mean." With apologies to the late Bill Gaines I present my interpretation of Microsoft's non-denial denial.

    When they say... Today we have asked the Attorney General of the United States to personally take action to permit Microsoft and other companies to share publicly more complete information about how we handle national security requests for customer information. We believe the U.S. Constitution guarantees our freedom to share more information with the public, yet the Government is stopping us. For example, Government lawyers have yet to respond to the petition we filed in court on June 19, seeking permission to publish the volume of national security requests we have received. We hope the Attorney General can step in to change this situation.

    They mean... As long as this is so embarassing to high ranking government officials we will have plausible deniability. Once they figure out how to spin this we'll coordinate together to make sure we keep our stories straight. We remain confident in the ability of career bureacrats to cover their own asses which they can't do without covering ours as well.

    When they say... Until that happens, we want to share as much information as we currently can. There are significant inaccuracies in the interpretations of leaked government documents reported in the media last week.

    They mean... We're really embarrased that people found out what we were up to. We can't actually refute a single fact from the leaked documents because they're all true. Also, we don't know what else that rat bastard Snowden leaked. Since the government is giving us lots of cover right now we can at least try to control the debate.

    When they say... We have asked the Government again for permission to discuss the issues raised by these new documents, and our request was denied by government lawyers.

    They mean... We're victims here just like you. It's us against them.

    When they say... In the meantime, we have summarized below the information that we are in a position to share, in response to the allegations in the reporting:

    They mean... Our crack team of professional liars in Public Relations has come up with a 100% substance-free defense. It strongly implies a complete denial of our complicity in NSA surveillance without actually commiting to a single relevant fact. The meaning is subject to change over time to match any additional revelations. We're confident major media outlets will simply regurgitate it without any critical analysis and the public will follow along like the sheep they are. That's why we're running Microsoft and you're asking us if we want fries with that.

    When they say... Outlook.com (formerly Hotmail): We do not provide any government with direct access to emails or instant messages. Full stop.

    They mean... Technically no human has direct access to anything stored on a computer but it sure sounds like we're keeping the government away from your data doesn't it?

    When they say... Like all providers of communications services, we are sometimes obligated to comply with lawful demands from governments to turn over content for specific accounts, pursuant to a search warrant or court order.

    They mean... Let's change the subject.

    When they say... This is true in the United States and other countries where we store data. When we receive such a demand, we review it and, if obligated to we comply.

    They mean... We were just following orders.

    When they say... We do not provide any government with the technical capability to access user content directly or by itself.

    They mean... Government agents get your information remotely and access is controlled by Microsoft servers. That's how cloud services work.

    When they say... Instead, governments must continue to rely on legal process to seek from us specified information about identified accounts.

    They mean... The NSA just happened to specify "All Information from Every Account."

    When they say... Not surprisingly, we remain subject to these types of legal obligations when we update our products and even when we strengthen encryption and security measures to better protect content as it travels across the Web.

    They mean... This is not about your data. It's about our business. Government contracts account for a significant percentage of our profits and we intend to keep it that way. You don't shit where you eat.

    When they say... Recent leaked government documents have focused on the addition of HTTPS encryption to Outlook.com instant messaging, which is designed to make this content more secure as it travels across the Internet.

    They mean... See, we're doing everything we can to protect you. We really do care.

    When they say... To be clear, we do not provide any government with the ability to break the encryption,

    They mean... Seriously, let's change the subject. We are not doing what nobody accused us of doing.

    When they say... nor do we provide the government with the encryption keys.

    They mean... While we're at it, though, let's address that story about how the NSA has their own backdoor built into Windows. We didn't provide them with that. They provided it themselves. We just put it on your computer.

    When they say... When we are legally obligated to comply with demands,

    They mean... As long as they have a court order signed by a judge we have enough plausible deniability to give them whatever they ask for. Fighting for your basic Constitutional rights is a high risk, low reward proposition and it's not our job.

    When they say... we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.

    They mean... We don't let the NSA tell our servers to give them all your data. We tell our servers to give the NSA all your data.

    When they say... Cutting through the technical details, all of the information in the recent leaked government documents adds up to two things.

    They mean... Seriously, though, that's all over your head anyway. Here's a dumbed down version even you can understand.

    When they say... First, while we did discuss legal compliance requirements with the government as reported last week, in none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption. Second, these discussions were instead about how Microsoft would meet its continuing obligation to comply with the law by providing specific information in response to lawful government orders.

    They mean... If we repeat these talking points enough most of you will convince yourselves we did nothing wrong because we're pushing the right psychological buttons. We don't need no stinking facts. We just need to give the part of your brain that wants to believe us an excuse to shout down all your reason and logic. One way to do that is repeat the same thing over and over.

    When they say... SkyDrive: We respond to legal government demands for data stored in SkyDrive in the same way. All providers of these types of storage services have always been under legal obligations to provide stored content when they receive proper legal demands. In 2013 we made changes to our processes to be able to continue to comply with an increasing number of legal demands of governments worldwide. None of these changes provided any government with direct access to SkyDrive. Nor did any of them change the fact that we still require governments to follow legal processes when requesting customer data.

    They mean... Rinse, lather, repeat.

    When they say... The process used for producing SkyDrive files is the same whether it is for a criminal search warrant or in response to a national security order, in the United States or elsewhere.

    They mean... Every government has the power to compel us to hand over information. What the US government is doing is nothing out of the ordinary if you look at it on a completely abstract and theoretical level. Of course on that level vanilla and chocolate are exactly the same because they're both flavors.

    When they say... Skype Calls: As with other services, we only respond to legal government demands, and we only comply with orders for requests about specific accounts or identifiers. The reporting last week made allegations about a specific change in 2012. We continue to enhance and evolve the Skype offerings and have made a number of improvements to the technical back-end for Skype, such as the 2012 move to in-house hosting of “supernodes” and the migration of much Skype IM traffic to servers in our data centers. These changes were not made to facilitate greater government access to audio, video, messaging or other customer data.

    They mean... How could a company that cares so much about you be colluding to violate your rights? We're not saying we didn't do exactly that, but we're hurt that you would believe it.

    When they say... Looking forward, as Internet-based voice and video communications increase, it is clear that governments will have an interest in using (or establishing) legal powers to secure access to this kind of content to investigate crimes or tackle terrorism. We therefore assume that all calls, whether over the Internet or by fixed line or mobile phone, will offer similar levels of privacy and security.

    They mean... Don't be naive. All your communications have been subject to secret surveillance since 9/11. All we're doing is complying with government policy. If you don't like it blame them.

    When they say... Even in these circumstances Microsoft remains committed to responding only to valid legal demands for specific user account information. We will not provide governments with direct or unfettered access to customer data or encryption keys.

    They mean... Pay no attention to the man behind the curtain.

    When they say... Enterprise Email and Document Storage: If we receive a government demand for data held by a business customer, we take steps to redirect the government to the customer directly, and we notify the customer unless we are legally prohibited from doing so. We have never provided any government with customer data from any of our business or government customers for national security purposes.

    They mean... If you're an enterprise customer rest assured you are still a special little snowflake. Your willingness to pay premium prices for our software and services year in and year out is the lifeblood of our company. Fighting for your rights is the fiscally responsible thing to do, and by fighting we mean sending the government to you. After that you're on your own.

    When they say... In terms of criminal law enforcement requests, we made clear in our Law Enforcement Requests Report that throughout 2012 we only complied with four requests related to business or government customers. In three instances, we notified the customer of the demand and they asked us to produce the data. In the fourth case, the customer received the demand directly and asked Microsoft to produce the data.

    They mean... After all you're going to be just as receptive to government demands as we are anyway. You know better than to argue principle or due process with agencies that can crush you on a whim.

    When they say... We do not provide any government with the ability to break the encryption used between our business customers and their data in the cloud, nor do we provide the government with the encryption keys.

    They mean... We didn't do that thing nobody accused us of to you either.

    When they say... In short, when governments seek information from Microsoft relating to customers, we strive to be principled, limited in what we disclose, and committed to transparency. Put together, all of this adds up to the following across all of our software and services:

    They mean... Now let's make sure the last thing you read is our talking points. This will probably be all you remember anyway.

    When they say... Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.

    If a government wants customer data – including for national security purposes – it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.

    We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction – fractions of a percent – of our customers have ever been subject to a government demand related to criminal law or national security.

    All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the requests are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.

    Microsoft is obligated to comply with the applicable laws that governments around the world – not just the United States – pass, and this includes responding to legal demands for customer data. All of us now live in a world in which companies and government agencies are using big data, and it would be a mistake to assume this somehow is confined to the United States. Agencies likely obtain this information from a variety of sources and in a variety of ways, but if they seek customer data from Microsoft they must follow legal processes.

    The world needs a more open and public discussion of these practices. While the debate should focus on the practices of all governments, it should start with practices in the United States. In part, this is an obvious reflection of the most recent stories in the news. It’s also a reflection of something more timeless. The United States has been a role model by guaranteeing a Constitutional right to free speech. We want to exercise that right. With U.S. Government lawyers stopping us from sharing more information with the public, we need the Attorney General to uphold the Constitution.

    If we do receive approval to share more information, we’ll publish it immediately.

    They mean... All hail the hypnotoad. All hail the hypnotoad. All hail...

     

    reply to this | link to this | view in thread ]

  50.  
    identicon
    Comment Of The Week :-), Jul 17th, 2013 @ 5:09pm

    Re: How to read a press release

    That HAS to be the TechDirt Comment Of The Week :-) :-) :-)

    Rich Fiscus, You Win The Internet!!!

     

    reply to this | link to this | view in thread ]

  51.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 7:39pm

    Re: Re: Re: Re: Re:

    I have found ATI to be nicer, and to do a better job (Faster) than nvidia for everything bar gaming (due to a lot of games being optimised for nvidia hardware).
    If you get the chance check out the AMD APP SDK.

     

    reply to this | link to this | view in thread ]

  52.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 7:55pm

    Two simple questions:
    1. If MS where giving full access to the NSA, wouldn't it be illegal at this point to let it be known?

    2. How do we all feel about the idea of the xbox one camera and microphone in our living-room now?

     

    reply to this | link to this | view in thread ]

  53.  
    identicon
    Anonymous Coward, Jul 17th, 2013 @ 8:01pm

    I am waiting with bated breath for the day when the NSA controls my refrigerator, microwave and car. I can just feel it now. I cruising down the highway and my car stops after the NSA hit the master stop button. Getting home I find my refrigerator on after being off all day with out my knowledge. Firing up the old Microwave I find that it spits and sputter heating my food halfway. Arriving at the hospital the doctors find that I have acute food posing due to spoiled food improperly heated. Of course hospital instruments have long became an NSA playground. About 3 in the morning the oxygen tent stop working on direct computer command. The stench becomes a little bit unbearable after the cooling system fails on that big box drawer heats up to an unbearable temperature again on direct computer command.

    You people and the fully automated house people are nuts. I am keeping my analog control system in my car, refrigerator, and microwave. I am not giving the NSA that degree of control of my life.

     

    reply to this | link to this | view in thread ]

  54.  
    icon
    Rich Fiscus (profile), Jul 17th, 2013 @ 8:18pm

    Re:

    1. If MS where giving full access to the NSA, wouldn't it be illegal at this point to let it be known?

    Absolutely. OTOH if any of the allegations in those leaks were false it would be entirely legal to flatly deny them. They chose not to do that across the board.

    This is the same tactic I've seen many times when companies try to scare a website to retract something they've published. I'm sure Mike has experienced this as well. They send you an email implying what you wrote isn't true but never actually come out and refute a single fact. Instead they provide some sort of alternate story that implies you have the facts wrong.

    If a company wants to deny a rumor or an allegation they come out and unequivocally do so. They cite a specific claim and say "that's not true." If they dance around the subject instead it means they have decided, for whatever reason, not to deny the allegation. Full stop.

    In case I'm not being clear (I do that a lot), here's an example of what I'm talking about.

     

    reply to this | link to this | view in thread ]

  55.  
    identicon
    Jim Anderson, Jul 20th, 2013 @ 10:31am

    America where are you now

    When hungry rats are trapped in a cage they eventually start to eat each other. There are some that are more responsible than others and they will be held responsible.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This