The Latest Leaks Contradict Claims Made In Microsoft's Own 'Law Enforcement Requests Report'
from the protecting-your-privacy-except-for-these-large-exceptions dept
The Guardian’s recent revelations of Microsoft’s very cozy “teamwork” with the NSA and FBI rendered many of the software giant’s statements on privacy completely hollow. Among the details leaked was the surprising amount of access to Skype Microsoft provided to these agencies.
One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.
Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.
According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.
The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” the document stated, praising the co-operation between NSA teams and the FBI. “Collaborative teamwork was the key to the successful addition of another provider to the Prism system.”
This document seems to contradict Microsoft’s statement on Skype in March of this year in its 2012 Law Enforcement Requests Report.
Skype received 4,713 requests from law enforcement. Those requests impacted 15,409 accounts or other identifiers, such as a PSTN number. Skype produced no content in response to these requests, but did provide non-content data, such as a SkypeID, name, email account, billing information and call detail records if a user subscribed to the Skype In/Online service, which connects to a telephone number.
[All emphasis in the original.]
Perhaps “producing content” means something different to Microsoft than it does the NSA, or the general public for that matter. The leaked documents state “Skype video production has roughly tripled since July 2012” with the agent noting they’ve been collecting audio all along.
No doubt this discrepancy will be greeted with a semantic discussion, involving different ways of interpreting words like “producing” or “content.” Perhaps Microsoft feels providing direct access isn’t the same as “producing content.” Or maybe Microsoft means it just hasn’t produced content for law enforcement, and anything given to the FBI falls outside of its definition of that term. But if the FBI’s requests are considered to be outside the definition of “law enforcement,” Microsoft confuses the issue early in its report by referring to content disclosed to governments.
It’s insightful, I believe, to look at the governments to whom customer content was disclosed. Of the 1,558 disclosures of customer content, more than 99 percent were in response to lawful warrants from courts in the United States. In fact, there were only 14 disclosures of customer content to governments outside the United States. These were to governments in Brazil, Ireland, Canada and New Zealand.
Obviously, Microsoft isn’t allowed to discuss much of its work with the NSA and the FBI, but the disclosure here makes it sound as if it’s safeguarding the privacy of Skype users, when in reality it’s simply holding the door open for the feds.
Filed Under: law enforcement, nsa surveillance, skype, surveillance
Companies: microsoft, skype
Comments on “The Latest Leaks Contradict Claims Made In Microsoft's Own 'Law Enforcement Requests Report'”
Microsoft contracts and deals with Governments are probably at risk now…
Re: Re:
Microsofts contracts and deals with EVERYONE are probably at risk now…
Re: Re: Re:
I think the general public won’t flock away as easily but Governments? I mean, with Microsoft you would be clearly at risk of being a victim of espionage whereas open software would provide easy scrutiny…
Re: Re: Re: Re:
Yep. Microsoft have just become the largest incentive for governments to change to Linux and other FLOSS items.
Re: Re:
Are you kidding? They’ve utterly whored themselves out to them. The government is the only place they’re safe.
Can’t wait to hear their definitions of “audio” and “video” and how these things are just metadata.
Re: Re:
Don’t worry, there’s little difference, they are all just bits.
YEAH, and Google is lying TOO.
You keep omitting all mention of the NSA’s MAJOR source, so often that it’s laughable.
Re: YEAH, and Google is lying TOO.
Are you sure it’s the NSA’s MAJOR source…. or is the Russian’s MAJOR source….Shit, I’ve been infected by with OOTB1. Help me!
Re: YEAH, and Google is lying TOO.
Come on OOTB, everyone knows you have a picture of Larry Page in your spank bank.
Re: Re: YEAH, and Google is lying TOO.
“Come on OOTB, everyone knows you have a picture of Larry Page naked in your spank bank.”
FTFY. Further jokes involving spanking are intended.
Yeah, Microsoft. Not.
I find this rather shocking. And I’m not easily shocked!
99 percent? Where else do you see that kind of “efficiency” and so few mistakes?
I’ll tell you where – NOWHERE. The less than 1 percent is just so it doesn’t seem like Microsoft is giving them COMPLETE CONTROL and access, but that’s exactly what they’re doing.
Well, technically, if they just hand the data over, they’re not “responding to a request”…
Re: Re:
Now that’s a very good point. From the article: Skype received 4,713 requests from law enforcement. Does MS consider the NSA ‘law enforcement’?
Re: Re: Re:
Or do they just count the one “give us everything” order as one single request?
Re: Re: Re:
Kinect cannot discriminate between law enforcement and rogue policy makers.
In Microsoft's defense
This is the kind of thing that happens when companies aren’t allowed to disclose their dealings with the federal government. They’re forced to lie to their customers about things like consumer privacy as a result or face the government’s wrath.
And sadly, even if Skype had never been bought by Microsoft in the first place, it was already participating in the PRISM program (having joined the program 8 months prior to its acquisition by Microsoft).
Re: In Microsoft's defense
“And sadly, even if Skype had never been bought by Microsoft in the first place, it was already participating in the PRISM program (having joined the program 8 months prior to its acquisition by Microsoft).”
And this fact was not unbeknownst to Microsoft, who purchased it regardless.
Re: Re: In Microsoft's defense
And why wouldn’t Microsoft buy Skype? It’s one of the most (if not most) recognized brands in the VoIP market. I mean, why bother creating your own product when you can just BUY the best product in the market and add it to your collection of products? Business-wise it made perfect sense, participation in a privacy-violating program like PRISM be damned.
Re: Re: In Microsoft's defense
I’ve never used Skype. Never trusted it. Now look.
I never trusted or used a proxy called hidemyass either, and I was right about that too.
Re: In Microsoft's defense
An interesting thought. If they lied to the public wouldn’t that mean that they have violated SEC regulations?
That is unless there is a secret interpretation of SEC regulations that the public isn’t allowed to know about.
Re: Re: In Microsoft's defense
You know this would make a really neat shareholder lawsuit against Microsoft and every other company involved in PRISM.
This is the kind of thing that happens when U.S.companies aren’t allowed to disclose their dealings with the federal government.
Which begs the question: Is a stateless corporation possible? What would it look like? Do you have to be a criminal if you prefer to work without government oversight?
Re: Re:
Corporations are people until it is inconvenient for governments.
Now there can be dueling “Scroogled” and “Microshafted” campaigns.
Re: Re:
I’m trying to find something to joke with Apple here and amusingly one synonym for wiretap in Portuguese is “grampo” which translates literally to English as “staple” (as in your communications were stapled). So could we consider a “Sappled” campaign as the 3rd contestant?
I personally giggled while going through this thought process =/
there isn’t one ‘social network’ service that isn’t tied to the USA law enforcement of one sort or another. the shameful thing is, that if any of the services were to deny access, they would be hauled into court on some trumped up charges or other. the really shameful thing is that law enforcement has not only been using these services but are allowed to use them for their own nefarious purposes! how can any court, any government truly expect the people to accept this practice? they are talking, perfectly innocently in 99% of cases, about ordinary daily, mundane things and some arsehole god know’s where in some bunker equally god know’s where is listening in ,just in case one might say something that means absolutely nothing but gives law enforcement the chance to raid a house, arrest some kid and haul them off to prison. keep them locked up for months on bail that there isn’t a hope in hell of any ordinary family being able to raise, and all because some idiot wants to get a win under their belt, like with Arron, God rest him! what sort of country is this? who in their right mind wants to live under a regime like this?
… and we prevent Chinese companies from purchasing US communication companies on “national security” grounds…
This wouldn’t be nearly as easy to do if people didn’t insist on convenience over security.
The only reason every Skype user needs an account is so that the main server can track IP addresses and match them up with names, so that when you tell it to “call” one of your contacts, it knows what IP address to use. This lets the company easily track all calls.
A secure VOIP app, besides using strong public-key encryption, would require the user to directly enter the IP address of the person they want to contact, and then would connect directly to that address. To do this, the program could use one of the publicly available sites that return your IP address when you access them to tell the user what IP address to give to their friend. Of course, this would require that one person send an email to the other with the IP address to use, if it’s changed from the last time they talked, but there wouldn’t be one central organization that could track where and when each call was made.
I can’t wait for the revelations of blackmail for some of the affairs, crimes and outright evil deeds that our rich and famous have done. Once this type of thing starts, a secret war of blackmail material is amassed using any and all available methods.
Who watches the watchers?
Linux > Micro$hit