Latest Leak Shows Microsoft Handed The NSA And FBI Unencrypted Access To Outlook, SkyDrive And Skype

from the MS-US-Internet-Explorer-10,-now-available-for-download! dept

Microsoft has painted a picture that its relationship with the NSA and FBI isn't a cozy one, but one based on forced compliance. The company has recently been taking shots at Google with its "Scroogled" campaign, claiming it kept users' data more secure. Then news surfaced that Microsoft was providing intelligence agencies with zero-day exploits for deployment by the agencies before getting around to patching them, leading to questions as to its expressed concern for its customers.

The latest leak released by the Guardian paints the company as a willing "team player" working closely with the FBI and NSA to allow unfettered access to the data of its customers.

Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;

• Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
This damaging set of documents indicates that Microsoft talks a pretty good game when it comes to privacy, but the protection it actually offers is less than skin deep.
Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."

Similarly, Skype's privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."
Microsoft's actions say otherwise. Skype alone gives the NSA and FBI access to over 600 million users worldwide despite Skype's earlier claims that these calls couldn't be tapped.

Microsoft has responded to this leak with a statement claiming its actions are above-board and completely legal. The NSA released a statement as well, claiming, as Microsoft does, that everything detailed is fully compliant with applicable laws. As usual, the NSA statement makes reference to "strict oversight" and "careful monitoring," empty phrases its deployed before that are ultimately meaningless without any corresponding transparency.

Again, speaking to the "legality" of these actions is nothing more than self-serving rhetoric. As has been expressed before, the real scandal isn't that large-scale surveillance is happening. It's that it's legal. Secret courts issuing secret interpretations that companies like Microsoft are compelled to comply with. Microsoft may say it "rejects" demands that it doesn't deem "valid," but does anyone not think these rejections aren't simply overridden?

There are ways to comply with government requests which don't take the form of working closely with intelligence agencies to undercut the same privacy you're telling the public you're so interested in protecting. (Maybe ask Twitter for some advice...) Giving intelligence carte blanche access to data pre-encryption doesn't sound like the actions of a company that regularly challenges government requests. It sounds more like the compliance of a company who'd rather not jeopardize OS sales and support to one of its biggest customers.



Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Alana (profile), Jul 11th, 2013 @ 12:34pm

    Sounds like the word "Microsoft" also describes their efforts to keep users information private.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 1:48pm

      Re:

      Is windows secretly recording all activity as well?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 11th, 2013 @ 1:57pm

        Re: Re:

        You have no reason to believe that it's not.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous, Jul 11th, 2013 @ 4:11pm

        Re: Re:

        No...not secretly. Windows keeps all kinds of logs. From cache to history to thumbs.db, it logs everything. Use a good cleaning program like Tracks Eraser Pro or CleanUp!, and you will see many of the logs Windows keeps as the program is cleaning. And you can stop thumbs.db by cleaning it and then checking "Do not cache thumbnails".

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      pixelpusher220 (profile), Jul 11th, 2013 @ 1:49pm

      Re:

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous, Jul 11th, 2013 @ 4:15pm

      Re:

      Or what Melinda Gates says about Bill's penis.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Degregger, Jul 11th, 2013 @ 4:38pm

      Response to: Alana on Jul 11th, 2013 @ 12:34pm

      There is a way to circumvent NSA spying completely. Get a VPN tunnel that uses something that is known as perfect forward secrecy (as an example google: "HushTunnel") and run your Internet facing apps through it (web, email, Skype ...)

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Mr. Applegate, Jul 11th, 2013 @ 7:38pm

        Re: Response to: Alana on Jul 11th, 2013 @ 12:34pm

        Not quite sure how this circumvents NSA spying when Microsoft, AT&T, Verizon, and probably others will gladly hand over whatever the NSA wants, and in all likely hood the NSA has gear at the server side to capture the traffic. All this really does is 'secure' your end of the communication and obfuscate the location of your connection. I can do that for free with a number of various methods and services. If they know the account is yours (and they do), and they can capture the data from the server side (and they can) what exactly have you accomplished?

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 12:36pm

    Untrustworthy...

    It seems that just about everyone involved in transmitting data, has been eagerly handing it to the NSA. It goes without saying that M$ is a conniving, crooked, dishonest and untrustworthy sack of sh*t, however is there nobody out there to trust anymore? Do I need to move to another country? Or would it not even make a difference?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 12:55pm

      Re: Untrustworthy...

      And those that aren't in a position to hand over all the data to the NSA are probably branded as "copyright infringement" organizations.

      Starting to become clear why the U.S. government went after Megaupload so strongly...

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Jul 11th, 2013 @ 1:00pm

      Re: Untrustworthy...

      is there nobody out there to trust anymore


      There never was and there never will be. It's one of the main reasons why you should not allow any third party to hold or transfer data that you don't want anyone else to see -- that rule has always been true, and in these days of the cloud fad, it's even more important to keep this in mind.

      For best results, minimize the amount of data stored by third parties, and encrypt everything.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 11th, 2013 @ 1:07pm

        Re: Re: Untrustworthy...

        And furthermore - should you trust proprietary, closed-source software written by a third party?

        How do we know there isn't a government-mandagted secret way to circumvent the HTTPS certificate management in Internet Explorer to make man-in-the-middle attacks easier?

        Are our computers betraying us in ways we don't even know about yet?

        There comes a point where conspiracy theorists like Richard Stallman are correct - the only software you can trust is the software you can inspect, modify, and rebuild yourself.

        And then there's the hardware...

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          madasahatter (profile), Jul 11th, 2013 @ 1:27pm

          Re: Re: Re: Untrustworthy...

          "And furthermore - should you trust proprietary, closed-source software written by a third party?"

          You raise an interesting question because with third partry closed-source software you can not review the code for any back doors. With open-source software, you can review the code for back doors and it would be harder to hide a back door in the code. The issue is how much do you or I trust the specific vendor of the closed-source software. The openness of open-source software is inherently more trustworthy because the developers are not deliberating hiding anything.

          I wonder long-term how the NSA spying scandle will affect Windows or MS Office in particular if customers decide enmass MS can not be trusted.

          All commercial transactions rely heavily on the buyer believing then can trust the vendor and manufacturer (if different). Contracts are often used to codify and clarify the relationship but do not remove the element of trust.

          Oddly it may be in MS' long-term best interests to consdier making their products open-source.

           

          reply to this | link to this | view in chronology ]

          •  
            icon
            Chris Rhodes (profile), Jul 11th, 2013 @ 1:39pm

            Re: Re: Re: Re: Untrustworthy...

            Even worse: how do you know a closed-source compiler isn't inserting back doors into any open-source code you compile?

             

            reply to this | link to this | view in chronology ]

            •  
              identicon
              Anonymous Coward, Jul 11th, 2013 @ 1:44pm

              Re: Re: Re: Re: Re: Untrustworthy...

              You don't... That's the problem...

               

              reply to this | link to this | view in chronology ]

            •  
              icon
              John Fenderson (profile), Jul 11th, 2013 @ 1:56pm

              Re: Re: Re: Re: Re: Untrustworthy...

              how do you know a closed-source compiler isn't inserting back doors into any open-source code you compile?


              You don't, obviously. However, there's an interesting historical event around this kind of thing that involves open source and should be kept in mind:

              Dennis Ritchie, the designer of the first C compilers and one of the authors of the original Unix, had put an administrative backdoor into the OS's login program.

              Just in case someone was looking through the source code and found it, he also altered the C compiler itself to check for this and to reinsert the backdoor if the login program was recompiled.

              This went completely undetected until he revealed it himself in his acceptance speech when he got a Turing Award.

              The lesson: just using open source -- although better than using closed source -- is no panacea for this sort of thing. Stuff can be hidden in open source code such that it's hard to find (if, indeed anyone looks).

               

              reply to this | link to this | view in chronology ]

            •  
              identicon
              Alex Elsayed, Jul 11th, 2013 @ 2:32pm

              Re: Re: Re: Re: Re: Untrustworthy...

              Worse yet: How do you know a closed-source compiler at some point in the past inserted a backdoor into an open source compiler it compiled?

              "Trusting Trust" is an absolutely brutal avenue of attack, although there are (fortunately) ways to beat it.

              https://www.schneier.com/blog/archives/2006/01/countering_trus.html

               

              reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Jul 11th, 2013 @ 1:43pm

            Re: Re: Re: Re: Untrustworthy...

            "I wonder long-term how the NSA spying scandle will affect Windows or MS Office in particular if customers decide enmass MS can not be trusted."

            In all likelihood, not at all. Their biggest customers are the government, if anything this makes them even more likely to buy.

            And for the sheeple? They just keep using Windows, because its easy. Linux is still very hard to work with, often requiring knowledge of the command line to do even basic tasks. And although, most games work on Linux (with wine), they often don't work well, that's the only reason I still dual boot...

            And Apple, well, lets just say that hamfisted control over everything has been their game from day one. I'm sure they willingly hand over every byte of data to the NSA, after scrutinizing it carefully themselves of course.

             

            reply to this | link to this | view in chronology ]

            •  
              icon
              John Fenderson (profile), Jul 11th, 2013 @ 2:35pm

              Re: Re: Re: Re: Re: Untrustworthy...

              Linux is still very hard to work with, often requiring knowledge of the command line to do even basic tasks.


              This hasn't been true for a long time. I personally know three non-computer-geek people who switched to Debian and had no problems at all. They've yet to even open the command line.

               

              reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 11th, 2013 @ 1:27pm

          Re: Re: Re: Untrustworthy...

          Just to make you really paranoid read On Trusting Trust by Ken Thompson. Just follow the plot and ignore the code details.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Jul 11th, 2013 @ 1:29pm

          Re: Re: Re: Untrustworthy...

          Ha

          I find it hilarious every time someone calls Stallman a "conspiracy theorist".

          Stallman is probably the one person in the world who is fighting for your freedom to use a computer. He takes such ridiculous precautions when using his computer because he knows more than anyone that every last byte of info that's being transmitted is being used against him. We're only now finding that out nearly twenty years after he realized it.

          All I'm saying is: Branding people as "Conspiracy theorists" without taking the time to understand what it is they are saying is the move of a sheep. "Four legs good, two legs bad" and all that. I find it unreal that people are still calling him that when it has been revealed that he was right all along.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Jul 11th, 2013 @ 1:41pm

            Re: Re: Re: Re: Untrustworthy...

            Well, he IS a conspiracy theorist.

            The difference here is that the conspiracy is real.

             

            reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Jul 11th, 2013 @ 7:52pm

            Re: Re: Re: Re: Untrustworthy...

            Don't be so dense - there's nothing wrong with the term itself - only with the perceived stigma tied to it (which you obviously share with the rest of the idiots out there).

            I openly call myself a conspiracy theorist, and I'm proud of it.

             

            reply to this | link to this | view in chronology ]

    •  
      icon
      Josh in CharlotteNC (profile), Jul 11th, 2013 @ 1:00pm

      Re: Untrustworthy...

      Wouldn't make much difference, no. If you want to keep your information secure, you cannot trust companies, nor governments and their laws.

      "It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics."
      -- Bruce Schneier

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 2:29pm

      Re: Untrustworthy...

      Move to another country and you lose even the minimal "protections" against the NSA scooping up all your Internet traffic.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Rikuo (profile), Jul 11th, 2013 @ 12:52pm

    Well, I'm dropping Skype at once, and am going to urge everyone I know to do the same. Anyone know of any VOIP service that isn't based in the US?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 12:53pm

    I knew the moment I saw that cloud it could not be trusted.

    At least according to orig article there's massive (secret) oversight and accountability to (secret) courts.

    The reason we have laws is that people who "can", "do". If they can spy, they will. If they can railroad a person and take their property, they will. We can't really stop people from going on like this, but we can keep it illegal so there is some slice of hope for justice down the road for victims of those who "did".

    I'm just hoping that after all this we the sheeple don't make this crap legal.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 1:17pm

      Re:

      Absolutely NOTHING in the cloud can be trusted. If the data is not on machines controlled by you (sitting on your desk) its almost certainly being passed around without your consent. And that so say nothing of spyware...

      There is a cyber-pearl harbor going on right now, its just that this "cyber-war" is being waged by the government against the people, not the other way around. Our privacy and security have already been sunk, and our civil liberties are burning and down by the head.

      Nonetheless, I hope all they have done is to awaken a sleeping giant and fill him with a terrible resolve...

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 12:56pm

    Wow. Very few countries or citizens will be willing to run MS Spyware Software (MSSS) after this.

    If anyone has stock in Microsoft, consider selling it ASAP before the bottom completely falls out. It's already been falling out with Win8 and flopRT, but these new revelations make MS's bottom look like it's made out of wet cardboard.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 12:57pm

    Is the push for cloud solutions coming from the software companies or from the NSA?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 1:00pm

      Re:

      All of the above?

      Copyright-maximalist organizations love that cloud storage gives them the ability to remove your access to content too...

      And advertising-centric companies (Google, now Microsoft as well), love that they can force you to view ads or mine your data for marketing content whenever you use their services.

      What we really need are more free, convenient, "do it yourself" cloud devices. I know several linux-based solutions already exist that you can run from home, or from your own hosted server, but they don't easily integrate with all devices like dropbox, google drive, or skydrive would.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Jul 11th, 2013 @ 2:02pm

      Re:

      At this year's CloudCon, Keith Alexander, director of the NSA, outright told everyone that they should be using cloud services. So there's that.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        The Real Michael, Jul 12th, 2013 @ 6:11am

        Re: Re:

        Cloud storage is nothing more than data stored and accessed remotely off of a storage device you have no control over. Problem is, anyone can access that data. It's always best to use your own storage devices.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          John Fenderson (profile), Jul 13th, 2013 @ 3:47pm

          Re: Re: Re:

          Exactly. That Alexander wants everyone to use cloud services is a huge red flag that you should avoid using cloud services.

           

          reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 12:57pm

    Good news! Now all the hackers know which end of the chain to attack. Nice own goal, MS - for all your talk of consumer privacy, you sure suck at it.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    That One Guy (profile), Jul 11th, 2013 @ 1:00pm

    Might have jumped the gun a bit there...

    Going on the attack against other companies, talking about how 'serious' you take customer privacy, only to have it revealed that you're only serious until someone asks for customer info, in which case you do everything in your power to help them get it... yeah, just kinda screwed up the PR efforts there.

    On the other had, this does offer one heck of a PR chance for those other companies... 'Yes we may be forced to hand over customer data when ordered to by the government, but unlike companies like Microsoft, we don't go out of our way to assist in the collection of your personal data.'

    (Semi-related tangent)
    Honestly, with how close MS is proving to be with various government agencies, and the Xbone's mandatory, always on camera, I can only assume that anyone still planning on buying it is obsessed with the few games listed for the system, and/or is simply has no clue as to the MS/government connections.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 1:36pm

      Re: Might have jumped the gun a bit there...

      With the Xbone, anyone who buys it at this point just doesn't care. They can't possibly fathom how a context-sensitive camera in their house could be used against them.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Lurker Keith, Jul 11th, 2013 @ 6:20pm

      Re: Might have jumped the gun a bit there...

      It's revelations like this that makes those who are paranoid about the XbOne's camera & mike vindicated.

      It may be true that the NSA doesn't have access, but this is a "better safe than sorry" circumstance if I ever saw one.

      There is such a thing as not being paranoid enough, regarding certain things.



      Also, I finally understand the slow roll out of the leaks. It isn't so the Guardian can redact the damaging stuff. It's to give everyone involved enough rope to hang themselves w/!

      1. First leak that the NSA is spying, knowing they'll deny it, like they have in the past.
      2. Then leak the who they're using, & let them deny that.
      3. Then leak the how, w/ proof of who, & see everyone backtrack on the "not" & explain how they're forced to.
      4. Then leak that EVERYONE is spied on, & watch the denial wave & excuses come together. This was about where those in Congress in the know started talking about oversight... which appears to also be a lie. Just like the cake.
      5. Then leak that all the excuses have been lies so far, & that the "oversight" is a rubber stamp.
      6. Now they're starting to leak specifics.

      Since it seems to be the thing on Techdirt...
      7. ???
      8. Profit!?!?!?!?!?

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      The Real Michael, Jul 12th, 2013 @ 6:33am

      Re: Might have jumped the gun a bit there...

      They could make their intentions completely obvious by putting a huge NSA emblem on the box with the caption: "We're WATCHING you!" and people would still be ignorant and purchase it. "Dude, gotta own the new Halo."

      Would people pay Microsoft/NSA to set up a camera/mic in their house? Not a chance. Since they can't directly sell the public on the notion of having their privacy violated all day and night, they obfuscate their nefarious intentions by emphasizing all the fun features housed in their spy-box.

      If they give the NSA unfettered access to Skype, Hotmail, etc., what makes anyone think that they won't do the same with the Xbox One Kinect? Logic please.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Shawn (profile), Jul 11th, 2013 @ 1:01pm

    "• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases; "

    That may explain why I spent 20 minutes of reading web posts and clicking all over the outlook.com to try and figure out how to setup a quick email alias. I gave up and set it up on one of my gmail accounts.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Lurker Keith, Jul 11th, 2013 @ 6:33pm

      Re:

      Currently, click on your name in the upper right corner -> Account settings -> Add or change aliases.

      I've set up a few once I worked out how (which was more difficult the first time than it is now).

      If the Aliases are posing the NSA some trouble, it sounds like they were actually set up properly; though, your name (the one you click on to get there) is still displayed as your name when someone gets an E-mail from you through the alias, which is kinda stupid. At least I didn't use my real name when creating the account. Anyone who does needs to take lessons on basic online safety.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    John Fenderson (profile), Jul 11th, 2013 @ 1:04pm

    I can only assume that anyone still planning on buying it is obsessed with the few games listed for the system, and/or is simply has no clue as to the MS/government connections.


    While I don't think the camera on the XBox is as big of a problem as it's made out to be, the close and cozy relationship between Microsoft and various TLA intelligence agencies goes way back and has been common knowledge for decades, at least in the software industry.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      JMT (profile), Jul 11th, 2013 @ 7:52pm

      Re:

      "While I don't think the camera on the XBox is as big of a problem as it's made out to be..."

      Actually it more evidence of Microsoft's untruthfulness. They say you can "turn it off", but the system won't work if Kinect is not plugged in. You'd have to be nuts to actually believe it's truly off given that restriction. If the customer has no need for it to be connected, why does Microsoft?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 1:05pm

    Wonder if we'll see a proper audit of Linux due to the NSA playing a major part in the designing and coding of selinux in light of all the revelations.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 1:35pm

      Re:

      It is probably doing what it says on the tin, as the source code is open to inspection by foreign agencies and it is used by US agencies.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 11th, 2013 @ 1:45pm

        Re: Re:

        Sorry but open to inspection means SFA until the code is audited and verified.
        Some coder alleged to have inserted backdoors into OpenBSD at the behest of the FBI, the devs went over their code with a fine-toothed comb to prove it was clean.
        A similar approach from the Linux devs certainly wouldn't go amiss.

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 1:40pm

      Re:

      Linux, the kernel, is audited all the time. I'm pretty sure SELinux has had complete teardowns more than a few times because literally no one trusted them when they first announced they were releasing open source software.

      The thing to worry about isn't the integrity of the kernel, it's all the damn packages that every user feels they "need to have" in order to run a computer. All the driver blobs, and packages that aren't found on repositories, or extensions that are seemingly made out of thin-air? Those are the things that need constant, 100% scrutiny.

      It makes far more sense for the NSA to let the user bug themselves than it is for them to attempt to infiltrate a close-knit group of some of the best programmers in the world. It's why Facebook is so popular.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Mark Harrill (profile), Jul 11th, 2013 @ 1:06pm

    More Porn!

    Prism to collect video of conversations as well as audio


    So the NSA's true motives come out! They didn't think there was enough porn on the internet so they recorded video and audio from Skype to get more?:)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 1:09pm

    thanks, microsoft.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Designerfx (profile), Jul 11th, 2013 @ 1:12pm

    outlook?

    outlook spying too?

    that means they're enabling FBI/NSA spying on enterprise customers, too.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 1:17pm

      Re: outlook?

      To be fair TOA only referenced the Outlook.com web service. Not that it has to stop there... but they didn't mention the stanalone clients and Exchange servers.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 1:15pm

    It's that it's legal. Secret courts issuing secret interpretations that companies like Microsoft are compelled to comply with. Microsoft may say it "rejects" demands that it doesn't deem "valid," but does anyone not think these rejections aren't simply overridden?

    If a law is unknown it is not law. It is simply a codification of the practices of dictatorship.

    I know people like to play mental tricks to self-justify and pat themselves on the back... but really... secret laws? What the hell good is a secret law to anyone.

    There are no secret laws. Who is beholden to a secret law? The law is only good for the people with access to and protection under it.

    Law is our set of guidelines by which we can run a maintain society... agreed upon social norms that we set as standard expectations so that we can more peacefully get along in commerce and fellowship.

    A "secret law" is an oxymoron if there ever was one.

    Secret rules are only set to let secret men feel secure about doing awful things to lawful citizens.

    Their secret "law" is a farce. Time to burst their bubble.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 1:41pm

      Re:

      if a law is unknown, it is not law


      Tell that to the men with the guns.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jul 11th, 2013 @ 1:56pm

        Re: Re:

        Tell that to the men with the guns.

        Almost want to click insightful there. I'm cannot deny reality; firepower always wins hands down.

        However that has been true since well before the Magna Carte.

        This doesn't change the fact that a 'secret law' does not exist in a society of Rule of Law; only in dictatorships. If I recall correctly.. that's not (or was not) supposed to be how we run things here.

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        John Fenderson (profile), Jul 11th, 2013 @ 2:06pm

        Re: Re:

        Tell that to the men with the guns.


        Just because armed thugs says something is legitimate law does not mean it's legitimate law. Although when guns come into play, all that becomes academic.

         

        reply to this | link to this | view in chronology ]

  •  
    icon
    jupiterkansas (profile), Jul 11th, 2013 @ 1:20pm

    "I am Jack's complete lack of surprise."

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Simon, Jul 11th, 2013 @ 1:22pm

    Microsoft's outlook advert sez "Your privacy is our priority!"

    Crafty buggers.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 1:33pm

    It's true. I was thinking about Stallman, too as I read this article. He did hit MS spying closer to the mark than I think any of us imagined.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    PRMan, Jul 11th, 2013 @ 1:40pm

    And people made fun of me

    And people made fun of me for not wanting to put all my documents on SkyDrive.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Scott Dunn, Jul 11th, 2013 @ 1:52pm

    Quid Pro Quo?

    Maybe they would appreciate some additional help with patent and copyright enforcement and compliance is the tradeoff.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 2:05pm

    Wait a minute

    I have to put on my shock face

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 2:20pm

    Everyone is missing the bigger story here. Microsoft just admitted they have back doors into the email service of choice for every large corporation out there. This is pretty huge when you consider that companies like the one I work for directly compete with Microsoft's other products. They've actively developed a backdoor into their competitors inbox. Regardless of the reasoning for doing it, that now exists.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 2:27pm

    Who wants to deploy on Azure now?

    I have a hard time believing this is true because Microsoft just isn't that stupid.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Zangetsu (profile), Jul 11th, 2013 @ 2:51pm

    Clear Violation of Privacy Policy

    Since this seems to be a clear violation of their Privacy Policy can they be sued? Since they say that they are a TRUSTe certified site and this seems to indicate that they have violated that standard should they have their accreditation revoked? Regardless of whether or not what they did was illegal, their violation of their own Privacy policy and the violation of the TRUSTe guidelines seems to indicate that, at the very least, some innovative young lawyer is going to start a class action lawsuit against Microsoft on those grounds. I hope the John Steele fiasco is over by then because there are only so many court cases that I can keep track of.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Jul 11th, 2013 @ 4:19pm

      Re: Clear Violation of Privacy Policy

      Since this seems to be a clear violation of their Privacy Policy can they be sued?


      No, because they didn't violate their privacy policy. Read it -- there's a clause in there about how they will give any or all information in response to legal requests from the government. Nearly all privacy policies include wording along these lines.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        The Real Michael, Jul 12th, 2013 @ 6:48am

        Re: Re: Clear Violation of Privacy Policy

        Right, and even had they not included such in their TOS, rest assured that whenever the government requests info that it comes with perks like legal immunity.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    FM Hilton, Jul 11th, 2013 @ 3:18pm

    Worst fears realized

    About 2 years ago, when MS stated that they would be buying Skype, that was the end of the road for me and that program.

    I'd heard vague mutterings about the NSA and MS previous to that, and I assumed that they would hand over the keys to their newest acquisition promptly.

    I was right, and justified in not again using Skype. I don't do that anymore..because MS can't be trusted, along with all the other big tech companies.

    Pretty soon we'll be back to using landlines and coffee cans for communication, and FTP servers to send files.

    Yes, indeed, such a secure feeling now, isn't it?

    Let's just now assume every single tech company has been co-opted by the NSA, and assume everything is sent to them either voluntarily (most of the time) or involuntarily.

    Don't listen to their 'well, we really value your privacy."-with fingers crossed behind their backs. They're laughing at us, you know. We're idiots-we trusted them too much, and all the while they were selling their souls to the US government.

    Let's just shut down the Internet. It's done.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 3:53pm

    Another reason to trash Micro$oft and switch to GNU/Linux.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous, Jul 11th, 2013 @ 4:03pm

    Never trust government or big business.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Degreggee, Jul 11th, 2013 @ 4:41pm

    How to circumvent wiretapping

    There is a way to circumvent NSA spying completely. Get a VPN tunnel that uses something that is known as perfect forward secrecy (as an example: "HushTunnel") and run your Internet facing apps through it (web, email, Skype ...)

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Jul 12th, 2013 @ 11:19am

      Re: How to circumvent wiretapping

      Even a 100% secure VPN tunnel will not circumvent NSA spying completely. You can still be spied on from the system at the other end of the tunnel.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    FM HIlton, Jul 11th, 2013 @ 5:42pm

    An uncomfortable thought

    Ok, so now we know MS has been working hand in glove with the NSA to intercept data/information/user details.

    That much is a bit of a wowser, true.

    What if: they went a step further, and MS made a undetectable piece of software that got into all of their security updates for every single registered computer which allows the NSA to directly access the user's computer without detection by the computer user? It wouldn't set off alarms or your AV at all.

    Sort of a 'submerged subprogram' that innocently installs as part of the updates that MS is famous for.

    Don't tell me it can't be done. We know what they've done so far, and this isn't that far fetched, now, is it?

    Paranoid? Perhaps....but one never knows what kind of 'working relationship' the NSA is capable of making with companies do we?

    "We'll make you an offer you can't refuse-if you give us all this stuff, your company will never be prosecuted or sued again for whatever you did before."

    It worked in the Godfather, and it works in real life.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 11th, 2013 @ 7:29pm

      Re: An uncomfortable thought

      That's not paranoia, they could do something similar with the kernel and you would probably never know. They could even implement a hypervisor (if they haven't already) and there's literally no way any kind of AV system would pick up on it.

      Even then, let's be serious here, AV programs get false positives all the time. Any normal user that sees a windows process flagged is going to think "Oh, it just picked up a false positive" and ignore it.

      Windows, not even once.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Trelly (profile), Jul 11th, 2013 @ 5:52pm

    How soon until they announce a merger? What would it be called?

    MSA?

    They already have an address, One MSA Way.

    Is this NSA version 1.0 or 2.0?

    Ohhh, the laughs go on and on. If all this were at all funny.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 11th, 2013 @ 6:54pm

    (credits: RyanNerd) We got a official statement from Microsoft:

    Yesterday it came to light that the NSA has been collecting millions of emails, chats and skydrive files from us each and every day. Since that news was released, many of you have called support with questions and concerns about this program. To save our time and yours, here are answers to three of the F.A.Q.s we’ve been hearing from you:

    *1. Will I be charged extra for this service?*
    We're happy to say that the answer is no. While the harvesting and surveillance of your emails, chats and cloud data were not part of your original service contract, we're providing this service entirely free of charge.

    *2. If I add email aliases to my account, will those also be monitored?*
    Once again, the answer is good news. If you want to add any additional accounts through our service, your emails, chats and other data will all be monitored by the United States government, at no additional cost.

    *3. Can Microsoft help me fix Windows crashing issues?*
    Unfortunately, no. Our close partnership with NSA to provide exploits / backdoors in our softwares may be responsible for some of the issues you're facing. Infact, we like to think of these as "features", some of which took us months to develop.

    I hope we’ve helped clear up some of the confusion about this exciting new program. But if you have any further questions, please don’t hesitate to call support. Your calls may be recorded for "quality" purposes.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 12th, 2013 @ 1:32am

    Companies aren't, or at least shouldb't be compelled to decrypt stuff, Mike:

    http://paranoia.dubfire.net/2010/09/calea-and-encryption.html

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous, Jul 14th, 2013 @ 6:44pm

      Re:

      Yep. CALEA, another law the dumba** American people simply let pass and have stood for. Will the American people ever take responsibility for what they have let their government do? Nah, "The Voice" is on.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 22nd, 2013 @ 5:33pm

    lets all setup servers that send thousands of messages all day ,encrypted of course, and the unencrypted message is randomgibberish of course,or lewd insults ...as well as hi new personreply not nede but very welcome. i means flood the net on port 25 so extensively that theres no point in monitoring, due to the large noise to signal ratio

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This