Thu July 11, 2013
Report: Microsoft Helped NSA, FBI Get Around Encryption
Originally published on Fri July 12, 2013 5:53 am
The latest in The Guardian's series of reports on secret U.S. electronic surveillance efforts claims to detail the extent of Microsoft's cooperation with the National Security Agency, with the tech giant reportedly allowing agents to circumvent its own encryption system to spy on email and chats, as well as its cloud-based storage service.
Information in the newspaper's report on Thursday is sourced to Edward Snowden, the NSA leaker who has not been seen in public for weeks and whose whereabouts are the subject of continued rumor and speculation, as Mark reported earlier.
According to The Guardian, Microsoft helped the NSA and FBI get around its encryption so that the agency could access Outlook.com, including Hotmail, as part of the Prism program aimed at gathering data on Internet communications. Skype, which Microsoft bought two years ago, reportedly worked with intelligence agencies to collect audio and video from the chat service. The newspaper also said that Microsoft eased access to its cloud-based SkyDrive service.
The Guardian quoted from documents it said it obtained with Snowden's help in which the NSA explains that "this new capability will result in a much more timely collection response" and that its "success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."
"A separate entry identified another area for collaboration. 'The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes.' "
In a statement to the newspaper, Microsoft said:
"When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers."