
Report Indicates More Extensive Cooperation by Microsoft on Surveillance - aet
http://www.nytimes.com/2013/07/12/us/report-indicates-more-extensive-cooperation-by-microsoft-on-surveillance.html?hp&_r=0
======
swombat
This is bound to do some serious damage to the wallets of large US tech
companies.

Also casts severe doubts on the claims of innocence by other tech giants.

I know tptacek will be on my ass for this one, since clearly he has good
connections with security people at Google, people that he respects, and it
seems they've assured him that no such thing is going on. But perhaps Thomas
should consider the possibility that those good connections were either
unaware of this program because they didn't have the right level of access, or
were not allowed to tell him about this due to his own lack of security
clearance.

~~~
mtgx
I'm actually secretly hoping Google (and the rest) gets found out doing the
same, too (that PRISM slide seemed to imply all on the list gave direct
access, not just some, I think). Because if they do that, and they get
exposed, they might actually be _forced_ to offer end-to-end encryption for
their services to regain their users and their customers' trust.

My trust for all of these companies is lost anyway. I can't trust them anymore
until they _remove_ the need to trust them, by offering end to end encryption.
Because even if they are "good guys", who knows what kind of stuff they are
"compelled" to give and how much. And for that reason I can't trust any of
them anymore, until they make it so I don't _have_ to trust them, and remove
_any doubt_ that they can be involved in it.

You may say, but if it's such a big deal to you, why not just use an
alternative solution for that? Yeah, sure, but what about the other hundreds
of millions of people _not_ doing that? That's why we _need_ the big guys to
be our allies on this, so not just me or even everyone on HN gets really
secure communications, but _every one of their users_. Plus, these e2e
encrypted services don't work or aren't practical unless you have all of your
friends using them, so there's that issue, too.

~~~
yread
From
[https://news.ycombinator.com/item?id=6029173](https://news.ycombinator.com/item?id=6029173)

 _A telecommunications carrier shall not be responsible for decrypting, or
ensuring the government’s ability to decrypt, any communication encrypted by a
subscriber or customer, unless the encryption was provided by the carrier and
the carrier possesses the information necessary to decrypt the communication._

So, if the carrier provides the encryption he will be responsible for
"decrypting, or ensuring the government’s ability to decrypt" that encryption.

Conclusion: securing communication (in US) can only be done with external
tools/plugins

~~~
mtgx
CALEA says otherwise:

[http://paranoia.dubfire.net/2010/09/calea-and-
encryption.htm...](http://paranoia.dubfire.net/2010/09/calea-and-
encryption.html)

------
w_t_payne
It appears that MicroSoft is actively helping the NSA, rather than just
passively responding to requests for data. This is cause for some significant
concern.

This concern is particularly relevant if the scope of NSA activities extends
beyond counter-terrorism to the support and furtherance of American commercial
interests. I.e. industrial espionage.

This does not seem too unreasonable a supposition given the history of the US
security services.

It seems that, rationally, transitioning away from MS software should now be
considered a priority for any non-US business in active competition against a
US exporter.

At the very least, business leaders should carefully consider the consequences
before storing or transmitting business-critical information using a device
that has been exposed to potentially compromised software.

------
JonSkeptic
According to articles scooped up on Google Finance: "TECH STOCKS: AMD, Amazon,
Microsoft Lead Tech Rally" and "Microsoft Corporation (NASDAQ:MSFT) trading
up"

We'll see if that changes, but I think the public has already moved on. The
Zimmerman trial was a brilliant distraction.

------
MisterWebz
> “I have a feeling that the administration is getting concerned about the
> bulk phone records collection, and that they are thinking about whether to
> move administratively to stop it,”

Conveniently ignoring the methods they're using to get the most information.

------
mtgx
What's worse is that they don't even _have_ to do it. They _wanted_ to do
this:

[http://paranoia.dubfire.net/2010/09/calea-and-
encryption.htm...](http://paranoia.dubfire.net/2010/09/calea-and-
encryption.html)

