
Microsoft lawyer prepares to take on US government - ghosh
http://www.theguardian.com/technology/2014/dec/14/privacy-is-not-dead-microsoft-lawyer-brad-smith-us-government
======
higherpurpose
If these companies, whether it's Microsoft, Google, or others, encrypted as
much of their services as possible, end-to-end, without them having the
ability to decrypt that data, this wouldn't be such an issue, because the US
gov can't legally force the companies to decrypt what they _can 't_ decrypt.

Countries such as Russia, China, Brazil and others would also have _less_ of
an argument when demanding these companies build their data centers locally
"to make sure their citizens' data isn't given to the US government".

But companies like Microsoft and Google want to have their cake and eat it,
too. They'd rather keep their ability have full access to our most _intimate_
conversations, while at the same time take on the might of an unaccountable
and out of control US government to limit its access to our emails and chats.
Good luck with that.

The more advanced surveillance technologies private companies build to track
their users, the more _irresistible_ the access to that data will be to the
government, and the more they'll want it. So the solution is to make that data
useless for them. If it's encrypted and nobody but the users can access it,
then they'll be much less interested in trying to get the companies to give
them the data.

One more thing that people shouldn't forget when they see this "freedom
fighting Microsoft". Microsoft _voluntarily_ built backdoor technology for
Skype years before it purchased it.

[http://www.computerworld.com/article/2509604/data-
privacy/mi...](http://www.computerworld.com/article/2509604/data-
privacy/microsoft-seeks-patent-for-spy-tech-for-skype.html)

[http://venturebeat.com/2013/05/20/busted-microsoft-
intercept...](http://venturebeat.com/2013/05/20/busted-microsoft-intercepts-
decrypts-and-reads-your-skype-messages/)

~~~
yummyfajitas
They want access to our conversations because we demand features that require
this. As a user, I want to type in "from:priyanka secluded beach" and get the
exact message I was thinking of. And I don't want to bother handling my own
encryption keys.

It's simply not possible to accomplish this without Google having access to my
email.

~~~
AlyssaRowan
I am not aware of anything proving that.

It might indeed be possible to construct a (homœomorphic-encryption-based?
Some curve with pairings? Some form of encrypted Bloom filter in a tree?)
indexed storage that an untrusted service can store and only a trusted client
with a key can search or access. (How _practical_ that is, and what the
service can learn from access pattern metadata, is another question entirely.
Frontloading onto clients may actually be more amenable in practice.)

Key handling is primarily a UX problem (and a big one), but is also not
insoluble, or at least, not harder than bloody passwords.

It may be tricky, but I am not entriely convinced it is impossible.

However, to address the grandparents' point: _Lavabit_ provides some evidence
that US authorities perhaps _can_ compel an uncooperative provider in this
scenario to backdoor their software, allow their service to be impersonated,
or some other facilitation if they cannot access contents in a service as
designed - at the very least, if it is not already available, there are
legislative and pre-legislative pushes in the US and UK for that capability to
be _made_ available to nation-state adversaries in the future, although it's
unclear if that'll come to fruition - hopefully not, but get ready for a fight
on that in the future. (iOS-related correspondence from FBI; the so-called
"snoopers' charter" over here.)

~~~
yummyfajitas
Let me point out the key line of my comment: _And I don 't want to bother
handling my own encryption keys._

The proof is quite simple. If I don't have my own keys I have no information
the NSA lacks. Thus, they can only access the same information I can.

Homomorphic encryption would theoretically allow google to do encrypted
indexing, but I still need to handle my keys to construct the query. It's also
mainly theoretical at this point, though I am eager to see it built for real.

~~~
jfindley
There's no reason that handling your own keys has to be something that you,
personally, have to bother with. Just because you don't interact with the key
handling doesn't mean it can't happen in a safe and secure environment on your
local machine. Yes there are plenty of implementation concerns, but that
doesn't mean they're insurmountable. It's so possible, in fact, that ongoing
work is happening in exactly this space. See [https://code.google.com/p/end-
to-end/](https://code.google.com/p/end-to-end/) for example.

------
ameister14
A lot of people seem to believe Microsoft has a moral obligation to protect
humanity here and that because they didn't protest before, they shouldn't be
supported. I completely disagree with both of those sentiments.

Microsoft has an obligation to stay in business- it will protect its users so
that they don't go elsewhere. That's pretty much it. The US Government has
begun to clash with this core objective and so Microsoft is fighting back.
This is good for everyone, regardless of the profit motive behind it.

------
eyeareque
For once money will motivate a corporation (Microsoft this time) to fight for
us, and not just give away all of our private personal data any time the
government asks for it. We have Edward Snowden to thank for this.

I hope Microsoft wins; but the government pretty much always gets their way
(one way or another).

~~~
theandrewbailey
The fact that profit is motivating Microsoft to do this is an accident. A good
one, but still an accident.

------
EGreg
Shh, why are you letting the US government know before he's ready? They might
be reading Hacker News!

------
Aoyagi
The company that forces its customers (WP) to upload all of their contacts and
calendar entries without their knowledge or explicit consent to their "cloud"
is fighting for privacy? Wow.

~~~
codeulike
They're not fighting for privacy. They're fighting for the competitive
advantage of being able to say 'Our servers are in Europe and so subject to
European data protection laws instead of US ones'. That sort of thing matters
to a lot of european users, especially government ones. But so far, the US
govt is refusing to recognise that a server in Ireland is outside of their
jurisdiction.

tldr: They're doing this for business reasons.

~~~
Aoyagi
I'd say marketing reasons, but yeah, that's what I meant as well.

------
pluma
As a German I'm slightly confused by the use of the word "Stadtpolizei". Other
than being kinda longish and looking German, the meaning seems to vary by
context and I'm not sure it is being used as a correct analogy here.

Stadtpolizei in most parts[0] of Germany seems to be mostly synonymous with
the Ordnungsamt (in either case, it's a communal agency, it's not standardized
on a federal level) and thus concerned with Ordnungswidrigkeiten, i.e. various
misdemeanors and traffic violations.

The case over which the warrant against Microsoft was issued seems to involve
charges of drug trafficking and money laundry. As far as I know, this would
involve the Kriminalpolizei.

I realize that using German words verbatim can spice up dry articles like
this, but this article doesn't really benefit from it and the author seems to
be confused about what they actually mean.

[0]: In Frankfurt in particular, the Stadtpolizei is merely part of the
Ordnungsamt. Here's the (German) website describing Frankfurt's Stadtpolizei:
[https://www.frankfurt.de/sixcms/detail.php?id=2943&_ffmpar%5...](https://www.frankfurt.de/sixcms/detail.php?id=2943&_ffmpar%5B_id_inhalt%5D=102251)
\-- obviously drug trafficking and money laundry are outside their scope, but
I even doubt that the "press leak" in the example would be within their scope.

~~~
fiatmoney
It's probably a botched allusion to the Geheime Staatspolizei.

------
icantthinkofone
On the one hand, Microsoft hands over other people's mail to the NSA but, when
asked to hand over their own mail, they fight for the rights of free people
everywhere.

Hiding your mail overseas does not change the anything and I don't see how
Microsoft has a case.

~~~
kevingadd
'Now he is spearheading Microsoft’s fight against US government demands for
access to emails from a Microsoft customer which are currently sitting on a
server in Dublin, Ireland, as part of a narcotics investigation. Earlier this
year, a US court ruled that Microsoft should hand the data over. Microsoft
declined to comply, voluntarily entering into contempt.'

If you're not gonna read the article, maybe don't post about how terrible they
are? Refusing to hand over other people's mail is exactly what they're doing
here.

~~~
jongalloway2
Because
[https://hn.algolia.com/?q=Microsoft#!/comment/forever/prefix...](https://hn.algolia.com/?q=Microsoft#!/comment/forever/prefix/0/Microsoft%20icanthinkofone)

------
appleflaxen
All they want is for people to be lulled into a trusting mentality, so that
they can continue to shovel our private information to the NSA. If they had
some sort of fundamental moral concern about these issues, their trigger would
have fired during the first round of collusion.

This is just the latest iteration of "reform" to paper over the fact that it's
the public against Washington + Wall Street.

