
How Microsoft handed the NSA access to encrypted messages - shakes
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
======
pvnick
Microsoft's June 7th statement:

"We provide customer data only when we receive a legally binding order or
subpoena to do so, and never on a voluntary basis. In addition we only ever
comply with orders for requests about specific accounts or identifiers. If the
government has a broader voluntary national security program to gather
customer data we don’t participate in it."

One down, several to go. If I were Google/Facebook/Yahoo executives I would be
_very_ worried right now as to what soon-to-be-released revelations say about
their NSA cooperation. Sure, they may have only done that which was compelled
by FISC order, but that won't preclude them from being perceived as culpable.

~~~
devindotcom
The interesting conflict to me is that Google et al don't appear to be
fighting this battle. When it comes to other things, they are in the streets,
funding lobbyists, building protest websites, and so on. But this, which
threatens their entire business model (essentially trust-based), they haven't
made a peep about.

It may just be a gag order thing, sure. But with the level of access required
for stuff like this, I don't think they could shut the whole team up. How many
people worked on this Microsoft back door? It can't have been less than a
couple dozen at least. And none of them raised the issue or let someone know,
a journalist for instance, or publicly raised the question?

It makes me wonder about the true extent of the programs we're freaking out
about. I mean, of course they exist and they're big and threatening, but I
don't buy that they could combine complete access with complete secrecy. They
need the cooperation of the companies, and the companies, by NSA standards,
just aren't trustworthy enough. In fact, they're full of wild cards like
Snowden, denizens of newsgroups, IRC, 4chan, etc, who would LOVE to be the one
to blow up an NSA attempt to write a back door into Skype.

Maybe they did, and it all faded away. But it just seems strange to me that so
little has been said about the elephant that must surely have been in
everyone's room for the last few years.

~~~
znowi
The peculiar part for me with Google is that they seem to be somehow _immune_
from all the revelations. People keep stand by it and get annoyed when
reminded of their wrong-doings. I suspect at this point, they're not much
different than Microsoft. But the "don't be evil" brand is still strong in the
mind of many.

~~~
nikster
What surprises me is that for example Apple and Google don't simply ignore the
gag orders, and just release what and how much they have handed over.

Google/Apple are not going to get shut down over this. They can afford
lawsuits and penalties. So why not take a stand? Are they really that timid?
Or is what they would reveal actually so grim they just sit by and hope
they're somehow going to escape this?

This is the time to put cost/benefit analysis aside and take a stand. Show the
world what kind of company you are. So far, its all whimps and pushovers.

~~~
DanBC
It's easy to suggest that someone else should go to prison.

------
mtgx
I don't get Microsoft. Are they really that hypocritical to the _core_ and so
shameless? Why in the _world_ would they launch a "privacy" campaign against
Google when they're in a _glass house_ themselves, and so vulnerable? Why the
hell would they even put themselves on the spotlight like that?

Or are they really that comfortable with lying, that they have no problem
attacking others over something, even though they are just as bad, or _worse_
(as this revelation seems to imply) Giving pre-encryption access to NSA?
Really Microsoft?

To make things worse, they've just put the guy who came up with that Scroogle
crap in charge of their whole marketing department, so expect a lot more
hypocritical/nasty stuff like that from Microsoft in the future:

[http://www.businessinsider.com/mark-penn-microsofts-
master-o...](http://www.businessinsider.com/mark-penn-microsofts-master-of-
dark-political-arts-gets-a-boost-in-the-companys-new-reorg-2013-7)

~~~
mythz
Microsoft often "competes" by trying to strangle competitors revenue streams
even when outside their core business, where they are happy to lose billions
on Bing and their online division if it also reduces Googles primary revenue
stream: [http://www.zdnet.com/blog/btl/microsofts-online-
sinkhole-8-5...](http://www.zdnet.com/blog/btl/microsofts-online-
sinkhole-8-5-billion-lost-in-9-years/52989)

Since Google's products are essentially "free" to end users, they don't
criticize them on value, so they build an anti-Google campaign against how
Google makes money, i.e. their strategy of targeted advertising.

~~~
chollida1
> Microsoft often "competes" by trying to strangle competitors revenue streams
> even when it's outside their core business, where they will happily lose
> billions on Bing and their online division if it can reduce Googles
> revenues:

This is true as you point out. However it's worth pointing out that Google is
the exact same.

They release free products that Microsoft charges for loosing money to reduce
Microsoft's primary revenue stream.

~~~
mythz
Except Google's "free services" helps their strategy of keeping users on
Google's services, enriches their Google profile and helps create targeted
ads.

~~~
chollida1
> Except Google's "free services" helps their strategy of keeping users on
> Google's services, enriches their Google profile and helps create targeted
> ads.

I get your point but the same sentence can easily apply to Microsoft.
Microsoft wants to do the same thing:)

~~~
mythz
They wouldn't be spearheading an anti-Google campaign against their strategy
if they also wanted to do the same thing.

------
mythz
Marketing: "Your privacy is our priority."

Meaning:

"Microsoft and the FBI had come up with a solution that allowed the NSA to
circumvent encryption on Outlook.com chats"

"For Prism collection against Hotmail, Live, and Outlook.com emails will be
unaffected because Prism collects this data prior to encryption."

"analysts will no longer have to make a special request to SSO", "this new
capability will result in a much more complete and timely collection
response". "This success is the result of the FBI working for many months with
Microsoft to get this tasking and collection solution established."

"One document boasts that Prism monitoring of Skype video production has
roughly tripled since a new capability was added on 14 July 2012. "The audio
portions of these sessions have been processed correctly all along, but
without the accompanying video. Now, analysts will have the complete
'picture',"

~~~
kvb
Well, did you expect "privacy" to imply that your data would not be released
to the government following legal requests for it? I always assumed it meant
that they wouldn't share it with other businesses, but maybe that's just me.

Analogously, if one of the major phone providers started selling information
to marketers, including what times of day I made phone calls, would it be
inappropriate for a competitor to create a marketing campaign around "privacy"
highlighting that they don't do similar things? Would you complain that since
the government can still get a wiretap and listen to private conversations,
there really isn't a meaningful privacy difference?

~~~
bigiain
That implication is exactly what Colin provides with my tarsnap backups. He
(or Amazon) can respond to legal requests with my strongly encrypted data, and
Neither Colin/tarsnap nor Amazon can provide them with my private keys.

You can design your systems this way. It appears you're allowed under US law.
It seems there's companies jumping through hoops on behalf of the NSA and/or
FBI to build systems that _dont_ provide that guarantee.

Note that Colin _could_ conspire with / be compelled by the NSA to attempt to
convince me to "upgrade" my local tarsnap code with a backdoored version - and
I'm OK with that, if the NSA is looking for me specifically, I fully expect
them to find out _everything_ - that's their job and I expect them to be
world-class at it. What I _dont_ accept, is that they have any "right" to
record and archive permanently anything I ever do online "just in case". And I
can and am taking steps to make that harder for them, and I'm noticing which
companies are apparently working agains my wishes. I'm curious to know if
Dropbox are noticing an drop in de-dup rates lately? My Dropbox storage is now
all encfs encrypted - including the folders full of grabbed funny-cat-pics and
Internet meme images. My versions are no longer the same as the other several
million of them stored on Dropbox. Same for my SkyDrive/GDrive/Jotta accounts.

~~~
grey-area
_Note that Colin _could_ conspire with / be compelled by the NSA to attempt to
convince me to "upgrade" my local tarsnap code with a backdoored version_

Far more likely is that they'd oblige him to upgrade everyone's tarsnap with a
backdoored version, just in case.

~~~
jiggy2011
Can they do that? I assume there is a difference in law between the somewhat
passive act of giving access to information already stored and forcing
somebody to actively perform some action.

For example if you have private CCTV on your premises, a court can demand
access to whatever footage they have captured but I don't think that they can
force you to install hidden cameras on your property.

Isn't stuff like that usually done as part of a bargain, like having somebody
wear a wire in exchange for not going to jail.

~~~
grey-area
They persuaded a lot of big companies to collaborate actively (i.e. Microsoft,
Blackberry etc subverting crypto). Personally I don't see it as legal or
ethical, and would resist it, but a large government can bring a lot of
pressure to bear. So if tarsnap got big enough to be a problem, then perhaps
we'd find out.

------
brown9-2
To play devil's advocate here, what else would people have Microsoft do? Is
there a scenario in which they can successfully resist enabling surveillance
features in their products while operating in the US?

CALEA applies to telecommunications providers, which is a label that would
seem to clearly apply to Skype.
[http://en.wikipedia.org/wiki/Calea](http://en.wikipedia.org/wiki/Calea)

Are major companies based or operating in the US allowed to provide secure
email and/or data storage _without_ options for lawful surveillance from law
enforcement?

If people do not like these policies and the cooperation from the companies
operating them, I think the proper place to direct your anger is at the laws
that require them to cooperate.

~~~
forgotAgain
_To play devil 's advocate here, what else would people have Microsoft do? Is
there a scenario in which they can successfully resist enabling surveillance
features in their products while operating in the US?_

Do you think the government would jail someone of Steve Ballmer's stature if
he talked openly about what the government has asked of Microsoft. Because of
his position he is much more protected from criminal action than almost anyone
else. The reason he doesn't reject government requests is more likely that it
would be bad for business not that he would suffer legal consequences.

 _... I think the proper place to direct your anger is at the laws that
require them to cooperate._

I see the law as _allowing_ them to cooperate. It gives them cover for not
protecting the privacy of individual citizens.

~~~
ahlatimer
_Do you think the government would jail someone of Steve Ballmer 's stature if
he talked openly about what the government has asked of Microsoft._

Absolutely, but even if they didn't, if you were Steve Ballmer, would you take
that risk? They certainly _could_ prosecute you for leaking secret
information.

That's even assuming that Ballmer knew about it. It could have been that they
approached people who were in some position of power on the particular
products they were interested in and served them with the order. Some random
middle manager at Microsoft certainly has considerably less political pull
than Ballmer and would likely go to jail if he/she came out about this, but
could still be in the position to direct their team to build whatever features
the government demanded.

 _I see the law as allowing them to cooperate. It gives them cover for not
protecting the privacy of individual citizens._

If it came via a court order, it's definitely a demand. This isn't a marketing
gimmick -- if you're served a lawful court order, you either obey it or risk
the consequences, up to and including time in jail.

~~~
forgotAgain
_if you were Steve Ballmer, would you take that risk?_

They don't seem to mind taking risks when it comes to questionable tax
deductions.

 _They certainly could prosecute you for_

But they wouldn't. The type of activity the government is engaged in only
works when people are passive.

 _if you 're served a lawful court order, you either obey it or risk the
consequences, up to and including time in jail._

When was the last time anyone of stature went to jail for defending the public
against the government?

~~~
grey-area
The former chairman of Quest started a six year sentence in 2009 for defying
the NSA.

[https://en.wikipedia.org/wiki/Joseph_Nacchio](https://en.wikipedia.org/wiki/Joseph_Nacchio)

They don't even have to prosecute you for not obeying a secret order, they can
easily use some other law to put you away, especially given they have legal
access to any communication about, from and to you. I choose to believe him
rather than the NSA on the reasons for that prosecution.

I imagine that case had a sobering effect on anyone high up in these companies
who was inclined to stand up to the NSA.

------
losvedir
I must be in the minority here, but I'm no more concerned now than before
reading this, and I'm still not super concerned if it works the way I think it
does. It doesn't answer the main question of HOW MANY USERS are being watched
like this.

We already knew from Prism that Microsoft is providing data to the NSA, and we
already knew that it included real time video, emails, messages, etc. So this
is more of a behind-the-scenes of how it's done, but if you stopped to
consider before what Prism meant then it sort of implies everything here.

BUT, I still don't know whether this tapping of Skype calls, providing of
decrypted messages, etc, applies only to a few specific people who the
government has warrants for, or for all of Microsoft's users. I still think
it's the former based on that Prism slide that said it cost $10M/yr, which is
clearly not enough to handle ALL of Microsoft's and Google's and Apple's data.

If anything, I applaud Prism in that it's just a more efficient way of doing
what the NSA is already cleared to do.

I'm MORE concerned about the warrantless Verizon metadata tracking for
millions of subscribers, Clapper's lies before Congress about said data, the
DoJ classifying the FISC's rulings that something or other is
unconstitutional, the inability of companies to discuss NSLs.

But this release is just clarification on what we already knew, and we still
don't know whether PRISM is oh-my-god-the-government-is-tapped-into-everything
or just a convenient front-end on the government's warrant-obtained data
(which is a good thing, AFAICT).

~~~
ma2rten
_On April 5, according to this slide, there were 117,675 active surveillance
targets in PRISM 's counterterrorism database. The slide does not show how
many other Internet users, and among them how many Americans, have their
communications collected "incidentally" during surveillance of those targets._

[http://www.washingtonpost.com/wp-
srv/special/politics/prism-...](http://www.washingtonpost.com/wp-
srv/special/politics/prism-collection-documents/)

~~~
lern_too_spel
The slide itself says 117675 records, not active surveillance targets.

------
znowi
_Skype, which was bought by Microsoft in October 2011, worked with
intelligence agencies last year to allow Prism to collect video of
conversations as well as audio_

This is pretty scary. When you talk about emails, it's sort of "impersonal".
But collecting audio and video data from your casual chats on Skype is a
fucking break in.

~~~
Asparagirl
Think how many private business meetings have been conducted over Skype.
Anything from board meetings, sensitive HR issues, acquisition or takeover
discussions, to new product roadmaps.

Now think about all that corporate espionage material being in the hands of
the government.

Think about how much private sexual activity between physically separated
partners is conducted over Skype. Anything from a lonely grunt serving in the
military trying to get a little private time with his wife back at home, to
outright video sex between a prostitute or camgirl (or camboy) with a john (or
jane).

Now think about all that blackmail material being in the hands of the
government.

------
ratscabies
I'm sure the NSA can hardly wait for XBone's to start showing up in people's
houses. "The telescreen recieved and transmitted simultaneously. Any sound
Winston made, above the level of a very low whisper, would be picked up by it;
moreover, so long as he remained within the field of vision which the metal
plaque commanded, he could be seen as well as heard. There was of course no
way of knowing whether you were being watched at any given moment. How often,
or on what system, the Thought Police plugged in on any individual wire was
guesswork. It was even conceivable that they watched everybody all the time.
But at any rate they could plug in your wire whenever the wanted to. You had
to live- did live, from habit that became instinct- in the assumption that
every sound you made was overheard, and, except in darkness, every movement
scrutinized." -1984, Book 1, Chapter One, George Orwell

------
redthrowaway
>In a joint statement, Shawn Turner, spokesman for the director of National
Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

>The articles describe court-ordered surveillance – and a US company's efforts
to comply with these legally mandated requirements. The US operates its
programs under a strict oversight regime, with careful monitoring by the
courts, Congress and the Director of National Intelligence. Not all countries
have equivalent oversight requirements to protect civil liberties and privacy.

>They added: "In practice, US companies put energy, focus and commitment into
consistently protecting the privacy of their customers around the world, while
meeting their obligations under the laws of the US and other countries in
which they operate."

Does anyone else get the impression that this is an attempt by the government
to limit _commercial_ damage to these companies that may result from the
revelations and subsequent exodus of customers? I imagine that, while they're
certainly lobbying for increased transparency, tech companies are putting a
great deal of pressure on the government to take the blame for the programs
and emphasize that the companies had no choice.

------
acqq
Allow me to be surprised this time, I don't see much new here, compared to
what we already saw about Prism (all the slides). Maybe the only thing
newsworthy this time is that additional documents confirm that Prism exist?

I applaud this article of course, as it gives less chance for unnatural
interpretations of the slides that we saw by pro-status-quo writers ("it's not
really a direct access") -- now we have additional confirmations it's a "query
API" access and a "start real time monitoring" access.

Unrelated, I'm impressed with the absolutely perfect timing for an article on
the day when Microsoft presents the new reorg. Heh.

My question remains can anybody recognize something otherwise new here?

~~~
toyg
I think the confirmation that NSA and FBI have direct and unfettered access to
all communication streams, is pretty huge. As you say, all calm-down-dear
interpretations are now proven false. We _are_ facing the worst possible
scenario.

~~~
acqq
If you haven't seen the Binney video made in 2012 by the same author that made
the Snowden video, first note the date the video was published, then watch it.

Then try to identify the claims already public to those that watched the video
then which most of us first became aware of just now by following the story
about Snowden.

[http://www.nytimes.com/2012/08/23/opinion/the-national-
secur...](http://www.nytimes.com/2012/08/23/opinion/the-national-security-
agencys-domestic-spying-program.html)

For me it starts around 3:20. A lot of it was presented before Snowden but
almost nobody noticed.

~~~
nitrogen
_For me it starts around 3:20. A lot of it was presented before Snowden but
almost nobody noticed._

The "nobody noticed" part is key -- documents carry more weight than
statements made by whistleblowers. Whistleblowers can be discredited in the
public eye more easily than documents.

------
acqq
A perfect lesson on how to write "denials" that are accurate but aren't what
most of the public can understand:

[http://blogs.skype.com/2012/07/26/what-does-skypes-
architect...](http://blogs.skype.com/2012/07/26/what-does-skypes-architecture-
do/)

 _" It has been suggested that as a result of recent architecture changes
Skype now monitors and records audio and video calls of our users.

False.

The move to in-house hosting of “supernodes” does not provide for monitoring
or recording of calls. .."_

There are more paragraphs that follow, but they can honestly say they didn't
lie, since obviously they had the functionality to monitor and record the
calls even before they introduced the supernodes so it is false that they
introduced the supernodes for that, but it is not false that the Skype
conversations can and are monitored by authorities.

Note that it's by law the job of FBI to do such monitoring, when it's about US
citizens, and it's NSA's job for non-US citizens. Microsoft is definitely not
breaking any laws. So when they say that it's all lawful what they do it's
also true.

------
jlgaddis
On a related note, I don't know how many more documents there are that Snowden
provided to Greenwald or that will be released to the public but I certainly
hope that they keep coming for a looooong time.

------
sinak
The marketing language MS used in
[http://www.scroogled.com/](http://www.scroogled.com/) \- "YOUR PRIVACY IS OUR
PRIORITY" \- seems pretty amusing now.

~~~
anonymousDan
Someone needs to come up with a good rewording - "YOUR PRIVACY IS LOW
PRIORITY"?

~~~
bigiain
"(INVADING) YOUR PRIVACY IS OUR PRIORITY"

------
spoiler
U don't consider PRISM such a big deal, to be honest.

Yes, they _spy_ on innocent people, in an attempt to flush out (or whatever
the term is) the dangerous or potentially dangerous ones. However, I genuinely
doubt my privacy is very compromised, because I refuse to believe someone is
getting paid to sit and read through Facebook posts or messages about my
obsession with Supernatural (great TV show on CW), or read through "IF YOU
DONT SEND THIS TO 7 OTHER PEOPLE A PIANO FROM THE HEAVENS WILL CRUSH YOU INTO
THE PAVEMENT" emails my neighbour is forwarding.

Also, I have a friend who talks in acronyms most of the time (over Skype chat)
and I have a file called deectionary.txt (her name is Dee) with around 200
lines, I find it very amusing to think some analyst spent hours trying to
decode her message because it contained "bomb" in what looks like "mtwbi
bombing m/i shc play asg ol" which means (used near-real example) "my twat
brother is lagging my Internet so he can play a stupid game online". She has
no disability, she's just very "efficient," I guess!

Besides, I don't have anything to hide, so I don't really care. If I had some
top secret business I needed to attend and would care to keep secret from the
NSA or CIA, I would probably (as would many of you here, too I believe) make
my own thing to do the job, because I wouldn't take someone's word that they
give a rat's furry bottom about my privacy.

------
jivatmanx
"ACLU technology expert Chris Soghoian said the revelations would surprise
many Skype users. "In the past, Skype made affirmative promises to users about
their inability to perform wiretaps," he said. "It's hard to square
Microsoft's secret collaboration with the NSA with its high-profile efforts to
compete on privacy with Google."

I have a feeling the FTC won't go after them for violating truth-in-
advertising laws.

~~~
csoghoian
Having worked at the FTC for a year in the team that goes after companies for
violating consumers' privacy, I can comfortably say that you are 100% right on
that point.

The FTC (unfortunately) does not police deceptive statements about government
surveillance.

------
smegel
A well placed (Russian) friend told me recently that the KGB (and whatever
name it goes by now) still uses typewriters (yes, mechanical, ink based
thingos) for all internal documentation and correspondence, and that
electrical/digital devices are banned in most secure areas.

In other words, they realized decades ago that if you value your privacy, get
as far away as possible from a computer, especially one connected to the
internet.

------
forgotAgain
If this is true then SkyDrive and Azure are toast. Perhaps all cloud storage
as well.

~~~
diggan
No, I don't think you're right. I think, even if the article is right, people
don't give a damn. People are not that clever to react to a thing like this.

~~~
xradionut
"Against stupidity the gods themselves contend in vain."

------
grey-area
Microsoft: Your privacy is our Priority°.

This slogan now deserves to live on in infamy alongside other prominent
examples of doublespeak, like Plays for Sure•, and Don't be evil°.

What concerns me in these responses from Microsoft is the distortion of the
term lawful to include any request from the NSA. If you change the meaning of
words like lawful, domestic and intercept, you can of course make anything
legal in some sense, but distorting meanings like that is very dangerous, and
using secret interpretations of it really damages our confidence and trust in
the rule of law. That said I can't see any difference on this issue between MS
and any other US tech giants, apart from Twitter, who are to be commended for
staying out of this program. With the breaking of encryption on things like
outlook chats and delivery in real time, it appears we simply can't trust any
guarantees of privacy from these companies at all. Even if they did implement
client-side encryption, they'd still feel obliged to break it for the NSA (and
its many partners worldwide), so no offering from them is going to protect our
privacy.

This was interesting too from one of the documents:

 _" enables our partners to see which selectors the National Security Agency
has tasked to Prism...The FBI and CIA then can request a copy of Prism
collection of any selector"_

This indicates that any NSA PRISM search can be accessed by any one of these
agencies, so once it is in the system, this information will spread widely.
Given the guidelines on access of the NSA, that could include all foreign data
being automatically available to any FBI or CIA agent. I wonder if they have
any limits on access to 'foreign' data at all?

° As long as you're American, and not covered by a bulk court order by the
NSA, and not encrypting anything, and not communicating outside the US, and
don't have a 51% chance of communicating outside the US (what does that even
mean?).

• No longer

~~~
honzzz
>>> What concerns me in these responses from Microsoft is the distortion of
the term lawful

This seems really important to me. I grew up in a totalitarian regime and this
kind of re-defining common language was one of the most powerful tools the
regime could use to retain power and keep people in constant fear. For example
the crime of 'disruption of public order' could be used to put basically
anybody to jail because the term would be twisted to fit any behaviour that
the regime did not like - for example when you criticised some official or
communist party member or complained about something publicly.

Actually I believe that ability of the government or any other group of people
to redefine common language and inability of people to force government to use
their version of language means that the power distribution in society is
seriously skewed and therefore is a strong sign of failing democracy. It's
really scary to observe that in the US.

------
mtgx
I bet that Microsoft engineer who told us Skype was not re-built for spying is
feeling pretty silly right now.

I know his excuses seemed "reasonable" (if you're a smart liar, you don't try
to _blatantly_ bullshit someone on their face - you find a "good reason" to
hide it), but it was no less of a bullshit excuse as Microsoft's earlier
rejection of WebRTC (and they ended up supporting it anyway - guess they
didn't feel that strongly about that security claim to begin with).

This was the same way. Yes, it may have improved Skype's reliability a little
bit, but I honestly doubt that was the _main_ purpose for doing it. As we
learn in this revelation, they don't seem to have a problem with _adapting
their service_ to _suit NSA_.

------
jlgaddis
FTA: "Secret files show scale of Silicon Valley co-operation ..."

Since when is Redmond considered Silicon Valley?

~~~
Terretta
Mountain View is in SV. It's their second largest campus:

[http://www.microsoft.com/en-
us/news/features/2009/nov09/11-2...](http://www.microsoft.com/en-
us/news/features/2009/nov09/11-23SiliconValley.aspx)

But Microsoft Research might be more relevant:

"Located in Mountain View, California, Microsoft Research Silicon Valley was
founded in August 2001 and now employs about 75 researchers. Our research work
focuses on distributed computing and includes privacy, security, protocols,
fault-tolerance, large-scale systems, concurrency, computer architecture,
Internet search and services, and related theory."

[http://research.microsoft.com/en-
us/labs/siliconvalley/defau...](http://research.microsoft.com/en-
us/labs/siliconvalley/default.aspx)

------
dendory
The bigger deal here to me is the data sharing. Who cares if one agency isn't
allowed to spy on Americans? Or if another agency has this or that court
oversight? All the data collected is shared between the NSA, FBI, CIA, foreign
intelligence, etc. This means regardless of who you are or what you are doing,
there's someone who has the authority to spy on you, and now they have all
your data as well.

------
yulaow
I want to remember to all of you the campaing that microsoft was/is doing in
the last months -> [http://www.scroogled.com/](http://www.scroogled.com/)

motto: "YOUR PRIVACY IS OUR PRIORITY" Yeah, now it seems _a bit_ mh... ironic.
Not because i think that google is more privacy friendly, but surely microsoft
is not at all.

------
ig1
Key line: "When we upgrade or update products we aren't absolved from the need
to comply with existing or future lawful demands."

That sounds a lot like "we will introduce backdoors in MS updates".

------
altcognito
I'm going to purchase a subscription to the Guardian out of principal. I
invite you all to do the same. This is absolutely fantastic work they've done.

------
vermontdevil
All this on the day Microsoft announced their restructuring. They neglected to
mention a new division called "NSAlite"

------
im3w1l
If the revelations continue at this pace, we'll soon hear there are DMA
rootkits directly in our network cards.

------
nullc
Where are the documents? The text seems to be referring to something that
isn't showing up for me.

------
akadien
Was I the only person who thought "Did the NSA really need Microsoft's
assistance?"?

------
hype7
small but annoying thing in the article: microsoft≠silicon valley

------
antocv
Microsoft made more fuss and put up a better fight against FOSS than here, for
this, for its users, its core ideas and values nothing... oh right, money and
power is above all.

Or is it just so that all these companies, Google, Facebook, Microsoft, Apple
got something big in return for their cooperation with NSA?

Perhaps they will or got intel on their international competitors?

As so many people seem to be involved in this, at every company sysadmins,
managers, developers etc, perhaps many of them want to leak but dont know how,
they are close to the devil so to say and fear they cant really do anything
about it as they already know the extent of the surveillence?

------
loginalready
The headline is surprisingly understated, where usually the opposite is the
case.

After reading the article, the headline might as well have been _" Microsoft
handed the NSA the keys to friggin' everything."_

The tin-foil hat conspiracy theory of the NSA having a backdoor in every
Windows system on the planet suddenly doesn't seem that far fetched anymore.

