

Microsoft Leaks Reveal Depth of NSA's Ties with Silicon Valley - wyclif
http://blog.foreignpolicy.com/posts/2013/07/11/microsoft_nsa_edward_snowden_encrypted_messages

======
astrodust
FP has an annoying registration required feature.

~~~
ggchappell
True. But Readable or Readability makes it go away.

------
gshubert17
Judging by the latest revelations made by Edward Snowden, the National
Security Agency has Microsoft firmly in its pocket.

According to an explosive Guardian report on Thursday, the NSA was granted
access to Microsoft's new free email service, Outlook.com, prior to its
rollout so that the agency could circumvent the service's encryption protocol
and intercept chats on the web portal. Moreover, Microsoft allegedly worked
hand-in-glove with the agency to give the NSA the ability to intercept video
calls made via Skype.

Skype's reputation as a fervent protector of privacy rights has been dying a
slow death in recent years, and Thursday's report may have been its last gasp.
It was only five years ago that Skype claimed it did not have the ability to
intercept calls. "Because of Skype's peer-to-peer architecture and encryption
techniques, Skype would not be able to comply with [a wiretap request]," a
company spokesperson told CNET in 2008.

But since being purchased by Microsoft in 2011, the company has reportedly
been quietly re-engineering its network infrastructure -- all the while making
oblique denials that it has been doing so -- in order to facilitate just such
activity. Thursday's report appears to confirm what many observers have
suspected all along.

These latest revelations also add greater detail about the operations of the
NSA's PRISM program, a collection system that allows the agency to gather the
content of Internet communications from its corporate partners. According to
the report, the system is, for example, able to circumvent Outlook.com and
Hotmail's encryption systems by gaining access to communications at a stage
before they are encrypted.

While Thursday's report does little to settle the debate over the extent to
which PRISM gives the government access to technology companies' servers, it
does portray the NSA and FBI, which serves as the former's liaison with
Silicon Valley on PRISM, as intimately aware of Microsoft's operations.
According to the Guardian, the NSA became concerned that it would be unable to
intercept encrypted chats as soon as Microsoft began testing the service,
which is part of its free email client, Outlook.com. Those concerns were
resolved through the creation of a system that allowed the agency to
circumvent chat encryption. The report also details how the FBI worked to give
PRISM access to SkyDrive, Microsoft's free cloud storage client.

Despite the NSA's concerns over Microsoft's encryption practices, a
significant portion of email traffic on the web is never encrypted to begin
with -- and the small portion that is uses fairly weak encryption methods. As
CNET noted in June, "Google is alone in using strong encryption, known as
SMTP-TLS, to fully armor e-mail connections for its users, as long as the
other company's server is willing to encrypt as well." By using weak
encryption methods, many Internet companies effectively leave the door wide
open for the NSA to snoop on their customers' emails.

While Thursday's report does not deal with Microsoft's business tools -- its
Outlook business email client and cloud computing services, for example -- the
close ties between the company and the NSA raise questions about whether these
products fall within the scope of the relationship as well. The report also
comes on the heels of revelations earlier this week that the agency had
targeted some "commercial secrets" in its spying activities in Latin America
-- the most significant indication yet that the NSA isn't just sweeping up
national security information.

If it is revealed that the NSA is able to target businesses in the same way
that it targets individuals, the pushback against the agency's spying
activities could swell. The revelation that kicked off the Edward Snowden saga
involved telephone records from Verizon's business unit, but since then the
revelations have largely focused on the NSA's activities against individuals
and other governments.

By all accounts, the technology firms implicated in this program have little
choice but to comply with the NSA's requests. In a statement in which
Microsoft is all too clearly frustrated at its inability to disclose more
information about its participation, the company said that "we take our
commitments to our customers and to compliance with applicable law very
seriously, so we provide customer data only in response to legal processes."

"There are aspects of this debate that we wish we were able to discuss more
freely," the statement continued. "That's why we've argued for additional
transparency that would help everyone understand and debate these important
issues."

