
Keeping secrecy the exception, not the rule - tbrownaw
http://blogs.microsoft.com/on-the-issues/2016/04/14/keeping-secrecy-exception-not-rule-issue-consumers-businesses/
======
matt_wulfeck
This is a great letter from Microsoft Nouveau and I applaud them for taking a
stand. It's on us as citizens to exercise our rights and bring about change
and reform.

I think we should also remember those that took a stand early and paid the
price, such as former Quest CEO Joseph Nacchio who was run under the bus for
not being an accomplice to the NSA [1].

1\. [https://www.rt.com/usa/qwest-ceo-nsa-
jail-604/](https://www.rt.com/usa/qwest-ceo-nsa-jail-604/)

~~~
PhantomGremlin
_Joseph Nacchio who was run under the bus_

Yeah, a link to one of Putin's propaganda sites. Stuff like that happens in
Russia, but the following doesn't often happen here:

\- Co-opt the SEC into bringing charges of financial fraud[1]

\- convince a federal judge to go along with that, and convict him

\- convince a majority of a US Appeals court to go along with that

Or, alternatively, and probably closer to the truth: _Mr. Nacchio was
convicted in 2007 on 19 counts of insider trading for illegally selling $52
million worth of stock six years earlier, after insiders warned him that Qwest
could not meet its targets._ [2]

Edit: even better than that was Nacchio's excuse. It's one for the ages:
_Nacchio claimed that he was not in a rightful state of mind when he sold his
shares because of problems with his son, and the imminent announcement of a
number of government contracts._ [1]

[1]
[https://en.wikipedia.org/wiki/Joseph_Nacchio#Insider_trading...](https://en.wikipedia.org/wiki/Joseph_Nacchio#Insider_trading.2C_fraud)
[2]
[http://www.nytimes.com/2009/02/26/business/26qwest.html](http://www.nytimes.com/2009/02/26/business/26qwest.html)

~~~
peteretep
Any argument relying on RT is suspicious; if you can't find an anti-government
piece anywhere but there, it probably didn't happen.

~~~
askyourmother
All news sites carry a bias - all of them. Often main stream media in the home
country wants/has to tow the line and omit details or not carry stories that
might upset local authority.

So, to say a story is bunk because it appears in RT as a source demonstrates a
wilful ignorance, or incredible naiveté.

I trust/distrust all media sources in equal measure, but the fun thing is that
by reading a lot of them at the same time across the globe, you can more
easily see the biases, and get to the root of the stories.

~~~
hamstergene

        All news sites carry a bias - all of them.
    

A little off-topic, is there a name for this kind of rhetoric? I've seen it
used a lot, for example:

\- When pointed to government corruption they would reply "all the other
governments have corruption too", implying there's no difference.

\- When asked about low level of life, they would reply something like "15% of
your own people are living below the poverty line", implying nothing out of
normal is going on.

It's like, one guy has his boot covered in shit and the second is covered in
it fully, the first says "you have problem of being in shit" and the second
responds "you have that problem too ( _pointing to his boot_ ) so it's ok".

This argument basically implies something like "we must not discriminate on
the grounds of this problem because it is normal for everyone to have it",
avoiding the possibly disadvantageous discussion of what is level of the
problem and whether this _level_ is normal.

~~~
pionar
It's called "Tu quoque"[0]

[0][https://en.wikipedia.org/wiki/Tu_quoque](https://en.wikipedia.org/wiki/Tu_quoque)

------
drtillberg
If the government can require Microsoft to break the contractual and fiduciary
commitments to customers to protect data and report on what happens to it, can
the government also require individual employees to break their commitments to
their employers? Agents show up at data warehouse on 1000 Main Street, tell
the employees they are prohibited from contacting their bosses, ever. What is
the limiting principle, where does it end?

~~~
newjersey
It is unclear whether such an order can prevent someone from quitting their
job on the spot.

Any real, public court of law would hopefully release someone of such orders
once they are no longer in a position to obey it.

------
gozur88
The right way to deal with this is to set up your system such that you _can
't_ turn over customer data because it's encrypted with a key to which only
the customer access.

~~~
rodgerd
And then you get legislation requiring backdoors.

People need to get their head around the back that this is a political problem
and requires political solutions.

~~~
jfoutz
Why host in the US?

~~~
esbranson
Better the devil you know than the devil you don't. The US laws in practice
get a lot of exposure and a lot of scrutiny worldwide.

~~~
gozur88
I wonder how true that is. There seems to be a whole lot of people in recent
years who've been ordered, by a judge, not to talk about something a three
letter agency is doing.

In theory that judge is supposed to make sure the law is being followed. My
impression, though, is that some judges have a much more expansive view of
government power than I think is warranted.

------
ComodoHacker
I have a growing impression that big tech players have developed a cooperative
strategy and coordinate their moves to protect users' data in the cloud. And
that movement has no altruistic or politic roots but strong economic ones.
They just HAVE to ward off any needle threatening to stick the cloud bubble
they made huge bets on.

And this is good for the public.

~~~
tim333
I haven't seen any significant trend of people stopping using cloud services
because they are worried about the NSA. I doubt they have to do this stuff.
Maybe fighting the government might move useage a few percent. Can't see it
being a game changer really.

~~~
m_fayer
As a contractor working in Germany, I have encountered many small and medium
businesses that are leery of American cloud providers for data security
reasons, sometimes unreasonably so. They would like to use the clouds but
can't bring themselves to do so. It's a little breathtaking to watch Amazon
Google or Microsoft pass up significant revenue in real time because of us
policy.

------
Zelmor
Nice PR spin, but I do not believe their lies. They are just riding the Apple-
PR-train, and people are eating it up wholesale. The whole of win10 is open to
machinations and spying on you. You even sign your privacy away in their eula.

Do not believe their lies. Microsoft is a harmful entity.

~~~
cm2187
I would tend to think this is more to defend their cloud service, which they
see now as a core business. If you are even a small supplier of airbus, after
the Snowden revelations, you would be very brave to save any file in a
Microsoft/Google/Amazon controlled server. These intrusions are an existential
threat for these companies.

~~~
wuschel
Could you elaborate, with some examples? I am aware of the risks involved in
using US cloud services, as every data on the cloud is exposed to hostile
access to some point. Basically, keep your mission critical files of the
internet.

I just would like to have some sources / explanations to your statement.

~~~
HappyTypist
NSA shared Airbus's R&D designs, technical specifications, etc with Boeing.

------
cjslep
As someone far removed from practicing law, what are the ramifications if
Microsoft fails? Would nothing change? Would others be barred from ever suing
the U.S. Government for the same reason?

~~~
matt_wulfeck
There's no lawsuits yet. This is the continuation of a PR battle.

If something does go to court the government will probably just stop doing it
and try something else (the government loses in this sense but only very
narrowly).

A lot of these "tools" won't stand up to scrutiny by the Supreme Court because
they are so broadly applied, and then the game would stop. Easier just to lose
dmall battles but to keep the game going.

~~~
e12e
Are you saying the first paragraph is a lie? Or is there something else I'm
missing?

"This morning we _filed a new lawsuit in federal court against the United
States government_ to stand up for what we believe are our customers’
constitutional and fundamental rights – rights that help protect privacy and
promote free expression." (my emphasis)

~~~
adventured
Microsoft did in fact file a lawsuit. That's precisely why it made the news
pretty much everywhere.

"The lawsuit, filed on Thursday in federal court in Seattle, argues that the
government is violating the U.S. Constitution by preventing Microsoft from
notifying thousands of customers about government requests for their emails
and other documents."

[http://www.reuters.com/article/us-microsoft-privacy-
idUSKCN0...](http://www.reuters.com/article/us-microsoft-privacy-
idUSKCN0XB22U)

------
e12e
It just occurred to me, reading: "To be clear, we appreciate that there are
times when secrecy around a government warrant is needed. This is the case,
for example, when disclosure of the government’s warrant would (...) allow
people to destroy evidence and thwart an investigation.", that we shouldn't be
too broad in denying the ability to destroy evidence or thwart investigations.

Consider charges of conspiracy, or of access to classified material. If the
suspect destroys the evidence, _and commits /have not already committed any
other crimes_ \-- should we really use the resources to investigate and
prosecute such thought crimes?

We risk loosing sight of the fact that punishment is not a goal, it's a means
to an end. Hopefully that end is a free and safe society.

~~~
TheLogothete
A conspiracy to commit crime is not a thought crime, it's an actual crime.

edit: where thought = imaginary

~~~
Karunamon
Which is utter crap, since no action has actually taken place and nobody has
actually been harmed.

I've long held that "conspiracy to X" charges were just a way for the
government to throw the book at someone they otherwise wouldn't be able to.

~~~
coke12
If I make a plan to murder a person, the police shouldn't have to wait until
after the murder to arrest me.

~~~
Karunamon
"Making a plan" is not something that can be objectively defined and so has a
chilling effect on free speech.

~~~
studentrob
A common situation, as I understand it from movies and TV, is in cases of
domestic violence.

A woman breaks up with her abusive husband and he threatens to kill her.
There's some record of him saying this. Should society do nothing to protect
her? Men are known to be physically stronger. What kind of society would we be
if we did not provide her some protection by putting space between her and the
husband? Presumably courts would decide if it's necessary to jail him or just
use a restraining order. And ultimately his punishment wouldn't be the same as
if he actually committed the murder.

This becomes a real problem in the case of a repeat offender. The offender
realizes he can deliver some "light" abuse and threats. Officials try to lock
him up, but he only stays behind bars for so long, and unless the wife agrees
to press charges and testify, there is little law enforcement can do. The wife
is often terrified and won't testify.

It is situations like these that authoritarian regimes like China and North
Korea will point to to suggest that democracy is nuts. Under their authority,
they could easily jail or kill such an individual.

In real life, there is a balance struck between laws and rights in the
interest of furthering a trustful society. Different cultures draw the line in
different places. I'm not familiar with what countries do not have laws
against threatening someone's life but you could try to find one and see if
you might like to live there. My guess is there aren't many and the bigger a
country gets, the more likely they have this kind of law.

------
r3bl
So, a company that has added telemetry services to 90% of the desktop devices
that are impossible to turn off completely (unless you block their entire IP
range) is suing someone for not respecting user's privacy? What a joke.

~~~
shkkmo
Microsoft's ability to convince it's customer to trust Microsoft with their
data is enhanced by protecting that data from third parties (such as the US
government).

------
conradev
I'm glad that Microsoft is speaking up, especially given their past history:

[http://www.theguardian.com/world/2013/jul/11/microsoft-
nsa-c...](http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-
collaboration-user-data)

------
mikx007
Can the government force a private business entity to lie to their customer?
If not, then why can't Microsoft just setup some sort of service/status report
that basically outputs "no" if and only if the government did not access data
and "unknown" otherwise.

~~~
joncrocks
This sounds very similar to a warrant canary -
[https://en.wikipedia.org/wiki/Warrant_canary](https://en.wikipedia.org/wiki/Warrant_canary)

------
nxzero
Beside Moxie, is anyone else having success expanding the use of encryption?

~~~
cpeterso
Let's Encrypt has issued 1.7 million free certificates for more than 3.8
million websites over the past six months. Let's Encrypt also enables
companies like WordPress and DreamHost to offer free, easy HTTPS to their
customers.

[https://letsencrypt.org/2016/04/12/leaving-beta-new-
sponsors...](https://letsencrypt.org/2016/04/12/leaving-beta-new-
sponsors.html)

~~~
e12e
But if Letsencrypt were served with an NSL demanding access to their signing
keys, how would we know?

~~~
zrm
That isn't what it's for. You can assume the government (really any
government) has control over at least one CA.

What Let's Encrypt does against state-level actors is let people easily use
HTTPS instead of HTTP without subjecting their users to self-signed
certificate warnings.

A government could still MITM the connection but that requires an active
attack rather than passive surveillance. And active attacks are subject to
detection. So it protects against undetectable mass surveillance.

------
iammyIP
They force push windows 10 on all fronts with all its telemetric inbuilt
leakage and also i suppose some nsa backdoors and after that they write some
PR paper like this, put on a cardboard Ubuntu mask and throw around some open
source confetti.

~~~
clebio
This -- or this topic -- should be the top-level thread. I refuse to use
Windows 10, and am not sure what to do going forward for software that I use
which only runs on Windows.

~~~
DenisM
Go ahead and submit it as a story. If anyone cares, it will be up-voted the
front page.

As to windows-only software, make a Windows VM on a Mac and fence it off with
a firewall.

~~~
iammyIP
Just face it - 'it's a trap'!

------
StephenConnell
Good for them. Sounds well thought out.

~~~
tim333
Glad to see someone being positive if 95% of the way down the comments. I
agree with Microsoft that saying you can never say what the government it up
to is a violation of free speech and only justified in extreme cases.

------
joeyrobert
> Over the past 18 months, the U.S. government has required that we maintain
> secrecy regarding 2,576 legal demands, effectively silencing Microsoft from
> speaking to customers about warrants or other legal process seeking their
> data.

So should Outlook.com be considered insecure if the US government can access
it at any time without you knowing? Microsoft should be able to inform you
whether or not your information has been leaked. I hope Microsoft wins.

~~~
duaneb
Email should not be considered secure from governments, period, unless you run
your own encryption (PGP).

------
tehwebguy
> To be clear, we appreciate that there are times when secrecy around a
> government warrant is needed. This is the case, for example, when disclosure
> of the government’s warrant would create a real risk of harm to another
> individual or when disclosure would allow people to destroy evidence and
> thwart an investigation.

So, like, every criminal investigation of a person who uses email?

~~~
victorNicollet
I'm pretty sure that _finished_ criminal investigations do not require secrecy
except in very narrow cases of witness protection.

------
hollander
The only reason for the abuse of secrecy, is to keep the abuse secret.

------
nartz
Go microsoft!

------
EdSharkey
TELEMETRY

------
CiPHPerCoder
On one hand, I commend Microsoft for doing this.

On the other, I wonder if they would if Apple hadn't already stood up to the
government?

~~~
joelrunyon
Does it matter? IMO if the companies get into a competitive war over privacy,
that's a good thing for the consumer.

~~~
CiPHPerCoder
I fully agree here. I'm just wondering, if Apple hadn't done that, where would
we be today?

Edward Snowden says, "Courage is contagious." I'm just wondering if this is an
example of that, or if they would have done this regardless.

------
xerxes777
It's funny because Apple, Google and Microsoft are all public companies and
government owns most of their shares. It's not even Apple-PR-train.

~~~
tim333
>government owns most of their shares

I think you'll find that's not the case.

------
golfer
Secrecy is great for Microsoft when it's in the form of extorting Android OEMs
with bogus patents for billions of dollars a year. Or copying Google's search
results. But not when complying with government data requests. Got it.

~~~
desbest
lol

------
braderhart
Does anyone else find it ironic that this is coming from Microsoft, yet they
can't even open source a freaking web browser? Really?

~~~
joshka
Can you explain why they'd need to given the quantity of existing open source
browsers already out there?

~~~
braderhart
Because it's a web browser. What kind of proprietary trade secrets are they
afraid of when every other browser is open, especially when they are touting
the important of encryption and user security? More like they don't want users
to know how much information they are actually collecting.

