Hacker News new | past | comments | ask | show | jobs | submit login
Microsoft Allowed to Sue U.S. Government Over E-mail Surveillance (bloomberg.com)
348 points by pcs on Feb 11, 2017 | hide | past | web | favorite | 37 comments



Microsoft has an interesting stance here. As EU entities are major customers for both Windows and Azure, they're working quite hard to make sure to assure these parties that the US Government doesn't have undue influence over them.

They're adding secure links and solutions they cannot eavesdrop on to Azure, and getting pretty aggressive with pushing back against US surveillance.

The US benefits from EU privacy laws even without being there.


I agree with your analysis but what happens when China or a country like NK is the new economic powerhouse to please over EU ? Will US companies lobby the US the other way then ?

It's the Stallman argument again: don't defend privacy (free software) because it's convenient (hey, it's free and high tech enough), defend privacy because it's a principle that aligns with your ethics, not your economic interests.


I don't believe corporations can really have ethics in any meaningful way. For sure there are people who work there, often with a good amount of control, who may be ethical. On the whole, however, they report to boards or committees. In my opinion, it's much easier for a group of people to talk themselves out of acting ethically.

Having economic interests line up with corporate interests sounds as good as it gets, to me.


Companies often act ethical when the rules support this. If you tax pollution or other externalities then company's take them into account. And people generally prefer working with ethical companies which is a bonus. However when you don't tax pollution companies that act unethically have a huge advantage and win driving more unethical behavior.


I think the best you can do as a company is set up as a B Corp or something and try to build "do good" into the corp's reason for existing.

This is a stronger step than "don't be evil".


Protip: there is no wisdom of the crowd


I think the other way to look at it is this:

Doing good things for bad reasons is better than doing bad things for bad reasons, even if it's not as good as doing good things for good reasons.


>> Doing good things for bad reasons is better than doing bad things for bad reasons

The other comment mentions the problem with this stance. But it is worthwhile to point out that this is pretty much par for the course for Microsoft, seeing as they are suddenly embracing open source with a vengeance despite being the single biggest factor in its suppression for 15+ of the last 20 years.

I remember seeing someone commenting how they are impressed with the new Microsoft. To which I thought "Really? Did they actually have any other choice?"

To be sure, I will also add my view that I don't view any of the tech giants as having a moral high ground over MSFT in any way, shape or form.


> The other comment mentions the problem with this stance. But it is worthwhile to point out that this is pretty much par for the course for Microsoft, seeing as they are suddenly embracing open source with a vengeance despite being the single biggest factor in its suppression for 15+ of the last 20 years.

Not really? Open Source took off when the corporate world around Microsoft embraced it as a way to get more unbilled hours from employees and restructure how they do tech sharing with other companies to make it cheaper.

Microsoft has sued individual vendors for patent litigation, which is obviously bullshit but not something special for linux vendors (every vendor enters into this system and until said system is changed, a risk for it exists).

> I remember seeing someone commenting how they are impressed with the new Microsoft. To which I thought "Really? Did they actually have any other choice?"

_I'm_ impressed with Nadela and the engineers at Microsoft. I'm impressed that a corporate structure could shift this much. I used to work there in the bad old days and it was an incredibly demoralizing experience. Now, I look and talk to people who are happy and energized.

I also think Microsoft didn't have to approach things the way they did. They absolutely had an option to try and perform a hostile takeover/co-opting of the Linux ecosystem (the way that Oracle is doing via its Java IP).

Microsoft is what it is, for sure. It has a checkered past. But I think we should be encouraging when we see actors in the system do things like write non-enforcement pledges on patents, open source core technology with very permissive licenses so that their techniques and technology are dispersed throughout the ecosystem, and point out their product profile has never been stronger as a result.

We can do this while also remaining cautious and defensive, as we should with every major corporate vendor.


"Better" isn't enough, in the future the same bad reasons will have bad results.


> Doing good things for bad reasons is better than doing bad things for bad reasons

To use ancient metaphor, doing good things for bad reasons is like building a house on the sand: fine for a while.

"And the rain descended, and the floods came, and the winds blew, and beat upon that house; and it fell: and great was the fall of it."


Yeah, by definition capitalism is amoral. Their obligated to increase shareholder value and that's it. If telling the US Intelligence apparatus to fuck off serves that purpose, then it's a course of action Microsoft must take.

"Doing the right thing" is not what Microsoft cares about on a macro level. It just so happens that in this instance its actions align with the interests of most people.


It's multiple levels of indirection here, but the interests of most people are supposed to be reflected in law and governance in a democracy. It's arguable that the interest of most EU citizens at least are reflected in Microsoft's actions here.


"interests of most people"(eg. shareholders) is not necessarily the same as"increase shareholder value", which is their legal mandate under corporate law. In this case, I have no doubt, and admittedly no proof, that this is posturing to salvage their perceived respect for privacy in the public eye despite their previous actions and the conflict to their prime directive. They already sell the data to 3rd parties, their beef is they did not get paid in this/these instances.


My point is that it's perfectly fine for corporations to just maximize shareholder value, as long as it's within a legal framework provided by democratically elected governments. That's precisely the purpose of governments, to guide society into a direction that's beneficial for the public as a whole, and they are elected based on their promises in this regard.


>> new economic powerhouse to please over EU

If your point point is, for example, China being more important to MS and demanding weaker privacy I don't think it matter that they are more powerful. I think MS would have to respect the laws of whichever nation has the highest privacy expectations. Or spread data out among countries it's created in and apply different privacy rules to different servers.


I think that last part is the direction we may be heading in.


Their argument that cloud can't survive invasion of privacy is probably right, but ignoring government, cloud operators threaten the privacy of their own users.

G and MSFT both have stories from the early days when their employees went into cloud email accounts to check up on users. In G's case it was a rogue sysadmin stalking some high school kids, for MSFT it was looking at a journalist's hotmail acct to prosecute a leak.

The NSA has their own version of this, LOVEINT, where analysts stalk their significant others (or desireds or exes).

I can't think of any guarantee a company can provide to say this isn't happening, esp on social platforms. Crypto-based platforms might do it (see the danish sugar beet auction, which uses a form of secure multiparty computation) but that's not MSFT's argument here. Also unclear how crypto platforms affect the ability to roll out new features and debug.


Back in summer 2006 between semesters, I worked at a Microsoft call center for Hotmail plus/premium (people/companies who paid premium account, and some ISP rebranded Hotmail accounts).

We had full access to billing, we also had full access to people's accounts. We could look at emails, look at deleted items weeks after del (restore in rare circumstances).

The thing is we didnt mess around. The tools to do this are heavily logged and audited.

There was an incident of guy looking into his gf account.

Within a week the guy was repramanded and let go.


what did he do with his girlfriend's information, and how was it discovered that he looked?

Do you know if she was ever told? If yes, what was her reaction?


> > The tools to do this are heavily logged and audited.

> how was it discovered that he looked?

That's how they figured it out. Because someone who wasn't fulfilling a support ticket accessed an email account.


That the free speech arguments are going ahead is nice, but the judge also hammered another nail into the coffin of the 4th amendment:

Robart rejected the tech giant’s argument that the so-called sneak-and-peek searches amount to an unlawful search and seizure of property. Former Attorney General Loretta Lynch had argued that federal law allows the Justice Department to obtain electronic communications without disclosure of a specific warrant if it would endanger an individual or an investigation.


It takes more than a judge's comments to change a constitution.


True, but a judge's job is to interpret the Constitition.


Sure, but different judges are free to interpret the constitution without reference to specific interpretations. Therefore, it's not a nail in the coffin of the 4th amendment, it's just a temporary misuse (IMO).


>> Sure, but different judges are free to interpret the constitution without reference to specific interpretations.

Aren't the lower courts subject to the interpretations of the higher courts?


For rulings, yes, though they can be overturned:

http://money.howstuffworks.com/10-overturned-supreme-court-c...

Is what we're seeing here a ruling, or merely a dismissal of a claim before the trial starts?


Dog and pony show from enthusiastic PRISM partners.

"We've changed, honest!"


In the time of fake news and alternative facts, it is quite difficult to discern who is telling the truth and who isn't. After the revelations of programs like PRISM and XKeyscore it has become undeniable.

I think the general population is beginning to realize this. Obviously it takes time for people to understand things, but this information is years old at this point.

The question now is, "what do we do about it?"


> what do we do about it

Which we are you asking about?

Since this is HN, I'm guessing you are asking about technologists and founders. I would say they should end surveillance on their users. Stop using ad-tech and analytics that tracks users. Log as little as you possibly can. Stop with the excessive rights grabs over your user's data.

But HN is also a lot of people like me - typical users. To them I would say use ad-blockers every where. Use HTTPS everywhere. When you are asked to give up privacy, consider what you are getting in return. For me, I'm comfortable with using Google services because it feels like I'm getting a lot. But with Windows 10, I'm giving up a lot of privacy for nothing in return.

I have no idea what to say about people like my parents. They have no problem with universal surveillance. Privacy is important only for protecting themselves from fraud. Same goes for my kids. They care even less about privacy than my parents.


re: windows 10... for most people it was a free major OS upgrade, increased security, modern browser with more frequent updates. I feel it was worth it as a free (as in direct monetary cost to me) upgrade.

I've got mixed feelings about the amount of telemetry data they collect.. I don't use cortana, and have disabled most of the options I can disable regarding this. That said, I mostly like the new UI/UX, and would prefer to have friends and family on a version of windows that is clearly better supported moving forward.

I wouldn't say that is nothing ... I also run a mac laptop, and my most used home PC, is the htpc connected to my tv running Ubuntu. Android phone and tablet... I'm not only using windows, but can appreciate what it does offer in trade for that privacy concern.


I too like Windows 10. I just wish Microsoft would charge what they need to charge and make sharing optional. At first the enterprise edition had switches to turn off the data sharing but as I understand it, even enterprise edition users have to let Microsoft watch them work now.

You're right though - lots of people did get it as a free upgrade. I'm not sure I'd like Microsoft off the hook though since a significant number were tricked into it. Plus I think my point applies even more aptly to users that didn't upgrade to W10. Microsoft added the data sharing features into Windows 7 and 8. So they literally were essentially forced into sharing private data with Microsoft for nothing in return.


It's very rare that I say this, but go Microsoft!


We will have our Fourth Amendment. I'm actually not surprised it's Microsoft leading the charge here. After all, if they capitulate, their presence in the EU will be greatly diminished.


It seems to me that requiring fixed end dates for the gag orders would greatly mitigate the problem. It would be possible to extend them, individually, for cause.


I wonder how this will play out in other tech arenas.


Some companies are smart and run EU & US operations completely separately. This is exactly why they're doing it.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: