Microsoft Does Not Love PRISM

Earlier this year Microsoft and other tech giants like Google, Apple, and Facebook were accused of giving the government backdoor access to their systems. The program, in operation since 2007, is called PRISM and is operated by United States National Security Agency. Recent leaks by Edward Snowden revealed a relationship that has been in place for quite some time. Microsoft in particular has been singled out in regards to Skype communications allegedly being available to the government. All companies involved have denied giving the government direct access.

In a recent blog post, Microsoft goes on the offensive and responds to the issue around government demands for your data. Here is what is currently going down.

Companies like Microsoft, Google, Apple and Facebook all know quite a bit about you. Right now everything we know about how these companies work with the government is based off of leaked slides and insider information. If you’ve been following the news you’ll know that all of this is terrible press for any company involved and they’ve been quick to distance themselves from accusations regarding your data. However, they haven’t been able to really tell us much about the program beyond vague PR speak. It could be because the government is stopping them.

On June 19, Microsoft filed a petition in court to obtain permission to publish the volume of national security requests they’ve received. But the Government and lawyers representing the government have yet to respond to the request. A request that would give information to the public that Microsoft believes is guaranteed to you by the U.S. Constitution. Today they’ve asked the Attorney General of the United States to personally take action to allow both Microsoft and others to share information around the issue.

The following is what Microsoft can currently (and apparently legally) tell us at the moment surround various properties involved with accusations. What has been reported so far by the media (again, from inside sources) is apparently inaccurate according to Microsoft.

 

Outlook

Outlook / Hotmail

Microsoft does not provide the government with direct access to emails or instant messages. They only turn over content for specific accounts according to lawful demands from governments. This applies to both the United States and any country that Microsoft stores data. They receive demands, review them, and if needed will comply. They provide no technical capability for governments to access your data.

SkyDrive

Same situation with Outlook applies for SkyDrive. There is not direct government access, instead if they want data they must request it in manners consistent with the law.

Skype Calls

No, the record is not on repeat, but Microsoft treats your data fairly similar across the board. If a government wants your Skype data they must request it within lawful means. Last year Skype started the transition to thousands of Linux boxes to act as the supernode. That move was not in response to giving the Government easier access to your calls, messages, or other data.

Enterprise Email and Document Storage

If Microsoft receives a request from a government for data held by a business customer they take the necessary steps to redirect them to the customer directly. Again, following only legal paths and not giving direct access to any government.

Here are the bulletin points that Microsoft outlined that they want you to take home with their message.

  • Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.
  • If a government wants customer data – including for national security purposes – it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.
  • We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction – fractions of a percent – of our customers have ever been subject to a government demand related to criminal law or national security.
  • All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the request are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.

This is going to be a situation of “he said, she said” for quite some time between all these companies and the NSA. What’s your take on all this? Does this official response from Microsoft calm your fears a little? Who is ultimately responsible here? Microsoft or the NSA? Sound off below. 

Source: Microsoft