Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Microsoft Petitions US Attorney General For Permission To Disclose Data Requests

Soulskill posted about a year ago | from the damage-control dept.

Microsoft 95

MojoKid writes "Microsoft is smarting in the wake of the Guardian's discussion of how chummy it's gotten with the NSA over the past few years, and the company wants permission to clarify its relationship with the federal government. To that end, the company has sent a follow-up letter (PDF) to the Attorney General's office, asking it to please address the petition it filed in court back on June 19. Redmond is undoubtedly cringing at the accolades being heaped on Yahoo and its repeated court battles on behalf of its users, and wants an opportunity to clear the air. But Microsoft has gone farther than simply asking the government to hurry up and rule on its petition — it has also issued a series of clarifying remarks regarding its relationship with the NSA. Microsoft refutes some of the Guardian's claims strongly. It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."

Sorry! There are no comments related to the filter you selected.

Tough Cookies (1)

Cornwallis (1188489) | about a year ago | (#44307089)

From this ex-customer they can rationalize all they want.

Re:Tough Cookies (4, Insightful)

Anonymous Coward | about a year ago | (#44307213)

Yep, same here. And them there's weasel words from the clever lawyer at Microsoft anyway.

Notice how they keep using the phrase 'We do not provide any government...'? That's 'cause the NSA uses private contractors - like Snowden - to do the dirty work. There's lots more evasive lawyer-speak there too.

I'd trust them about as far as I could throw Ballmer. And I'm a 95 pound weakling...

Re:Tough Cookies (5, Insightful)

FriendlyLurker (50431) | about a year ago | (#44307457)

Notice how they keep using the phrase 'We do not provide any government...'? That's 'cause the NSA uses private contractors - like Snowden - to do the dirty work. There's lots more evasive lawyer-speak there too.

Your right there, if you actually read the "series of clarifying remarks" - it is all lawyer weasel words aimed to try and persuade those that are left to listen, "there is nothing to see here, we comply with the law". Seriously - trust, once lost, is going to seriously hard to earn back for all these tech companies in bed with the Military Industrial Complex. We may not be able to do much immediately to rein in an out of control surveillance state run by the private and unaccountable MIC, but we sure as hell can vote with our feet by abandoning these big tech companies services, and encouraging those less informed about this whole debacle that they should too.

Now, just have to encourage in every way possible the development of easy to use default on encryption solutions for email (like OTR provides for chat). Also why the hell isnt slashdot offering https yet - apathy helps the sorry state of affairs continue...

Re:Tough Cookies (1)

OutOnARock (935713) | about a year ago | (#44313161)

I wonder what would have happened to Woodward and Bernstein investigating Watergate in 2013?

And Redford's character in "3 Days of the Condor"; could he still tell his story to the New York Times?

Re:Tough Cookies (1)

FriendlyLurker (50431) | about a year ago | (#44315479)

Not to mention John Grishams "The Pelican Brief". Pure fantasy in this day and age to think you can run to "the [traditional] press"

Re:Tough Cookies (0)

Anonymous Coward | about a year ago | (#44307989)

I'd trust them about as far as I could throw Ballmer.

A funny phrase, that. It implies that the further you can throw the person, the more you trust them. But that means the people you would trust the least, would be right next to you, well within reach of being able to do you harm.

I guess it could be a variation of "keep your friends close, but your enemies closer", but it still seems like a funny phrase.

Re:Tough Cookies (1)

sjames (1099) | about a year ago | (#44309503)

It also implies that you don't trust those you are powerless over (unable to throw) or in a broader sense, people you cannot remove from your presence should the need arise.

A bit more abstract, it implies that you do not find them trustworthy and so your trust is limited by your ability to beat them in a fight (throw them in the trough in the old Westerns).

Re:Tough Cookies (1)

Jeff Flanagan (2981883) | about a year ago | (#44308375)

Keep in mind that that's probably paranoid hysteria. We know that Snowden has made claims that are wild exaggerations at best, and that Greenwald is an "activist" rather than a journalist. I think when the info comes out, all but the worse alex jones-style nuts will understand that this was all smoke, no fire.

Re:Tough Cookies (1)

mrex (25183) | about a year ago | (#44308935)

I like how you wildly exaggerate insults against others... for wild exaggerations. Very meta.

Show us some of these wild exaggerations Snowden has made by dumping pertinent documents sourced directly from the NSA. Tell us all how Edward R. Murrow was not a real journalist because he openly formed conclusions, rather than hiding his personal biases behind selectively-uncritical regurgitation of official talking points.

Re:Tough Cookies (1)

Tharkkun (2605613) | about a year ago | (#44310121)

I like how you wildly exaggerate insults against others... for wild exaggerations. Very meta.

Show us some of these wild exaggerations Snowden has made by dumping pertinent documents sourced directly from the NSA. Tell us all how Edward R. Murrow was not a real journalist because he openly formed conclusions, rather than hiding his personal biases behind selectively-uncritical regurgitation of official talking points.

Snowden has yet to reveal anything we didn't already know. Everything is available via google.

Re:Tough Cookies (1)

NotBorg (829820) | about a year ago | (#44308637)

What Obama means when he says "nobody" is listening to your phone calls is that computers doing speech-to-text are technically nobody.

Re:Tough Cookies (1)

davester666 (731373) | about a year ago | (#44310243)

...and then the text is only occasionally snickered over by an "analyst".

Re:Tough Cookies (1, Insightful)

crafty.munchkin (1220528) | about a year ago | (#44307261)

Be honest. You pirated their software just as much as everyone else ;)

Re:Tough Cookies (0)

Anonymous Coward | about a year ago | (#44307389)

No. No I didn't.

Back in the early days î gave them a lot of money and developed a lot of tools on their platforms. So in a way I'm kinda responsible for them being as bad as they are.

No more though, they've gone way too far now. Time to help clean up the mess we made.

Re:Tough Cookies (1)

Errol backfiring (1280012) | about a year ago | (#44308645)

Be honest. You subsidized their software just as much as everyone else ;)

There, fixed that for you.

This is why I bought a Chromebook (5, Funny)

kurt555gs (309278) | about a year ago | (#44307099)

So Google can turn my data over to the NSA, I don't like Microsoft!

Re:This is why I bought a Chromebook (1)

NotBorg (829820) | about a year ago | (#44308673)

Well Google did get the FIRST! post on the issue. MS came in late to the party, as usual, mimicking the behavior of those who did the market research before them.

Re:This is why I bought a Chromebook (0)

Anonymous Coward | about a year ago | (#44315183)

MS came in late to the party, as usual

MS had a Web browser, Web search, email, instant messaging and news before Google even existed. It also had a mobile OS and tablets (such as they were), Web-accessible satellite photography and 'social networking' before Google did. Plus it's always had the best major browser for browsing porn (remember when it loaded porn faster than Navigator?).

Re:This is why I bought a Chromebook (2)

Nerdfest (867930) | about a year ago | (#44309199)

You may want to have a look at this [eff.org] .

Re:This is why I bought a Chromebook (1)

Rob_Bryerton (606093) | about a year ago | (#44313513)

Microsoft is evil.... good thing I use Apple!

(Looks at parent's linked list of sell-out whores)

FFFFFFFFFUUUUUUCK.

Well, at least I don't use Verizon (whimper)

Re:This is why I bought a Chromebook (1)

DrEldarion (114072) | about a year ago | (#44313599)

The difference is that ChromeOS is open source, so you can verify that's not actually the case.

http://www.chromium.org/chromium-os [chromium.org]

Petition? (0)

Anonymous Coward | about a year ago | (#44307105)

The government doesn't petition, it demands. Microsoft's attitude is unreal. As if it can say No to the government when they show up with warrants, NSLs, etc.

Zero Day Exploits (5, Insightful)

Ozoner (1406169) | about a year ago | (#44307113)

Who needs encryption keys or back doors if Redmont is handing over (and not patching) Zero Day Exploits?

Re:Zero Day Exploits (2)

NatasRevol (731260) | about a year ago | (#44307459)

Why do you think it sometimes takes them forever to patch them?

Government oversight.

Re:Zero Day Exploits (1)

dc29A (636871) | about a year ago | (#44307487)

If you got a solid non Windows firewall AND user common sense (don't open anything you get in emails) AND encrypt your stuff, you should be safe.

Re:Zero Day Exploits (1)

JeanInMontana (2020420) | about a year ago | (#44308167)

Who needs encryption keys or back doors if Redmont is handing over (and not patching) Zero Day Exploits?

Exactly!

denied (0)

Anonymous Coward | about a year ago | (#44307115)

denied and the permission to publish the denial denied

Penis (-1)

Anonymous Coward | about a year ago | (#44307117)

Penis

Damage control (4, Insightful)

silviuc (676999) | about a year ago | (#44307151)

"It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."

What about when the govt. agencies get those "legal papers" that compel MS to provide access to data on Outlook, Skydrive, etc? Do they provide encryption keys then? What about SSL certs? Do they send them over to the NSA after they expire?

And this should not be only about MS. Any company should answer these questions. I really hope this shitstorm will kill stupid usage of "the cloud" but I doubt it. People are dumb, education budgets diminish every year so there is no changing that fact.

I guess my point is that if you need to have sensitive data in "the cloud" roll your own already. The software to do that is already available and free (gratis and libre).

Re:Damage control (4, Insightful)

bleh-of-the-huns (17740) | about a year ago | (#44307257)

My guess is that they provide the data itself, not the keys to decrypt the data.

Re:Damage control (-1)

Anonymous Coward | about a year ago | (#44307449)

Or do they?

http://www.zdnet.com/blog/btl/microsoft-certificate-used-to-sign-flame-malware-issues-warning/78980

Re:Damage control (2)

NotBorg (829820) | about a year ago | (#44308719)

I like how we have to "guess" about what our government is doing.

Re:Damage control (0)

Anonymous Coward | about a year ago | (#44315141)

We don't have to guess; we get to!

Re:Damage control (2)

Grishnakh (216268) | about a year ago | (#44307409)

And this should not be only about MS. Any company should answer these questions. I really hope this shitstorm will kill stupid usage of "the cloud" but I doubt it. People are dumb, education budgets diminish every year so there is no changing that fact.

Education budgets in the US may diminish every year, but that probably isn't true in other industrialized countries. The real issue is that foreign governments and other customers may now decide that using Microsoft or any US-based vendor is a bad idea, thanks to NSA's spying, and they're right. There's nothing to stop the NSA from handing over important information to US companies or the US government; in effect, the NSA is an agent for espionag (industrial and otherwise). Any US-based software or cloud services vendor simply cannot be trusted, and this isn't going to be good for the US economy since IT products and services are one of the few big things continuing to prop it up.

Re:Damage control (3)

Shavano (2541114) | about a year ago | (#44307439)

What about when the govt. agencies get those "legal papers" that compel MS to provide access to data on Outlook, Skydrive, etc? Do they provide encryption keys then? What about SSL certs? Do they send them over to the NSA after they expire?

When the government, any government, comes with court orders, of course they comply. Every company does, because they are then legally required to do so. Don't pretend that situation has changed between 1789 and today. NSLs, as far as I know, have no real legal standing. I don't know what a company could do if they didn't want to comply with a NSL.

Re:Damage control (4, Interesting)

SilentStaid (1474575) | about a year ago | (#44307473)

I'm currently working for a fairly large 2500+ employee multi-national that regularly handles confidential information belonging to other businesses. I can safely tell you that we have scaled back all of our efforts to move things to the cloud and have actually reversed the trend by bringing more and more things in house over the past year. This orignally started with several data privacy laws enacted in the EU that made farming things out prohibitively expensive but perhaps the most interesting part of this is that since the various leaks this year, we've been getting more scrutiny from foreign companies about what we could have any hope of keeping from the government if asked.

Re:Damage control (1)

Paperweight (865007) | about a year ago | (#44309769)

That is perhaps the biggest shame, because often moving things to the cloud instead of reinventing the server farm is a good business decision, good for the economy, and the way of the future, if it wasn't for the government's usual meddling retardation of progress.

Re:Damage control (1)

Twinbee (767046) | about a year ago | (#44310113)

Perhaps you can enlighten me. If you want fast database access, then you'd want the data on local servers anyway. If however, it's just for storage, then servers are a bit overkill, and surely lots of removable plug-n-play HDs for relatively few PCs would suffice?

Re:Damage control (1)

NatasRevol (731260) | about a year ago | (#44307479)

LOL. As if Microsoft has never provided encryption keys before. Like since WinNT.

https://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]

It's Simple (2)

camperdave (969942) | about a year ago | (#44307915)

It's simple. They don't have to turn over encryption keys to the NSA because that's where they got them in the first place.

Re:Damage control (1)

recoiledsnake (879048) | about a year ago | (#44308223)

The key that the wiki page mentions isn't for spying, it's for verifying digital signatures on third party cryptography service provider packages. It was named as such because CSP packages that are exported outside of USA have to receive export approval, something the NSA performed. So the NSAkey was named because it was a digital signature proving that a package had either received proper review or didn't need it (If it was for US only).

Not saying that NSA isn't spying, just that the key mentioned is not used for that purpose.

Re:Damage control (1)

NatasRevol (731260) | about a year ago | (#44309351)

How could you possibly know that the key was not used for spying?

And why would they need their OWN key to verify the digital signatures?

And why would that key have the email of postmaster@nsa.gov?

My question is... (2)

mitcheli (894743) | about a year ago | (#44307507)

"It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."

Why the encryption process employed is susceptible to third party decryption in the first place. To avoid this from happening, the design needs to be end-to-end with the users holding the keys.

Re:My question is... (1)

Talderas (1212466) | about a year ago | (#44307627)

The email service that Microsoft hosts for free is hosted on Exchange if I am not mistaken. This is this likely target of the NSA or other government agencies when they're talking about Exchange encryption keys and not Exchange in general.

Re:Damage control (0)

Anonymous Coward | about a year ago | (#44307555)

Microsoft answers a lot of your questions in its letter to the public...

Re:Damage control (1)

Anonymous Coward | about a year ago | (#44308595)

People who use the cloud are dumb.

Wow... what a high level of reasoning. I can totally see why this is at +5 insightful. Fuck slashdot.

Vote with your feet (0)

Anonymous Coward | about a year ago | (#44307163)

Switch back from Gmail to Yahoo mail now. Show them what values you care about! If you don't, you know who to blame then.

Re:Vote with your feet (1)

Cenan (1892902) | about a year ago | (#44307185)

Right, because handing over your data after loosing a court battle is so much better than doing it before. You're focusing on the wrong part of the problem.

Re:Vote with your feet (1)

Anonymous Coward | about a year ago | (#44307291)

Not really. The point is that there is no court battle. Warrantless searches is exactly the problem, and MS is purposely confusing "legal papers" with "warrant." I guess you fell for it.

Snowden uses Lavabit (1)

Anonymous Coward | about a year ago | (#44307503)

Yahoo is not a fix for this, they lost. Likely all US based services would/have also lost and handed over backdoor access if Yahoo lost. Microsoft just did it more willingly/quickly and more thoroughly.

If you used a non -US pop3 account, something capable of TLS, and a https webmail or tls POP3 connection, then your emails will still go into the big database but it will be encrypted and thus cannot be datamined. Well unless you're communicating with a US or UK based person (Canada?*).

Snowden used Lavabit, but that seems to be based in Texas and so cannot be used now. NSA gets 'class' warrants, where a whole service is tapped on the claim that their software will locate the 'terrorist' out of *all* the data. Hence they need it *all*.
So they'll have served Lavabit with a full tap, and Lavabit have the email unencrypted just before it goes into their servers for encryption. So if you use that, all the content of your email (USA based too) will be grabbed and stored, and flagged as possibly related to Snowden.

* Canada too I think, PRISM groups USA and Canada as one item as though Canada are 100% under control. I decided to move my email out of Canada as a result.

Re:Vote with your feet (4, Insightful)

MozeeToby (1163751) | about a year ago | (#44307373)

In fact, handing over data after a court battle is much, much better than doing it before. That's called due process, it's how things are supposed to work and it is a significant improvement over handing over the data just because the feds asked nicely. Now when you talking about "secret courts", that's when things get ugly again.

Re:Vote with your feet (1)

AHuxley (892839) | about a year ago | (#44308433)

Due process is going to get fun re confrontation clause and simple things like evidence, witnesses. You just wont have standing in your own trial to see what data the feds and their friends collected.
Welcome to the the digital https://en.wikipedia.org/wiki/Star_Chamber [wikipedia.org]

Re:Vote with your feet (1)

Cenan (1892902) | about a year ago | (#44308943)

No, because the due process, in this case, only applies to American citizens. The rest of us get fuck-shafted by whichever email provider we have. To you American types, the recent string of lawsuits over this is good, to the rest of us, it's very bad. It focuses on the rights of you, over the rights of us.

The OP was about switching between US providers, and I guess I should have been clearer that this is only going to work for people, whom the various amendments apply to. All in all, we don't need to figure out which amendment this violates the most, or how many people can be tapped at once to deem it "mass", we need it to stop, period.

Yadda, yadda American news site and all, but this thing really does stretch beyond US soil. And no matter which government is doing the spying, it needs to just.fucking.stop.

I can't imagine why the businesses who have been caught red handed on this aren't being more vocal about the implications for their overseas trade, after all, governments love export more than import.

Re:Vote with your feet (1)

sjames (1099) | about a year ago | (#44309621)

Actually, it is. By forcing 'the authorities' to go to court, you at least maintain some shred of hope that their activities will be exposed, that the courts will see reason, or at least by making it a pain in the ass they will be just a tiny bit more hesitant to make outrageous requests.

It may not be much in the long run, but it's sure more than the big fat zero principles reflected in handing the data over like a good little sheep.

Re:Vote with your feet (3, Insightful)

Grishnakh (216268) | about a year ago | (#44307421)

How is that going to help? The NSA and US government can get any data they want from any US-based email provider, Gmail, Outlook.com, or Yahoo. The only way you'll be really safe is to run your own mail server in a foreign country, but switching from one US-based provider to another US-based provider isn't going to make a bit of difference.

Re:Vote with your feet (0)

Anonymous Coward | about a year ago | (#44308879)

I really don't understand this article, at all, and maybe it's because I'm misunderstanding the situation. If the NSA has the ability to present legal papers that detail:

1) Give us the data
2) You cannot tell anyone about this

How are we to believe anything that we're told (or not told) about "our" data? Because it really appears that it's all either totally fair, or a total foul - legally speaking. I mean after all, if we looked at "computers' as the thing that they replaced - filing cabinets - then it's a simple matter of explanation:

"Sir/Ma'am, you are keeping all of your papers (data) in filing cabinets that belong to others. When you signed up with the owners of said filing cabinets, they specifically told you that they would read it all, and use the info that they read to determine ways to assist the government, or advertize to you."

It looks like a lot of big companies use google for their email, I know the one that I used to work for did. These same companies generally are (medically) self-insured as well. Once a person starts to use their work email as their own (who doesn't do that to some extent) the company gets quite a lot of data on it's employees. I wouldn't doubt to any degree that all of this info is worth more to the company (not google) than a lot of the work that the workers do. Meaning that if data is for sale, it'd be a smart idea to simply start some BS company and hire folks from different backgrounds to do things for you, just to get their (personal) data. America, "home of the brave, land of the free", unless you're just a citizen.

Looks like it's time to start a company that specializes in installing in-house email, chat, ftp....

Re:Vote with your feet (1)

Grishnakh (216268) | about a year ago | (#44309249)

In-house email isn't safe either, unless your company is outside the US (and there, you're still going to be spied on if you're in the UK, Germany, France, etc. as those have all now been revealed to have programs just like PRISM or even worse). The reason for this is that email is fundamentally flawed from a security perspective: it travels completely unencrypted over what's basically a simple telnet session: you can telnet to port 25 of any mail server and send a bogus email quite easily using the appropriate SMTP commands ("HELO", "RCPT TO", etc.) (though it'll probably be rejected these days based on other techniques used to avoid spoofing). So if the government wants to spy on you, all they have to do is tap into your ISP connection and they'll see all your incoming and outgoing emails. Sure, you could use GPG to encrypt them, but then no one will be able to communicate with you since so few other people actually bother or even know what GPG is (and I sure wouldn't trust PGP since it's closed-source IIRC). Plus, even for the few people you do successfully communicate with using GPG, the NSA will know who you're talking to and at what frequency, though they may not be able to decipher the exact content of your messages so easily.

So to avoid that, the only way to be secure is to have a mail server based in some country that doesn't have a big spying program, such as Switzerland or Iceland. Then, you can access that mail server, even using a webmail interface, using typically-available encryption methods like SSL/https.

Same goes for FTP, but then again I don't know why anyone would ever use that these day. Only a moron would use FTP since it transmits your username and password in cleartext, so anyone listening in on your internet connection would not only see what files you're transferring but your login credentials as well (which may be the same credentials as used in many other places, since people tend to re-use passwords a lot). But at least here we have an ubiquitous and simple alternative: SFTP.

Re:Vote with your feet (0)

Anonymous Coward | about a year ago | (#44311751)

Mail severs still allow unencrypted connections?

Re:Vote with your feet (1)

Grishnakh (216268) | about a year ago | (#44311875)

Interestingly, it looks like some stuff has changed since I last looked at SMTP, according to the Wikipedia article [wikipedia.org] . It does look like there's a SSL-secured SMTP, but it doesn't look like it's mandatory.

Re:Vote with your feet (0)

Anonymous Coward | about a year ago | (#44307721)

Do all the kids use webmail these days? Pull your head out of your cloud.

They don't give the keys, just the plain text... (0, Troll)

flyingfsck (986395) | about a year ago | (#44307201)

Got to read their weasel words carefully. If they don't provide the keys, then they must provide the plain text. Six of one, half dozen of the other...

Ah, all better! (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#44307227)

Given that, at present, 'via the legal process' seems to consist of a variety of procedures that make getting a search warrant rubber-stamped by a handpicked sycophant look positively robust, I'm not sure how reassured I'd be even by 100% ironclad evidence that all data were divulged in accordance with 'legal process'.

Even aside from the high-volume shenanigans on the NSA side, whose legal justifications themselves are rather secretive, the good old 'National Security Letter' is a 'legal' process that essentially boils down to 'Somebody at a three letter agency asserts that the information demanded is in some way related to an investigation with national security implications. Pinkie Swear!'. No judicial involvement, no need to present any evidence for that assertion, a downright farcically bad record on recordkeeping(the FBI won't even tell congress how often they use the things), and a gag order that makes the operation essentially silent.

Sure, maybe Microsoft are better people if they are always complying under penalty of law, rather than as enthusiastic little quislings voluntarily cozying up to the spooks; but from the perspective of a potential customer, rather than an observing ethicist, what difference does it make?

A serious question (0)

Anonymous Coward | about a year ago | (#44307235)

Should the US Intelligence Community have *any* capability to target the content of communications of non-US Persons outside of the US for legitimate foreign intelligence purposes when that communications traffic enters US-controlled systems?

If so, who should decide what this framework looks like? The general public? How would that work, since intelligence requires secrecy in order to have any effectiveness?

If not â" are you fucking serious?

Skype reads your links (2, Informative)

Anonymous Coward | about a year ago | (#44307255)

Time to reexamine this:
http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html

"associates in Germany at heise Security have now discovered that the Microsoft...Shortly after sending HTTPS URLs over the [skype] instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond."

Microsoft claimed it was for malware checking, but it was noticeable it targeted Germany, I did a test on my skype (to UK) and received no visit. That could be the Prism interface Microsoft installed.

The rest of the claim is simply misleading, Guardian leaks show they worked around encryption by letting NSA grab the data before it was encrypted, and that they set up a team to help NSA with further surveillance problems, neither of these claims Microsoft has disputed.

"legal process" is meaningless. That program is clearly a violation of the 4th and thus illegal.

In all Honesty... (1)

bleh-of-the-huns (17740) | about a year ago | (#44307277)

Microsoft is a business, they are in the game to make money. They also know that doing stupid shit like providing wholesale access to data/keys/exploits/whatever is bad for business.

So, Microsoft, as a business, probably would not have given anything without a court order.

That being said, a better guess would be that someone within MS, possibly high up in the chain of command would be the one providing the data. Again, a total guess, and I could be completely wrong.

You are the product not the customer (1)

Anonymous Coward | about a year ago | (#44307839)

Given the fees the telcos get for interception data, and given NSAs astronomical multi billion dollar budget I think its safe to assume Microsoft gets paid handsomely for PRISM interface usage and you are the product of Outlook.com and NSA is the customer.

Which makes sense if you think about it. You want to pump hidden subsidies into US online businesses because it's pretty much the only industry you have left. How would you do it? If you did it publicly then foreign countries would subsidize their online services too, and you'd be back to square one. So instead you buy data from them secretly, the budget for this is secret NSA budget, and so you create a surveillance & subsidy industry in one.

I wondered where the money comes from with Skype to justify a $7 billion price tag. Say you could run it on $500 million profit, NSA has estimated $10 billion budget, $5 billion would be enough to buy all the data from the top 10 US online services.

Re:In all Honesty... (1)

93 Escort Wagon (326346) | about a year ago | (#44308189)

So, Microsoft, as a business, probably would not have given anything without a court order.

How does that actually improve the situation, since we now know (from the leaked secret order to Verizon) that these court orders can and will make demands such as "give us the entirety of your traffic for the next three months"?

And I'm not picking on Microsoft - this question stands to ALL of these US-based companies.

Re:In all Honesty... (1)

sjames (1099) | about a year ago | (#44309659)

Unless, of course, they never anticipated a Snowden and figured nobody would ever know. Or perhaps they figured that whatever illegal benefit they were offered in return would bring enough profit to make up for any loss and then some.

Re:In all Honesty... (0)

Anonymous Coward | about a year ago | (#44309987)

So, Microsoft, as a business, probably would not have given anything without a court order.

Many businesses were selling information to the government without any court order prior to the whole telecom immunity deal. After that became public, the government started using court orders instead.

smoke and mirrors (4, Interesting)

Charliemopps (1157495) | about a year ago | (#44307405)

All these companies are feigning outrage over these "requests" they get, when in reality I doubt the requests are ever used except in cases where the government needs evidence in court. The REAL data collection is done without Microsoft/Googles direct knowledge. The NSA surely has agents working on staff at every major tech company in the world with the sole goal of installing as many NSA backdoors as possible. The idea that the NSA has no respect what-so-ever of the American peoples privacy but at the same time wouldn't just take the same sort of data from a corporation is idiotic.

Re:smoke and mirrors (2)

NotBorg (829820) | about a year ago | (#44308855)

This. When they approach Google, MS, FB, asking for data, it's data that they already know is there. They're tapped into every major Internet peering node in the US and an untold number of them over seas. They likely have agents and eavesdropping devices at interesting companies like MS. They know that the data they collect is illegal so they need to manufacture chain of evidence that they can actually use. That's the only reason they send requests/warrants.

Re:smoke and mirrors (0)

Anonymous Coward | about a year ago | (#44309149)

I, too, enjoy wildly speculating.

Even if it's true, why should I care ? (0)

Anonymous Coward | about a year ago | (#44307595)

Microsoft refutes some of the Guardian's claims strongly. It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."

As a non-American, why should I give a fuck ? The NSA can simply demand access to my data in secret, legally, and also demand - again legally - that Microsoft not breathe a word about it to me, without any judicial oversight whatsoever. As far as I am concerned, no U.S. tech company (or any company that stores any of my data within U.S. jurisdiction) can be trusted, and I will vote with my wallet accordingly.

Re:Even if it's true, why should I care ? (2, Funny)

Anonymous Coward | about a year ago | (#44307679)

Microsoft refutes some of the Guardian's claims strongly. It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."

As a non-American, why should I give a fuck ? The NSA can simply demand access to my data in secret, legally, and also demand - again legally - that Microsoft not breathe a word about it to me, without any judicial oversight whatsoever. As far as I am concerned, no U.S. tech company (or any company that stores any of my data within U.S. jurisdiction) can be trusted, and I will vote with my wallet accordingly.

I'm glad you think non-US companies can be trusted.

What color is the sky on your planet?

Reading between the lines (0)

korbulon (2792438) | about a year ago | (#44307597)

"It was just a blowjob."

Re:Reading between the lines (0)

Anonymous Coward | about a year ago | (#44309329)

"It was just a blowjob."

>hrng! sexual jokes make me *uncomfortable*!

Broken trust (5, Insightful)

Taantric (2587965) | about a year ago | (#44307643)

The problem with secret courts, secret executive orders and undisclosed legal reasoning is that even if Microsoft released some information as "transparency", can you really trust that they aren't holding something back or outright lying due to some other even more secret court order?

They were completely denying and fudging the question about Skype eavesdropping right up until the Snowden leaks. Then they did a complete 180 turn.So clearly they have no problem with obfuscating the discussion, why should we trust that any new information they provide is the whole truth and not some weasel legal loophole way of interpreting the facts? Kind of like how James Clapper weaseled and outright lied through his testimony to Congress. If these people are willing to lie to Congressmen and Senators, who the fuck are you?

I reckon Pandora's Box has been open and American technology companies will face an uphill, if not impossible, task to get anyone from the rest of the world to trust them again.

Re:Broken trust (1)

AHuxley (892839) | about a year ago | (#44308199)

Its never impossible for the USA to spin this one more time. Australia, Canada, New Zealand, United Kingdom, NATO leaders are totally addicted to limited NSA help.
Their press will be tame or move on. Give it a few years and let the sock puppets (as seen on slashdot) go to work with doubt, legal questions, amount of data shared, patriotism, been at war, it was all international and thus very legal, the French, the UK, recall the Data Encryption Standard style trolling?
Over time fall back on the classics of: if it really happened why risk a stock crash and very bad press, accountability would have stopped it, Congress said no, complexity in ~2000 was just too hard, cannot use the data in court so why was it collected, staff would see data moving, was only outside the USA...
Give it 5-10 years.

Re:Broken trust (1)

Areyoukiddingme (1289470) | about a year ago | (#44308385)

Give it 5-10 years.

You're remarkably optimistic. I give it two years, at the outside. It will persist through the next Congressional election cycle, just barely. After that, it will vanish.

And the usual 90+% of incumbents will be reelected, despite a last gasp effort of PAC attack ads bringing up the spying. (I won't call them SuperPACs. They won't be that well funded.)

Re:Broken trust (0)

Anonymous Coward | about a year ago | (#44308333)

Osama has won.

Re:Broken trust (0)

Anonymous Coward | about a year ago | (#44309197)

The problem with secret courts, secret executive orders and undisclosed legal reasoning is that even if Microsoft released some information as "transparency", can you really trust that they aren't holding something back or outright lying due to some other even more secret court order?

Even if there were not secret courts and orders, how would you know they didn't exist? Many would assume it's happening anyway, so there's never been any trust to lose. There's no Pandora's Box, this will always be an issue. Quis custodiet ipsos custodes? isn't exactly a new phrase.

Permission not needed (0)

Anonymous Coward | about a year ago | (#44307889)

We have free speech, unless this is now a complete police state. Oh wait, there's the answer!

Why not just leak them? (1)

pmikell (578334) | about a year ago | (#44307947)

If they want to disclose the data requests, why not just engineer a leak from a disgruntled former employee already located in Ecuador/Venezuela/Iran/Wherever?

They kept a secret (1)

AHuxley (892839) | about a year ago | (#44308039)

All the nice sentences just to talk around full compliance with CALEA?
Its not like it was just some fax with a time, ip and port number from some city police department.. with an amazing letterhead.
http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act [wikipedia.org]
http://www.independent.co.uk/news/edward-snowden-claims-microsoft-collaborated-with-nsa-and-fbi-to-allow-access-to-user-data-8705755.html [independent.co.uk]
http://www.salon.com/2013/07/11/snowden_docs_detail_collaboration_between_nsa_and_microsoft/ [salon.com]
http://arstechnica.com/tech-policy/2013/07/nsa-taps-skype-chats-newly-published-snowden-leaks-confirm/ [arstechnica.com]
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data [guardian.co.uk]
http://en.wikipedia.org/wiki/Usage_share_of_operating_systems [wikipedia.org]
US Adult Computer and Adult Internet Users
http://www.census.gov/compendia/statab/2012/tables/12s1158.pdf [census.gov]
The tiny % number wrt to big US computer use number and US MS marketshare seem to add up :)
Interesting http://cryptome.org/2013-info/06/whistleblowing/whistleblowing.htm [cryptome.org] lists gov works, bankers, military, a call-centre-employee, health insurance PR, a few former NSA, CIA, FBI employees, people in sports and education, press, lawyers...
In this broad mix, how/why did so many within the US computer/CS/networking elite stay so silent? Did they feel it was just a domestic link to the FBI in continuous use?
Was the psychological profiling and testing of contractors near perfect Cash was great?
So few staff over so many product ranges over many years?

NSA is hacking, not asking. (1)

cellurl (906920) | about a year ago | (#44308091)

Moot point. IMHO the NSA just hacks in and everyone has deniability including you know who. Even with Microsoft's superior knowledge of hacking, they are still probably "putting up with it from NSA".

Eliminate Speeding Tickets [wikispeedia.org]

Snowden In, Holder Out

Disclosure is meaningless (0)

Anonymous Coward | about a year ago | (#44308191)

Even if the court tells Microsoft or any other company that it can disclose information about data requests, there is no reason to trust that. It might as well be that Microsoft has been legally compelled to disclose false information, or to word the disclosure in such a way as to entirely mislead. They may even have been compelled or persuaded to make this petition in order to create a vector of misinformation.

The US has secret laws, or rather, it has secret interpretations of public laws, which amounts to the same thing. So there is absolutely no way to know what kind of false information a US company can be compelled to disclose, especially on sensitive matters such as this. Anyone who would be in a position to know and who decided to tell the public would have to turn Snowden and flee for their lives. Nothing short of a law severely limiting the scope and power of secret courts can properly restore trust. That's not going to happen, of course. That US citizens find secret interpretations of laws tolerable is something of a mystery, but oh well. You guys do know that this means you are required to obey rulings that you can't be allowed to know about?

PR Smoke And Mirror (0)

Anonymous Coward | about a year ago | (#44308259)

Balmer, i.e. M$ will not give up the cash, narcotics and prostitutes he gets from the Federal Government in exchange for total access to all communications channels and records.

Simple solution (1)

PPH (736903) | about a year ago | (#44308661)

Re-engineer Outlook and the back end services supporting it. Employ end-to-end encryption with private keys held only by the client. Microsoft's systems serve only to distribute public keys and store and forward encrypted content.

So when the NSA comes asking, Microsoft (or any other service provider) can honestly say "We can't decrypt that for you, signed warrant or not." The NSA can already scrape encrypted content off the backbone choke points, so bugging Microsoft for something they don't have would be pointless. FISA courts would have to authorize searches of customers' premises or equipment for keys and plaintext. Which is a much more difficult task.

The entire design of messaging protocols that decrypt the server content is suspect. If I were running an e-mail service, I'd tell my customers that I don't want to see the content passing through my system.

I will feel better.... (1)

Simulant (528590) | about a year ago | (#44309123)

... when they join a legal battle in defence of our 4th amendment rights.

in the past... (0)

Anonymous Coward | about a year ago | (#44309209)

In the past, microsoft has provided extra documentation to legal authorities to help capture people suspected of copyright infringement, even going so far as to provide training booklets and videos. They BENT OVER when the NSA came calling.

Excuse me while I laugh. (0)

Anonymous Coward | about a year ago | (#44309427)

"I feel very fortunate that we have both an Attorney General and a President with such longstanding knowledge of and appreciation for our Constitution. Put simply, we need you to step in to ensure that common sense and our Constitutional safeguards prevail."

You have got to be kidding me. What lovely, hyperbolic pandering.

Shoulda listened to Franklin (1)

sjames (1099) | about a year ago | (#44309439)

Something about dogs and fleas.

Just release it you ball-less cowards (1)

Khyber (864651) | about a year ago | (#44309703)

Fuck what the NSA tells you. 'No Such Agency' means they don't exist and their rules be damned. Gain the biggest share on the planet and grow a pair, and release the data, NSA be damned. Release it all. That sort of brutal honesty gets more respect from me than beating around the (George) bush, even if you were helping them spy on me.

Clueless Bosses (1)

ThatsNotPudding (1045640) | about a year ago | (#44309889)

I'm sure the PHBs and overpriced lawyers on retainer believe Microsoft haven't done all the things Snowden has exposed.

Because _they_ didn't get the NSLs to STFU and just do the dirty work; their sharpest senior techies did, and they still can't say squat, lest they suffer pain of arrest or worse.

Of course, NSLs to the underlings would also give the perfect cover to allow the execs and shysters to protest too much.

Microsoft lies- period (0)

Anonymous Coward | about a year ago | (#44310063)

For you sheeple that still don't get it, Microsoft had made public statements that categorically STATES the following:
Microsoft has a legal duty to lie to the public about the form and extent of its activities helping the NSA and other US intelligence agencies. US law requires those that work with intelligence agencies to DENY the fact. If knowledge of the co-operation becomes public, US law requires Microsoft to do everything to re-assure the sheeple that no co-operation of any significance actually happened.

In other words, Microsoft said "if our lips are moving, we are lying".

What Snowden revealed is EXACTLY what Microsoft did. Snowden is being pursued by the war-monger Obama precisely because Snowden is not following the protocol about always lying about the extent of US surveillance of ordinary US citizens. Every Microsoft product is riddled with NSA back-doors. The endless patches Microsoft issues simply close back-doors that have entered the public domain, and open new ones.

Microsoft was NOT required by US law to co-operate in this way with the NSA- this choice was wholly that of the depraved psychopath Bill Gates- an individual that works with all of America's most powerful eugenics organisations (despite the horrors of WW2, the Americans that backed the pseudo-science of eugenics and gifted this evil to Hitler and the Nazis, created organisations that are still massively influential in present day USA). It is ONLY after you choose to work with the NSA that you have a legal duty to deny the fact, and mislead the public in any was possible.

Gates is currently engages in a charade (like that recently seen by Yahoo) where government papers will 'prove' Microsoft is innocent. While people with an IQ in double figure at least see through this laughable ploy, the tactic allows sites like Wikipedia to have entries that formally state that Snowden was proved to be a liar, and Microsoft never worked with the NSA. Remember how in 1984, Winston controls the future by altering knowledge of the past? Wikipedia serves the same purpose. The entry on Microsoft and NSA spying will soon state that it was PROVEN that Microsoft never worked with the NSA, and use the laughable government papers as proof.

This is why sheeple are taught that 'proof' is an official piece of government paperwork, and that the word of someone who was actually involved with the government doesn't count.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?