On Thursday The Guardian said that it has received documents showing that Microsoft is collaborating closely with U.S. intelligence services, including the National Security Agency (NSA), as part of the top-secret Prism program. The report specifically talks about the NSA and how Microsoft provided help to circumvent its own encryption.
According to the report, Microsoft provided help to the NSA so that the government agency can intercept web chats on the new Outlook.com portal – the agency already had access to email on Outlook.com and the former Hotmail service. Microsoft also made it easier for the NSA to access SkyDrive which currently has over 250 million users worldwide.
There's more. The documents show that Microsoft worked with the FBI's Data Intercept Unit to "understand" the potential issues email aliases in Outlook.com can create. Microsoft's Skype division also worked with intelligence agencies to allow Prism to collect video of conversations as well as audio. The final highlight in the report is that material collected through Prism is routinely shared with the FBI and CIA.
The Guardian points out that Microsoft's latest marketing campaign, launched in April, says that "Your privacy is our priority", emphasizing its commitment to privacy. Skype preaches something similar, saying that "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content." But internal NSA documents suggest that the relationship between the agency and Microsoft is "deep and ongoing".
The latest documents come from the NSA's Special Source Operations (SSO) division. It's responsible for all programs aimed at U.S. communications systems through corporate partnerships, including Prism. Based on the documents, The Guardian has provided a long chronological outline showing when and how Microsoft cooperated with the NSA. As an example, the solution to tune into Outlook.com chats was set in place on December 12, 2012, two months before Outlook.com came out of beta in February. Skype joined Prism in February 2011, eight months before it joined the Microsoft collective.
"According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general," The Guardian states.
"We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues.
"First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes. Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate. To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product.
"Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues."
The response confirms a statement that The Guardian made in its report, that there are tensions between Silicon Valley and the Obama administration. Firms like Microsoft are lobbying the government to allow them to fully disclose the nature and extent of their co-operation with the NSA. Microsoft and its fellow tech firms want nothing more than to distance themselves from claims of collaboration and teamwork, to show that their participation is driven only by legal compulsion. After all, news of letting the government snoop through your customers' email, voice chats and personal files stored on your servers is bad for business, no?
Trust No One, X-Files style.