Microsoft is tightly collaborating with U.S. intelligence services such as the NSA on intercepting user communications, according to new documents released by The Guardian.
As with that newspaper’s other leaks over the past month or so, those documents came courtesy of Edward Snowden, a former NSA contractor and self-described “whistleblower” who is currently residing in the transit area of the Moscow airport as he waits for asylum in a friendly country. The Washington Post has also reported on Snowden’s documents, some of which detail a top-secret NSA program called PRISM that allegedly siphons personal information from the databases of some of the world’s largest tech companies. Those tech companies have uniformly denied participation in any such program.
According to The Guardian, these latest documents show that Microsoft “helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal.” That circumnavigation was apparently completed in December 2012. The documents also suggest that the NSA has access to email on Outlook.com, “including Hotmail,” and shares some of its collected materials with the FBI and CIA.
“When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands,” Microsoft told the newspaper. That echoes earlier statements from the company about its alleged NSA involvement.
“The articles describe court-ordered surveillance—and a US company’s efforts to comply with these legally mandated requirements,” representatives from the NSA and the office of the director of National Intelligence wrote to The Guardian. “The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.”
How can the average user protect their data from snooping? That’s a hard question, and one thing’s for certain—according to experts consulted by Slashdot, installing an upgrade to an existing platform or clicking “Private Browsing” on your browser probably won’t help.
“I naturally recommend our own HTTPS Everywhere software as well as the Tor Browser Bundle, but I hope people understand the goals and limitations of these tools,” Dave Maass, media relations coordinator for the Electronic Frontier Foundation (EFF), wrote in an email to Slashdot. “The Tor developers have been very clear over the years on the limitations of what Tor protects and from whom; at best Tor can make users’ origin and destination hard to link based on IP traffic data.”
There are a variety of encryption providers such as Silent Circle, SpiderOak, and Tarsnap that offer products dedicated to keeping data safe and secure. (A more complete list is available elsewhere on SlashBI.) But it might be difficult to convince others to embrace those same measures, which is an essential step in ensuring end-to-end security.
Image: Tatiana Popova