The Latest Leaks Contradict Claims Made In Microsoft's Own 'Law Enforcement Requests Report'

from the protecting-your-privacy-except-for-these-large-exceptions dept

Fri, Jul 12th 2013 8:35am — Tim Cushing

The Guardian's recent revelations of Microsoft's very cozy "teamwork" with the NSA and FBI rendered many of the software giant's statements on privacy completely hollow. Among the details leaked was the surprising amount of access to Skype Microsoft provided to these agencies.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says.

Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."

This document seems to contradict Microsoft's statement on Skype in March of this year in its 2012 Law Enforcement Requests Report.

Skype received 4,713 requests from law enforcement. Those requests impacted 15,409 accounts or other identifiers, such as a PSTN number. Skype produced no content in response to these requests, but did provide non-content data, such as a SkypeID, name, email account, billing information and call detail records if a user subscribed to the Skype In/Online service, which connects to a telephone number.

[All emphasis in the original.]

Perhaps "producing content" means something different to Microsoft than it does the NSA, or the general public for that matter. The leaked documents state "Skype video production has roughly tripled since July 2012" with the agent noting they've been collecting audio all along.

No doubt this discrepancy will be greeted with a semantic discussion, involving different ways of interpreting words like "producing" or "content." Perhaps Microsoft feels providing direct access isn't the same as "producing content." Or maybe Microsoft means it just hasn't produced content for law enforcement, and anything given to the FBI falls outside of its definition of that term. But if the FBI's requests are considered to be outside the definition of "law enforcement," Microsoft confuses the issue early in its report by referring to content disclosed to governments.

It’s insightful, I believe, to look at the governments to whom customer content was disclosed. Of the 1,558 disclosures of customer content, more than 99 percent were in response to lawful warrants from courts in the United States. In fact, there were only 14 disclosures of customer content to governments outside the United States. These were to governments in Brazil, Ireland, Canada and New Zealand.

Obviously, Microsoft isn't allowed to discuss much of its work with the NSA and the FBI, but the disclosure here makes it sound as if it's safeguarding the privacy of Skype users, when in reality it's simply holding the door open for the feds.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: law enforcement, nsa surveillance, skype, surveillance
Companies: microsoft, skype

33 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Ninja (profile), 12 Jul 2013 @ 8:08am

Microsoft contracts and deals with Governments are probably at risk now...
[ link to this | view in chronology ]
- Anonymous Coward, 12 Jul 2013 @ 8:50am
  
  Re:
  Microsofts contracts and deals with EVERYONE are probably at risk now...
  [ link to this | view in chronology ]
  - Ninja (profile), 12 Jul 2013 @ 9:27am
    
    Re: Re:
    I think the general public won't flock away as easily but Governments? I mean, with Microsoft you would be clearly at risk of being a victim of espionage whereas open software would provide easy scrutiny...
    [ link to this | view in chronology ]
    - Anonymous Coward, 12 Jul 2013 @ 10:42am
      
      Re: Re: Re:
      Yep. Microsoft have just become the largest incentive for governments to change to Linux and other FLOSS items.
      [ link to this | view in chronology ]
- Anonymous Coward, 12 Jul 2013 @ 2:32pm
  
  Re:
  Are you kidding? They've utterly whored themselves out to them. The government is the only place they're safe.
  [ link to this | view in chronology ]
Baldaur Regis (profile), 12 Jul 2013 @ 8:54am

Perhaps "producing content" means something different to Microsoft than it does the NSA, or the general public for that matter.
Can't wait to hear their definitions of "audio" and "video" and how these things are just metadata.
[ link to this | view in chronology ]
- Lord Binky, 12 Jul 2013 @ 9:10am
  
  Re:
  Don't worry, there's little difference, they are all just bits.
  [ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 12 Jul 2013 @ 9:04am

YEAH, and Google is lying TOO.
You keep omitting all mention of the NSA's MAJOR source, so often that it's laughable.
[ link to this | view in chronology ]
- Lord Binky, 12 Jul 2013 @ 9:08am
  
  Re: YEAH, and Google is lying TOO.
  Are you sure it's the NSA's MAJOR source.... or is the Russian's MAJOR source....Shit, I've been infected by with OOTB1. Help me!
  [ link to this | view in chronology ]
- lucidrenegade (profile), 12 Jul 2013 @ 9:59am
  
  Re: YEAH, and Google is lying TOO.
  Come on OOTB, everyone knows you have a picture of Larry Page in your spank bank.
  [ link to this | view in chronology ]
  - Ninja (profile), 12 Jul 2013 @ 11:30am
    
    Re: Re: YEAH, and Google is lying TOO.
    "Come on OOTB, everyone knows you have a picture of Larry Page naked in your spank bank."
    
    FTFY. Further jokes involving spanking are intended.
    [ link to this | view in chronology ]
Anonymous Coward, 12 Jul 2013 @ 9:21am

Yeah, Microsoft. Not.
[ link to this | view in chronology ]
Anonymous Coward, 12 Jul 2013 @ 9:22am

I find this rather shocking. And I'm not easily shocked!
[ link to this | view in chronology ]
Anonymous Coward, 12 Jul 2013 @ 9:27am

99 percent? Where else do you see that kind of "efficiency" and so few mistakes?

I'll tell you where - NOWHERE. The less than 1 percent is just so it doesn't seem like Microsoft is giving them COMPLETE CONTROL and access, but that's exactly what they're doing.
[ link to this | view in chronology ]
Christopher Weigel (profile), 12 Jul 2013 @ 9:36am

Well, technically, if they just hand the data over, they're not "responding to a request"...
[ link to this | view in chronology ]
- Baldaur Regis (profile), 12 Jul 2013 @ 9:46am
  
  Re:
  Now that's a very good point. From the article: Skype received 4,713 requests from law enforcement. Does MS consider the NSA 'law enforcement'?
  [ link to this | view in chronology ]
  - Christopher Weigel (profile), 12 Jul 2013 @ 9:53am
    
    Re: Re:
    Or do they just count the one "give us everything" order as one single request?
    [ link to this | view in chronology ]
  - Anonymous Coward, 12 Jul 2013 @ 10:42am
    
    Re: Re:
    Does MS consider the NSA 'law enforcement'?
    
    Kinect cannot discriminate between law enforcement and rogue policy makers.
    [ link to this | view in chronology ]
Internet Zen Master (profile), 12 Jul 2013 @ 9:54am

In Microsoft's defense
This is the kind of thing that happens when companies aren't allowed to disclose their dealings with the federal government. They're forced to lie to their customers about things like consumer privacy as a result or face the government's wrath.

And sadly, even if Skype had never been bought by Microsoft in the first place, it was already participating in the PRISM program (having joined the program 8 months prior to its acquisition by Microsoft).
[ link to this | view in chronology ]
- Stubby, 12 Jul 2013 @ 11:20am
  
  Re: In Microsoft's defense
  "And sadly, even if Skype had never been bought by Microsoft in the first place, it was already participating in the PRISM program (having joined the program 8 months prior to its acquisition by Microsoft)."
  
  And this fact was not unbeknownst to Microsoft, who purchased it regardless.
  [ link to this | view in chronology ]
  - Internet Zen Master (profile), 12 Jul 2013 @ 11:50am
    
    Re: Re: In Microsoft's defense
    And why wouldn't Microsoft buy Skype? It's one of the most (if not most) recognized brands in the VoIP market. I mean, why bother creating your own product when you can just BUY the best product in the market and add it to your collection of products? Business-wise it made perfect sense, participation in a privacy-violating program like PRISM be damned.
    [ link to this | view in chronology ]
  - Anonymous, 12 Jul 2013 @ 3:29pm
    
    Re: Re: In Microsoft's defense
    I've never used Skype. Never trusted it. Now look.
    I never trusted or used a proxy called hidemyass either, and I was right about that too.
    [ link to this | view in chronology ]
- Hephaestus (profile), 12 Jul 2013 @ 12:41pm
  
  Re: In Microsoft's defense
  An interesting thought. If they lied to the public wouldn't that mean that they have violated SEC regulations?
  
  That is unless there is a secret interpretation of SEC regulations that the public isn't allowed to know about.
  [ link to this | view in chronology ]
  - Hephaestus (profile), 12 Jul 2013 @ 12:43pm
    
    Re: Re: In Microsoft's defense
    You know this would make a really neat shareholder lawsuit against Microsoft and every other company involved in PRISM.
    [ link to this | view in chronology ]
Baldaur Regis (profile), 12 Jul 2013 @ 10:16am

This is the kind of thing that happens when U.S.companies aren't allowed to disclose their dealings with the federal government.

Which begs the question: Is a stateless corporation possible? What would it look like? Do you have to be a criminal if you prefer to work without government oversight?
[ link to this | view in chronology ]
- Anonymous Coward, 12 Jul 2013 @ 1:51pm
  
  Re:
  Corporations are people until it is inconvenient for governments.
  [ link to this | view in chronology ]
Squirrel Brains (profile), 12 Jul 2013 @ 10:34am

Now there can be dueling "Scroogled" and "Microshafted" campaigns.
[ link to this | view in chronology ]
- Ninja (profile), 12 Jul 2013 @ 11:28am
  
  Re:
  I'm trying to find something to joke with Apple here and amusingly one synonym for wiretap in Portuguese is "grampo" which translates literally to English as "staple" (as in your communications were stapled). So could we consider a "Sappled" campaign as the 3rd contestant?
  
  I personally giggled while going through this thought process =/
  [ link to this | view in chronology ]
Anonymous Coward, 12 Jul 2013 @ 11:00am

there isn't one 'social network' service that isn't tied to the USA law enforcement of one sort or another. the shameful thing is, that if any of the services were to deny access, they would be hauled into court on some trumped up charges or other. the really shameful thing is that law enforcement has not only been using these services but are allowed to use them for their own nefarious purposes! how can any court, any government truly expect the people to accept this practice? they are talking, perfectly innocently in 99% of cases, about ordinary daily, mundane things and some arsehole god know's where in some bunker equally god know's where is listening in ,just in case one might say something that means absolutely nothing but gives law enforcement the chance to raid a house, arrest some kid and haul them off to prison. keep them locked up for months on bail that there isn't a hope in hell of any ordinary family being able to raise, and all because some idiot wants to get a win under their belt, like with Arron, God rest him! what sort of country is this? who in their right mind wants to live under a regime like this?
[ link to this | view in chronology ]
Vic B (profile), 12 Jul 2013 @ 1:39pm

... and we prevent Chinese companies from purchasing US communication companies on "national security" grounds...
[ link to this | view in chronology ]
Rekrul, 12 Jul 2013 @ 2:27pm

This wouldn't be nearly as easy to do if people didn't insist on convenience over security.

The only reason every Skype user needs an account is so that the main server can track IP addresses and match them up with names, so that when you tell it to "call" one of your contacts, it knows what IP address to use. This lets the company easily track all calls.

A secure VOIP app, besides using strong public-key encryption, would require the user to directly enter the IP address of the person they want to contact, and then would connect directly to that address. To do this, the program could use one of the publicly available sites that return your IP address when you access them to tell the user what IP address to give to their friend. Of course, this would require that one person send an email to the other with the IP address to use, if it's changed from the last time they talked, but there wouldn't be one central organization that could track where and when each call was made.
[ link to this | view in chronology ]
Anonymous Coward, 12 Jul 2013 @ 9:48pm

I can't wait for the revelations of blackmail for some of the affairs, crimes and outright evil deeds that our rich and famous have done. Once this type of thing starts, a secret war of blackmail material is amassed using any and all available methods.

Who watches the watchers?
[ link to this | view in chronology ]
Anonymous Coward, 13 Jul 2013 @ 7:11pm

Linux > Micro$hit
[ link to this | view in chronology ]