Microsoft Fires Off Rebuttal To Latest Leak; Angry Letter To Eric Holder
from the at-this-point,-I'm-pretty-sure-no-one's-telling-the-complete-truth dept
The recent leak detailing Microsoft's extremely close work with US intelligence agencies seemed to contradict pre-leak statements made by the company concerning responses to data requests. Microsoft claimed it only did the minimum required by law, but the leaked documents portrayed the software giant as working in concert with the NSA and FBI to provide them with pre-encryption access to several services, including Outlook, SkyDrive and Skype.
Microsoft has responded to this leak via a blog post and a letter to Eric Holder. The blog post is a long refutation of every claim made in the leaked documents. Rather than give the agencies direct, pre-encryption access, as was stated in the leak, Microsoft claims it only provides metadata and content as requested -- and then only if Microsoft deems the request valid.
Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.With this across the board denial of the leaked documents' contents, we're left with only a few possibilities. Either the document isn't accurate and Microsoft's statement is truthful or the statement is false and the document is the truth. Or, somewhere in between, there's a way both can be accurate (or "least untruthful"), which boils down to subjective definitions of certain words, most notably "access." Microsoft could have provided near real-time access while still only complying with court orders. Everything stored and turned over to the NSA and FBI was technically "pre-encryption," in the fact that Microsoft had unencrypted access to the data. As we haven't actually seen a court order or national security letter directed at Microsoft, it's tough to say how direct and how close to real time this access is.
If a government wants customer data – including for national security purposes – it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.
We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction – fractions of a percent – of our customers have ever been subject to a government demand related to criminal law or national security.
All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the request are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.
Microsoft's rebuttal doesn't entirely refute the documents, however. There's no doubt it worked closely with these agencies to provide the access, content and data they were seeking, even if it was all strictly "by request." In terms of Skype, Microsoft doesn't even bother refuting the government had access to audio and video via its Prism connection. All it addresses is the statement that claimed video production had tripled "since a new capability was added" in July of 2012.
The reporting last week made allegations about a specific change in 2012. We continue to enhance and evolve the Skype offerings and have made a number of improvements to the technical back-end for Skype, such as the 2012 move to in-house hosting of “supernodes” and the migration of much Skype IM traffic to servers in our data centers. These changes were not made to facilitate greater government access to audio, video, messaging or other customer data.These changes may not have been made to "facilitate greater government access," but that's not what the document claims. All it says is that this new capability tripled video production. Moving to in-house hosting and migrating traffic to Microsoft data centers could certainly aid in the "production" (read: harvesting) of Skype video calls. Whatever the intent, the end result was the same -- easier, faster access to Skpe data and content for intelligence agencies.
This back-and-forth is unlikely to result in establishing definitive guilt or innocence on the part of Microsoft. Either way, it's of negligible importance. The fact is that intelligence agencies are, by way of court orders and security letters, inserting themselves deeper and deeper into the underlying fabric of online communications, something that stretches much further than Microsoft.
Microsoft itself is hoping to address the larger, more problematic issue of our growing surveillance state. In addition to its blog post, the company sent a rather irate letter to Attorney General Eric Holder [pdf]. It dispenses with most of the usual diplomatic niceties and confronts the government with the damage it's doing to American citizens and American companies with its surveillance activities.
Since the initial leak of NSA documents, Microsoft has engaged constructively with the Department of Justice, the FBI, and other members of the Intelligence Community on the ground rules governing our ability to address these issues and the leaked documents publicly. We have appreciated the good faith in which the Government has dealt with us during this challenging period. But we’re not making adequate progress. When the Department and FBI denied our requests to share more information, we went to the Foreign Intelligence Surveillance Court (FISC) on June 19 to seek relief. Almost a month later, the Government is still considering its response to our motion.This is no surprise to anyone who's attempted to obtain information or official responses from our intelligence agencies. The standard m.o. is to wait it out while chanting "grave damage to national security." But what Microsoft adds next serves as a slap in the face to those parties attempting to wait it out.
Last week we requested official permission to publicly explain practices that are the subject of newly-leaked documents that refer to Microsoft and have now been misinterpreted in news stories around the world. This request was rejected. While we understand that various government agencies are trying to reach a decision on these issues, this has been the response for weeks.
As I know you appreciate, the Constitution guarantees the fundamental freedom to engage in free expression unless silence is required by a narrowly tailored, compelling Government interest. It’s time to face some obvious facts. Numerous documents are now in the public domain. As a result, there is no longer a compelling Government interest in stopping those of us with knowledge from sharing more information, especially when this information is likely to help allay public concerns.In other words, "Your secrets aren't secret anymore. Get over yourselves."
At this point, only government employees who dutifully ignore what their employer tells them to ignore aren't aware of these leaked documents and their contents. If our "national security" was suffering "exceptionally grave damage" from these leaks, you'd think at least some of that damage would be noticeable. Instead, what we have is the large scale embarrassment of government officials who are now forced to explain actions that contradict the very principles they claim this country stands for -- that they say they stand for. Refusing to allow companies to discuss activities already outed by leaks is simply the most self-serving form of damage control. The threat to officials' reputations easily exceeds the threat to the security of the American public, and continuing to deny these companies an opportunity to explain their involvement does them, and the public, a disservice.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: eric holder, fisa rulings, free speech, nsa, nsa surveillance, skype, surveillance, warrants, wiretapping
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
Still, one gotta love how they slap the Govt in the face for their kid's play over an imaginary secrecy over documents that are pretty much common knowledge for the average Joe.
As they said, Your secrets aren't secret anymore. Get over yourselves, out of your lethargy and apathy and start fixing the damage.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
If you get the chance check out the AMD APP SDK.
[ link to this | view in chronology ]
Re: Re:
In the Linux world (which I presume is what you use) kernel 3.11, due to come out very soon (it is in rc1 state right now, it should become final in the next few weeks) has a huge update in the open source AMD graphics drivers.
If you have an AMD card, I strongly urge you to try out the new drivers. I personally can't test it, as I don't have AMD hardware (I'm stuck with NVIDIA binary blobs), but from some benchmarks I've seen, the newly updated driver has performance comparable to the closed source (catalyst) driver.
Linux is coming along nicely. I can see that many pieces are falling into place.
Soon I (we?) will be able to get rid of windows entirely (one can dream, right?).
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Except that...
This quote absolutely stinks to high heaven, and is totally unbelievable to me:
This hasn't worked for Google. It hasn't worked for Yahoo. Indeed, Yahoo had to fight to let us know that they got forced into this. It hasn't worked for any company that has resisted this. Only a few companies aren't in this situation, and that is because they entered into it whole-heartedly.
So why do we accept this current version of Microsoft's spin-doctoring and think that they are the only company out there whoa re able to resist government spy requests? How did they get the power, or privilege, or moxie to stand up against the police state? I, for one, am not buying it.
[ link to this | view in chronology ]
Re: Except that...
[ link to this | view in chronology ]
Deny... deny... deny...
[ link to this | view in chronology ]
Re: Deny... deny... deny...
Look at the telco's - barely heard a peep from them.
[ link to this | view in chronology ]
"This is no surprise to anyone" -- Techdirt's motto.
http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-199 9.html
The real question is why supposedly savvy tech writers give ANY credence at all to Microsoft: a proven monopoly built on shoddy products, is bad enough.
[ link to this | view in chronology ]
Re: "This is no surprise to anyone" -- Techdirt's motto.
[ link to this | view in chronology ]
Re: Re: "This is no surprise to anyone" -- Techdirt's motto.
[ link to this | view in chronology ]
Re: "This is no surprise to anyone" -- Techdirt's motto.
[ link to this | view in chronology ]
Re: "This is no surprise to anyone" -- Techdirt's motto.
[ link to this | view in chronology ]
Planned outrage
[ link to this | view in chronology ]
Personally, I think that Microsoft is as guilty as the leaked document and that they're trying to deflect the criticism. As more and more companies are revealed to be involved with the program at the NSA, greater scrutiny is being placed on them by American consumers and greater fallout will come out of it.
Companies, beware, we are holding you accountable. The NSA can't protect you from our expressed anger.
[ link to this | view in chronology ]
Re:
What did they think would happen when everyone found out?
[ link to this | view in chronology ]
Re:
The government is turning its back on its people. The companies it dragged into this mess, they aren't so keen to do that, to be dragged along further. They care about their customers (Well, their wallets, but still). They care enough to stand up and cry foul, To try and save themselves in front of us.
It's not fair to pin any of these companies as so evil or heartless. We don't know what happened behind closed doors. This could have been forced upon them and mind you, to have the government come down on you, that's not something so easily fought back against. I can't imagine any reason why Microsoft would want to willingly hand over data to the Government. Does it benefit them? It does in the sense that it keeps the Government from wrecking their day, but beyond that, I can't imagine it's something they're happy with, even if it was easy to twist their arm.
The government is acting as a Bully. Some kids are stronger than others. Some kids take it and cry, some kids stand and fight. We can judge the kids that cry, but we have to realize the bully that put them there.
I'm not happy with what Microsoft has done, but I am happy that they're standing up for their customers at least in some form. They need to save face, and they're doing what they should have been doing all along. I wont give them all the credit, but I will give them some.
Microsoft essentially finally stood up and took a swing back. It had been on the ground flailing around, and finally it gathered itself enough to stand up and take a swing back. They're still the little snot nosed kid they've always been, but at least they finally took some sort of stance that wasn't just to bend over and take it.
I imagine it's been difficult for them. They haven't been able to defend themselves like they should have been. Regardless if what they've done is right or wrong. They're stuck between a government that wants to silence them and a consumer base that is boiling over with hate. They want to serve their costumers, they want to calm that fire. We're their money, and they know that. We're what will break them, and they know that. It's our opinion that will change how the operate, but it's the government that isn't allowing the public's opinion to have that sway like it should. Companies improve when the backlash of the public comes down on them, but the government is making it hard for them to do that.
So, maybe they are trying to save their ass. This is what the free market is about though, isn't it? The consumers are talking, they're speaking out, and Microsoft is listening. I wouldn't ever want to be in their position. I don't like how they've handled themselves, but still. I see what it is, where they're at, the rock and a hard place they've got themselves into. Can we at least give them that? That even if they're the kid we hate, we have to give them some credence in this horrible mess that this country has been flung into?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Dear Government
[ link to this | view in chronology ]
Damage control
[ link to this | view in chronology ]
Re: Damage control
[ link to this | view in chronology ]
Re: Re: Damage control
[ link to this | view in chronology ]
Re: Re: Re: Damage control
You'll occasionally hear stories about some foreign government department moving to Linux, then never hear anything about it again. That's because moving to Linux is mostly used as a bargaining chip when negotiating Microsoft Volume Licenses.
Now it turns out that the NSA can snoop on almost anyone using Windows or other big name Microsoft products. How will China and Russia, among others, deal with the fact that MS is telling the NSA about exploits in their software before patching them?
Some European countries already are stopping schools from using the cloud, or things like Gmail. Unlike the US, Europe has privacy laws.
In the end US businesses are being harmed by all this. Mainly because any country with sense is going to switch to Linux and in house/country operations.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Money
[ link to this | view in chronology ]
Centralisation
This change made the data available to NSA without having to gain Microsoft's direct co-operation.
[ link to this | view in chronology ]
Re: Centralisation
That's the thing about the internet. You can't stop people from knowing who you're talking to. You can only stop them from knowing what you're saying. Even then, they can probably guess how you're saying it (Skype, tor, https, etc...). All tor and VPNs do is forward your messages for you.
Of course, if nothing ever hits a US data tap they can't see it, but as the parent said MS moved all the Supernodes in house.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Companies always choose profits over ethics. It's the way it's always been.
[ link to this | view in chronology ]
MS in Damage Control?
http://arstechnica.com/security/2013/06/nsa-gets-early-access-to-zero-day-data-from-micr osoft-others/
[ link to this | view in chronology ]
they're just as afraid as the rest of us
how much would it cost MS if the IRS decided to do several audits of MS, and perhaps some foreign govts changed their laws in a way that would hurt MS.. Heck, the US made europe ground the plane of a south american president. the USA is a big bully that isn't afraid of hurting people, and you don't want to get on its bad side.
I'm surprised they're (MS) standing up as much as they are.
[ link to this | view in chronology ]
Re: they're just as afraid as the rest of us
[ link to this | view in chronology ]
It's a big enough reason for many of their big customers to embrace and adopt open source operating systems.
As a small customer of google, i'm opting out to pay for Google Drive services. Why pay for it when NSA can hold my data for me for free? :)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Did Microsoft happen to mention exactly when they were planning to tell Skype users that every single word they said, along with pictures of them saying it, were being forwarded in real time to the NSA?!?
Open Source is the only way. As for Microsoft - kill it now & kill it with fire!!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Don't be surprised
Microsoft is due credit for proactively tackling the constitutional issues, however it is possible they are doing this not to be "good guys", but to limit their liability by disclosing what information the government harvests from Microsoft customers.
[ link to this | view in chronology ]
Re: Don't be surprised
Microsoft is more obnoxious than raw sewage. Die, Microsoft, die!!!
[ link to this | view in chronology ]
This is how it gets done.
[ link to this | view in chronology ]
A Letter to Microsoft
We received your letter of this past week, and thank you for your version of events. We do truly appreciate your candor.
However, due to some rulings in the past, we're still partners, and we'll be sending copies of this letter to the relevant parties.
Hope to be doing further business with you real soon!
Sincerely,
The NSA
[ link to this | view in chronology ]
Re: Re: Re: Re: Damage Control
http://www.wired.com/wiredenterprise/2013/03/ubuntu-china/
That's in addition to Red Flag Linux:
http://en.wikipedia.org/wiki/Red_Flag_Linux
[ link to this | view in chronology ]
How to read a press release
[ link to this | view in chronology ]
Re: How to read a press release
Rich Fiscus, You Win The Internet!!!
[ link to this | view in chronology ]
1. If MS where giving full access to the NSA, wouldn't it be illegal at this point to let it be known?
2. How do we all feel about the idea of the xbox one camera and microphone in our living-room now?
[ link to this | view in chronology ]
Re:
Absolutely. OTOH if any of the allegations in those leaks were false it would be entirely legal to flatly deny them. They chose not to do that across the board.
This is the same tactic I've seen many times when companies try to scare a website to retract something they've published. I'm sure Mike has experienced this as well. They send you an email implying what you wrote isn't true but never actually come out and refute a single fact. Instead they provide some sort of alternate story that implies you have the facts wrong.
If a company wants to deny a rumor or an allegation they come out and unequivocally do so. They cite a specific claim and say "that's not true." If they dance around the subject instead it means they have decided, for whatever reason, not to deny the allegation. Full stop.
In case I'm not being clear (I do that a lot), here's an example of what I'm talking about.
[ link to this | view in chronology ]
You people and the fully automated house people are nuts. I am keeping my analog control system in my car, refrigerator, and microwave. I am not giving the NSA that degree of control of my life.
[ link to this | view in chronology ]
America where are you now
[ link to this | view in chronology ]