Microsoft To Encrypt Data Center Links; Says NSA Hacking Would Be Unconstitutional
from the and-now-what? dept
We were somewhat surprised to see Microsoft recently admit that in the wake of the revelation that the NSA had infiltrated the private data links between Yahoo and Google's data centers that it had not yet decided to encrypt its own such links. Google had very quickly moved to encrypt those links and Yahoo has recently done so as well (though it took a little while). Now Microsoft is saying that it's going to do the same thing.While the revealed documents did not directly point to a similar infiltration of Microsoft, there's reason to believe it was also compromised. Other Snowden documents mentioned in the linked article above note that Microsoft is listed as having data accessible under the same program, referred to as MUSCULAR. Perhaps more interesting is Microsoft making it clear that it believes any such infiltration would be a serious legal violation:
When asked about the NSA documents mentioning surveillance of Microsoft services, Smith issued a sharply worded statement: “These allegations are very disturbing. If they are true these actions amount to hacking and seizure of private data and in our view are a breach of the protection guaranteed by the Fourth Amendment to the Constitution.”Of course, just because something is a Constitutional violation doesn't necessarily mean that there's much of a legal remedy. Any lawsuit would immediately lead to claims of sovereign immunity and national security to try to kill off any such lawsuit. It's the same thing the feds have done every time they've been challenged on this stuff. The only real way to deal with this is to make sure that the companies actually protect user data in a manner that makes it nearly impossible for the government to break in as it has in the past.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: brad smith, datacenters, encryption, infiltration, nsa, nsa surveillance
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Not really true. Most people quite reasonably assumed that those links weren't vulnerable, because they're not accessible to the outside world. Just like, if I have two computers connected at home, I don't encrypt the data exchange between them because I have a reasonable belief that no one unauthorized is sitting between them.
The issue here is that it appears that *most likely* an outside party, such as Level3 who helped run these networks, gave the NSA access (perhaps under court order). But an outside party, such as the "enemies of the US" you state, wouldn't have access to these links directly. So not sure how they would go about getting access. NSA is able to because it can issue a court order and force Level3 to throw a tap on the line. Not so much with others.
[ link to this | view in chronology ]
Re: Re:
They are not accessible to the internet, they are accessible to a guy and a pair of pliers though, we all knew this for a long time and even the government knows this, that is why if you go digging in some places the secret service shows up.
http://www.fibersensys.com/security-solutions/pds-alarmed-carrier/item/s-pon-physical-security-an d-pds-alarmed-carrier
The very least they could have done is encrypt the traffic, no need for fancy cabling full of sensors trying to sense tampering on the cables.
Further the more people start using the cloud the more attractive those things become, specially when money is involved so is just not governments that would want to try and tap it but also criminals.
So I will once again ask why the most basic security was not implemented a long time ago?
Was it because governments said they didn't want them to do it and they turned a blind eye to the problems with it?
Because that would be like having someone tell you not to implement a security feature because he is using that to do something else at the expense of everybody else that could be harmed by real criminals.
ps: I do encrypt all traffic in my home network, it costs nothing and it increases the layer of security.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Even worse than that, that long cable doesn't go directly to the other apartment. It runs into a black box in Level 3's place, then goes to the other apartment.
[ link to this | view in chronology ]
Re: Re:
They are not accessible to the internet, they are accessible to a guy and a pair of pliers though, we all knew this for a long time and even the government knows this, that is why if you go digging in some places the secret service shows up.
http://www.fibersensys.com/security-solutions/pds-alarmed-carrier/item/s-pon-physical-security-an d-pds-alarmed-carrier
The very least they could have done is encrypt the traffic, no need for fancy cabling full of sensors trying to sense tampering on the cables.
Further the more people start using the cloud the more attractive those things become, specially when money is involved so is just not governments that would want to try and tap it but also criminals.
So I will once again ask why the most basic security was not implemented a long time ago?
Was it because governments said they didn't want them to do it and they turned a blind eye to the problems with it?
Because that would be like having someone tell you not to implement a security feature because he is using it to do something else, at the expense of everybody that could be harmed by real criminals.
Do anybody ever uses paypal, send credit card info with any of those companies?
Do any system administrator have access to that information?
There are external and internal threats and the government although a worthy one is not the only.
I could go on and on, but hopefully this makes this little bit can make the point.
ps: I do encrypt all traffic in my home network, it costs nothing and it increases the layer of security.
More sources:
http://www.idquantique.com/network-encryption/video-hacking-an-optical-fiber.html
http://www. itpro.co.uk/613486/fibre-optic-networks-vulnerable-to-hacking
http://www.techrepublic.com/blog/it-security/protect-your-network-against-fiber-hacks/
http://searchs ecurity.techtarget.com/magazineContent/Optical-network-security-Inside-a-fiber-optic-hack
http://hack aday.com/2011/06/21/the-engineering-guy-explains-fiber-optics/
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Perhaps you should dust off your dictionary and look up the term "aid and abet" then you will discover how far away "adjacent" is in meaning.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Hey Microsoft, want to get a lot of customers back? Directly take one for the team.
[ link to this | view in chronology ]
All the big pipe companies like level3 can and probably have been infiltrated.
Hell look at all the companies that were making money from Uncle Sam by providing access to data under FISA and simple requests.
All these companies can encrypt all they want, they will still hand over the keys when asked.
What needs to change is laws that require the proper 4th amendment process to be put in place.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Backdoor in Windows ?
Now could there be a backdoor built into every single edition of Windows ? If so, then how much will encryption help, if the NSA has a direct 'open line' into every single Windows PC on the planet ?
[ link to this | view in chronology ]
Re: Backdoor in Windows ?
Yes, but only the cryptographic parts. You can easily avoid this by using quality crypto software that doesn't make use of the MS crypto api.
There could, of course. It's even widely believed in the industry that there is (mostly because of the NSA_KEY business). Nobody knows for sure, though, and in my work (tangentially related to this stuff) I have seen a number of signs that either there is no backdoor or it is very difficult to use.
It helps a lot. For someone to use a backdoor, they have to target you, specifically. They have to know your IP address, for instance. Bulk collections of communications would be much more difficult if everything was encrypted even if every machine also had a back door installed.
[ link to this | view in chronology ]
The Obvious
Since the well orchestrated Terror attack played out on September 11th 2001,
WHAT "LAW" HAS BEEN IMPLEMENTED BY THE FOREIGN ENEMIES PLACED INTO POWER TRAITORS OF A 100% CORRUPTED CONGRESS OR the "HIGH TREASON" ENEMY OF ("WE THE PEOPLE") ALL PRESIDENTS SINCE REAGAN THRU OBAMANATION WITH THEIR GOD DAMNED EXECUTIVE ORDERS AND DELIBERATE BANKRUPTING OF THIS FALLEN NATION WHILE ENSLAVING US ALL, HAS """NOT""" BEEN
U-N-C-O-N-S-T-I-T-U-T-I-O-N-A-L ?
We already know the people will NEVER resist or Unite, We are living through historic times. America is the most docile, domesticated, never before seen, human race, unable to recognize they are SLAVES, They truly believe they are still free, unable to stand up for their fundamentals 2+2 human being rights, willfully forfeiting with NO resistance, out of FEAR. Americans wont even stand up for their countrymen when a cop beats them to death for a half hour. TOO many incidents to count. Kelly Thomas, Milton Hall, Occupy Wall Street, Bradley Manning, or the millions sitting in foreign run private prisons this HIGH TREASONOUS govt guaranteed to keep 90% full which make up 92% of the prisons in this desolated nation. Heck even the VP Dick Cheney invested 70 million of his own money in the Van Guard Group, to profit off Americans in jail that never committed a crime.
It is becoming amusing and yet still feel overwhelming pity for the 99% of the population who have NO idea what is really going on.
He who will deceive the Whole world, has succeeded.
[ link to this | view in chronology ]
Wrong direction
Eventually you need to remove the Nazis, not create better attics to hide the Jews...
[ link to this | view in chronology ]