With all the information being disclosed regarding the NSA unlawful monitoring of communications by American citizens, it is natural to wonder how the agency circumvented the encryption of some email software programs to obtain the data. In a report released by the Guardian, it seems that Silicon Valley was only too happy to cooperate with government agencies in order to provide them the key to unlocking that encryption.
It appears Microsoft collaborated with the National Security Agency during the upgrade to Outlook.com by helping the NSA circumvent its own encryption.
The Guardian reports:
The documents show that:
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in Outlook.com that allows users to create email aliases;
• Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio;
• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a “team sport”.
The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers’ privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.
In a statement, Microsoft said: “When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands.” The company reiterated its argument that it provides customer data “only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers”.
Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans’ communications without a warrant if the target is a foreign national located overseas.
Since Prism’s existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.
This is the same Microsoft who touts, “Your privacy is our priority.” If that isn’t brazen enough, Microsoft only responds to government demands about customer data when the orders are about specific accounts or identifiers. Accordingly, the NSA can issue “blanket orders” when the operative has “a 51% belief that the target is not a US citizen and is not on US soil at the time.” The NSA operative must have had that 51% belief that the entire US population were not US citizens nor were those individuals on US soil at the time and provided Microsoft with an individual request for specific accounts and identifiers. If that didn’t do it, well, the argument could be made that the entire US population consists of foreign nationals located overseas. Nice try, but America is not buying cover up excuses.
The Guardian broke the story in June of this year that the NSA through the PRISM program had direct access to systems of many major internet companies including Microsoft, Google, Facebook, Apple, Skype and Yahoo.
The Guardian continues explaining:
But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.
The latest documents come from the NSA’s Special Source Operations (SSO) division, described by Snowden as the “crown jewel” of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.
The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.
Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats.
A newsletter entry dated 26 December 2012 states: “MS [Microsoft], working with the FBI, developed a surveillance capability to deal” with the issue. “These solutions were successfully tested and went live 12 Dec 2012.”
Two months later, in February this year, Microsoft officially launched the Outlook.com portal.
Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. “For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption.”
Microsoft’s co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked “for many months” with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.
The document describes how this access “means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about”.
The NSA explained that “this new capability will result in a much more complete and timely collection response”. It continued: “This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established.”
A separate entry identified another area for collaboration. “The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes.”
Substantial effort was made by the NSA in the last two years with Microsoft to gain increased access to Skype: estimated users worldwide are about 663 million.
Skype joined the NSA family back in 2011 before being purchased by Microsoft. Even before that, the NSA was working in 2010 to “smoothly integrate” Skype into PRISM. Full details on the Skype data fleecing can be read in the article.
The full Microsoft statement is in the Guardian article. The last paragraph of the statement indicates there are aspects of this debate that Microsoft would like to be able to discuss so they have argued for additional transparency to help everyone understand.
Recently, the Washington Post and the Blaze released slides showing the NSA data collection details. Looks like Edward Snowden may be the gift that keeps on giving.
It matters a great deal that so many Americans have this belief that if they are not doing anything wrong, there is nothing to worry about. It matters a great deal that the government violates the Fourth Amendment; the government is indicating in this entire endeavor, it had justification to issue a “broad order” based on the 51% belief of an NSA operative that every American citizen monitored was either a foreign national on foreign soil or non US citizens on non US soil. It matters a great deal that large companies are compelled to comply with “broad” orders then basically lie about it to their customers.
All of this matters a great deal and nothing is being done. It is safe to say the monitoring has not stopped. It is safe to say Obama has gotten quiet about it, no doubt looking for something else to engage the attention of everyone. Congress is as ineffective in doing their job as an umbrella in a monsoon. To make matters worse, the NSA monitoring has been done to citizens of other countries, the latest Brazil. Most Americans are not experts on foreign policy, but no one has to be to deduce this places the US in a most precarious position with the other countries of the world. One can only surmise that as more information is disclosed, it will get worse and the full effect of this government operation will be felt for years to come.