Civil Liberties

Documents Reveal That Microsoft Let NSA Bypass Its Customers' Encryption

|

Microsoft
Microsoft

Not that most of us have been inclined to trust Skype as a conduit for confidential information in recent years, but the latest treasure trove of revelations published by The Guardian reveal that Microsoft has given the National Security Agency the means to bypass encryption in its products, including Skype and Outlook. We can probably assume that other American companies have similar arrangements with the NSA, raising the likelihood that American software products and online services will rapidly lose popularity around the world as a consequence of their cozy relationship with the snoops.

Reports Glenn Greenwald and fellow journalists at The Guardian:

Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".

Skype once had a reputation as a secure channel for communicating, but rumors have circulated ever since its acquisition by Microsoft that the company collaborated with the feds. The Guardian report would seem to confirm those rumors — and to suggest that to use a Microsft product is to share a party line with snoops employed by the United States goverment.

But other governments also spy, to a degree rivaling American efforts, and they probably lean on corporations based in their countries. Ultimately, commercial software with proprietary code might become anathema for anybody concerned about security. The greatest winner from these spying revelations may be open source products that can be scrutinized for backdoors and compromises by independent observers.