Microsoft cites constitutional rights to lift gag orders, tell public about gov’t spying

Microsoft denied giving the feds 'direct access' to customer data and appealed to the U.S. Attorney General to lift the secrecy ban based on constitutional guarantees.

In a letter [pdf] to Attorney General Eric Holder, Microsoft General Counsel Brad Smith, wrote:

As I know you appreciate, the Constitution guarantees the fundamental freedom to engage in free expression unless silence is required by a narrowly tailored, compelling Government interest. It's time to face some obvious facts. Numerous documents are now in the public domain. As a result, there is no longer a compelling Government interest in stopping those of us with knowledge from sharing more information, especially when this information is likely to help allay public concerns.

Government lawyers have been stalling since June, when leaked Prism documents about NSA spying hit the media, and Microsoft filed a petition asking for permission to publish more complete details about how it handles "government legal demands for customer data." Like other tech giants, the spygate scandal puts Microsoft in an unfavorable light. Project Chess exposed how NSA had access to Skype chats even before Microsoft owned it, but the latest leaks indicated that Microsoft circumvented its own encryption and collaborated with the NSA and the FBI to offer surveillance capabilities for Skype, SkyDrive and So now, in full damage-control mode, Microsoft denied giving the government "direct access" to customer data and appealed to the U.S. Attorney General.

Smith wrote a long blog post to address "inaccuracies in the interpretations" of the most recently leaked documents about Microsoft.

" (formerly Hotmail): We do not provide any government with direct access to emails or instant messages. Full stop." He continued, discussing legal obligations, before adding:

To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.

Smith agreed that Microsoft discussed legal compliance requirements with the government, but in "none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption. Second, these discussions were instead about how Microsoft would meet its continuing obligation to comply with the law by providing specific information in response to lawful government orders."

Regarding SkyDrive, Microsoft made changes in 2013 to its "processes to be able to continue to comply with an increasing number of legal demands governments worldwide. None of these changes provided any government with direct access to SkyDrive."

Microsoft takes care of its paying corporate customers as regarding "Enterprise Email and Document Storage," Smith wrote: "If we receive a government demand for data held by a business customer, we take steps to redirect the government to the customer directly, and we notify the customer unless we are legally prohibited from doing so. We have never provided any government with customer data from any of our business or government customers for national security purposes."

Although Microsoft admitted to making "technical back-end" changes to Skype in 2012, Smith adamantly denied allegations that those changes gave the government greater access to Skype video, audio, chats or other customer data. Smith claimed, "We will not provide governments with direct or unfettered access to customer data or encryption keys."

He wrote, "Looking forward, as Internet-based voice and video communications increase, it is clear that governments will have an interest in using (or establishing) legal powers to secure access to this kind of content to investigate crimes or tackle terrorism." And Microsoft has been looking in this direction since 2009 when it filed a patent called "Legal Intercept" for VoIP. Although that was way before Microsoft ever acquired Skype, the patent does specifically mention Skype. "VoIP may include audio messages transmitted via gaming systems, instant messaging protocols that transmit audio, Skype and Skype-like applications, meeting software, video conferencing software, and the like."

That patent, however, later led to a patent war over wiretapping VoIP and surveillance backdoors into Internet chats. VoIP-Pal claimed that it first had such a surveillance patent that would "allow government agencies to 'silently record' VoIP communications." It also mentions Skype and "national and international demands by governments to enable law agencies the ability to perform scheduled and live intercepts (wiretaps) on Digital Voice telephone conversations."

It's interesting that Microsoft is appealing to the U.S. AG [pdf] and talking about constitutional guarantees and "principles that we all put first and foremost." Those rights should also be upheld by the Obama administration's Privacy and Civil Liberties Oversight Board that is supposed to "oversee the impact of national security programs on Americans' privacy." They held a hearing about the governments' surveillance programs revealed via Snowden's leaked documents. As Bruce Schneier pointed out, board member Rachel Brand said: "There is nothing that is more harmful to civil liberties than terrorism. This discussion here has been quite sterile because we have not been talking about terrorism."

Really? America has changed drastically because of this war on terrorism; government agencies continually publish you-might-be-a-terrorist if lists. If the Privacy and Civil Liberties Oversight Board didn't discuss terrorism, then it was the big, fat elephant in the room. It is why we are where we are now regarding mass surveillance of innocent Americans, who—like Microsoft—are supposed to have constitutional guarantees, protections and rights.

Like this? Here's more posts:

  • You might be a terrorist complain about your tap water
  • Microsoft joins ranks of those believing the government is conspiring against them
  • Surveillance court 'secret' rulings slaughter Fourth Amendment to help NSA spy
  • Govt's $2.7 million KILL IT WITH FIRE approach to malware: Destroy all hardware
  • How much privacy will you have with Microsoft's 'family of devices'?
  • Hackers can wipe or steal data from security holes in 300,000 servers
  • Hacking and attacking automated homes
  • Hijacking Office 365 and other major services via cookie re-use flaw
  • MSFT to developers: Fix Windows app security flaws in 180 days or be kicked from stores
  • Microsoft Research: MoodScope, a context-aware smartphone to sense and share your mood

Follow me on Twitter @PrivacyFanatic

Copyright © 2013 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)