Microsoft former chief privacy adviser Caspar Bowden has said for years that he does not trust Microsoft as a company, nor does he trust its software. If a privacy expert who previously worked for Microsoft can\u2019t trust the company, should we? Well at the 31st Chaos Communication Congress (31C3), Bowden presented The Cloud Conspiracy 2008 \u2013 2014 (pdf).Bowden served as Chief Privacy Officer at Microsoft for nine years, responsible for advising 40 National Technology Officers from different countries. During an internal strategy conference in 2011, with Microsoft deputy general counsel, cloud management personnel and the NTOs in attendance, Bowden warned, \u201cIf you sell Microsoft cloud computing to your own governments then this [FISA] law means that the NSA can conduct unlimited mass surveillance on that data.\u201dAfter that, Bowden said the deputy general counsel \u201cturned green\u201d and the room was dead silent. During the coffee break, Bowden was threatened with being fired. Two months later, Microsoft decided Bowden was redundant and fired him.In Bowden\u2019s presentation about 'The Cloud Conspiracy,' he explained that he\u2019s not referring to the cloud as in storage, but the cloud as in data processing. \u201cYou cannot protect data in cloud computing,\u201d he said. Caspar Bowden His talk could basically be boiled down to how likely is it, legally or technically, that data centers have secret doors for warrantless mass surveillance? Bowden explained how the 2008 changes to the Foreign Intelligence Surveillance Act Amendment Act (FISAAA) added the secret surveillance of remote computing services, aka the cloud. That surveillance, he said, doesn\u2019t have to be triggered by potential criminality or national security, but is instead \u201cpurely political surveillance\u201d of \u201cordinary lawful democratic activities.\u201d Caspar Bowden Bowden primarily is talking about secret targeted cloud surveillance of non-US persons outside of the US; that\u2019s a whopping 95% of the world. In other words, the former Microsoft Privacy Chief said FISAAA means \u201cIf you are not American, you cannot trust U.S. software services.\u201d Even if the software started off being cryptographically sound, software updates can be pushed through \u2013 pushed at you because you are targeted \u2013 with results of subverting your security. Caspar Bowden He added that any company choosing not to comply with a FISA order can be found in contempt of the Foreign Intelligence Surveillance Court (FISC). If someone in an American company were to tell a foreign data protection authority about the FISA order, then the individual\/company could potentially be charged with the Espionage Act and face 20 years in prison\u2026or worse.In the synopsis of his lecture, Bowden wrote, \u201cThere is one law (FISA 702) and one policy (EO12333) which authorizes the US government to conduct mass surveillance on \u2018foreigners in foreign lands\u2019. These are drafted in terms which discriminate the privacy rights you have by the passport you hold - in fact there are no rights at all for non-Americans outside the US.\u201dNow get this, the slides explaining FISAAA and what happens if you don\u2019t comply with FISC have not changed from what Bowden presented pre-Snowden at the internal Microsoft cloud strategy meeting. You know, the one that ultimately resulted in Microsoft firing him for daring to tell the truth about its cloud services. Yet even the EU laughed off NSA cloud surveillance capabilities before the PRISM scandal.The rest of his multidisciplinary talk deals with \u201cnational and international surveillance and privacy law, Five Eyes SIGINT policy, technical security and economics\u201d as well as possible EU strategies and resolutions. Since PRISM, Bowden has come to believe that the only way to ensure cloud privacy is to have free and open source software running on locally hosted data centers. \u201cThe only possible resolution compatible with universal rights is data localization, or construction of a virtual zone in which countries have agreed mutual verifiable inspections that mass-surveillance is not occurring.\u201dBowden describes the current political situation with the meta-panopticon slide below. Caspar Bowden Since talk started of alleged back doors in Microsoft products, Microsoft\u2019s General Counsel Brad Smith makes it appear as if Microsoft is working hard on transparency and fighting the good fight to reform surveillance. Maybe that\u2019s true, maybe Microsoft hopes that trust in US services is not irreparably damaged? Bowden doesn\u2019t trust the company or its software and he likely knows more secrets about Microsoft than we will ever know.Despite Microsoft\u2019s current public position on mass surveillance and privacy, \u201cThe thoughts that Edward Snowden have put in the minds of the public cannot now be unthought,\u201d Bowden said.