microsoft-building99Throughout the year, Microsoft has lambasted Google and accused them of shady privacy policies via its “Scroogled” campaign.

But now, new top-secret documents given to The Guardian by Edward Snowden shows how it was actually Microsoft allowing the NSA and FBI access to user data from platforms like Outlook, SkyDrive and Skype.

Microsoft and other tech giants have denied their involvement in a government program called PRISM that allegedly gave the U.S. government broad access to nine tech company servers for purposes of U.S. intelligence gathering.

But this new report from The Guardian shows that Microsoft not only provided user information to the U.S. government, but collaborated with them to allow access around encryption.

microsoftlogoDocuments from the NSA Special Source Operation division show how the NSA worked with Microsoft to make sure that it could get past the security settings on Outlook.com, which formally launched this past February. The Redmond software giant also allowed the NSA and FBI access to video and audio conversations on Microsoft-owned Skype, as well as files in the company’s cloud-storage platform SkyDrive.

Even more, the documents reveal that Microsoft allowed PRISM to access information on Outlook around encryption, and access to SkyDrive without separate authorization.

Update: Here’s the full Microsoft statement on the topic.

“We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues.  First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.  Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid.  Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product.  Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely.  That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.” 

Microsoft says it wants to help the public understand the nature of the requests, and the company joined Google and Facebook in asking the U.S. government for more transparency on government requests for national security information.

“Permitting greater transparency on the aggregate volume and scope of national security requests, including FISA orders, would help the community understand and debate these important issues,” a Microsoft spokesperson said last month. “Our recent Report went as far as we legally could and the government should take action to allow companies to provide additional transparency.”

Read The Guardian’s report here.

Previously on GeekWire: Secrecy and trust: Why the NSA leaks feel like ‘The X-Files’

Comments

  • Victor

    Are we honestly surprised by all of this?

    • Whatsmytrollaliastoday

      Are we honestly surprised that a troll like you believes the Guardian rag over a formal MS denial?

      • panacheart

        So if we believe that MS and other tech companies did provide NSA access to data we’re trolls?

        If this was all false Snowden wouldn’t be hiding in Russia. Of course MS in denying this, as is Google. That’s the game, discredit and deny.

        • Whatsmytrollaliastoday

          Oh FFS, now another career troll pops up to defend the Victor troll alias? Or is that just one of your throwaways? MS and Google are public companies. As such they can be fined/sued by both the SEC and shareholders if they knowingly make materially false statements. Declining to comment is one thing, especially where the Feds have a gag order. But issuing a false denial, as you’re suggesting MS did, is beyond unlikely. Except perhaps to a disgruntled ex employee…

          • panacheart

            At least I sign my name to my posts. Maybe the have a gag order, which accounts for the false denial. We’ll never know really because the NSA and involved companies aren’t talking. That’s your government at work keeping you “safe”.

      • Guest

        The same Guardian also published that NSA is spying on every american. NSA confirmed this, the president confirmed this. Yet, when they reveal that Microsoft is involved and MS formally denies it, then those leaks can’t possibly be true. Do you have a little MS shrine in your bedroom?

        • Whatsmytrollaliastoday

          Read this really slowly or have someone more intelligent explain its meaning to you:

          “To be clear, Microsoft does not provide any government with blanket or direct access to any Microsoft product.”

          • Guest

            BS

  • Walden

    The question is why is the title of this article pinpoints only Microsoft? Did the other companies like GOOGLE, Facebook and the likes didn’t help or willing provide access to the government?
    I think this is a very biased reporting.

    • guest

      Its about hypocrisy.

      • Guest

        Right. Like paying your legally required taxes while campaigning for tax reform is hypocritical. Grow a brain.

        • Andrew

          Hahaha, good one :)

  • outraged

    Ok, it’s not a surprise. But that doesn’t make it right. Our government is out of control, causing incredible changes at the core of our supposed democracy. This kinda stuff has to end.

  • Guest

    I realize that bashing MS is a media pastime and great clickbait. But what does “Scroogled” have to do with releasing selected user data to authorities when legally ordered to do so? One is about a company mining your data to sell to advertisers for profit. The other is mandated by the government and it’s likely Google complied with the same directives.

    • Guest

      One is creepy, the other is creepy & unconstitutional.

      • Guest

        Awesome off-topic response.

        • Guest

          Explain how this was an off-topic response.

    • panacheart

      They weren’t legally required to do so if you read the 4th Amendment. They were illegally required to do so.

      • Guest

        Gee, if only Google and MS’s legal department had consulted with noted legal scholar Scott Moore. Remind us again where you took your formal legal training? Oh right, you don’t have any. So I guess we’ll have to consider the possibility that actual lawyers, not faux wannabes, who actually got to review the Government’s demands, decided they were legally valid and therefore compliance mandatory.

        • panacheart

          I can’t really respond because you’re just being an ass.

          • Guest

            You did respond, tool. You just can’t refute any of the points made.

          • Guest2

            Read your constitution you sad case of an apologist! Pearls before swine.

  • Guest

    Gee, why wouldn’t I trust an article that talks about MS and “Silicon Valley” as if they’re the same?

  • Bill

    If the requesting agency has a FISA court order/warrant, the provider is obligated to provide the access. Google does it, Yahoo does it, Microsoft does it, same with cell phone providers, ISP’s and others. It happens that Apple can’t provide it in iMessages but I’m sure Apple provides other information if they have the information. They all review carefully, all have compliance teams who push back or fight when requests are illegal, but at the end of the day all must comply with the law or go to jail. If you don’t like the government getting the information, change the law.

    Recording skype doesn’t strike me as any different from a wiretap if the requesting agency has a warrant. The fact that encryption related information had to be provided or broken by Microsoft and others similarly does not strike me as surprising.
    Twitter seems to push back more that may be because of the nature of the information they have and the fact they have limited information relative to the other providers.

  • Bill

    If you really want confidentiality, you will need to use an email client on both the sending and receiving ends with separate encryption software–generally using PGP technology. Cloud based email services with no client are always subject to provider access. Similarly, documents and data would need to be kept on an encrypted laptop not stored in the could. To get the information the government would then have to have a warrant for the sender or the recipient generally.

    I’ll gladly make the convenience trade for cloud email and document access but I understand what I’m doing.

  • Guest

    “The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;”

    Since when is Hotmail encrypted?

Job Listings on GeekWork