Forgot your password?
typodupeerror
Privacy Government Microsoft United States

Microsoft's Cooperation With NSA Either Voluntary, Or Reveals New Legal Tactic 193

Posted by timothy
from the man-in-the-middle-attack dept.
holy_calamity writes "When Microsoft re-engineered its online services to assist NSA surveillance programs, the company was either acting voluntarily, or under a new kind of court order, reports MIT Technology Review. Existing laws were believed to shelter companies from being forced to modify their systems to aid surveillance, but experts say the Foreign Intelligence Surveillance Court may now have a new interpretation. Microsoft's statement about its cooperation with NSA surveillance doesn't make it clear whether it acted under legal duress, or simply decided that to helping out voluntarily was in its best interest."
This discussion has been archived. No new comments can be posted.

Microsoft's Cooperation With NSA Either Voluntary, Or Reveals New Legal Tactic

Comments Filter:
  • by Anonymous Coward on Saturday July 13, 2013 @07:31AM (#44269021)

    Don't use US services.

    • by Anonymous Coward

      Remember Microsoft already own a back door into every windows box - they call it "software update" - com patch Tuesday maybe you get something different from everyone else should the NSA want a peek - that's the problem with closed source code - who do you trust?

      • by vux984 (928602)

        they call it "software update"

        Feel free to turn it off if you fear the NSA is going to send you a custom payload.

        that's the problem with closed source code - who do you trust?

        And in open source land I have to trust the repo maintainers. Could they be infiltrated by the NSA, could they also forward me something different from everyone else when do an apt-get update... I think they could.

        Am I more or less likely to know the NSA is doing this? Hard to say... Red Hat, Canonical, etc are corporations just like

    • by CuteSteveJobs (1343851) on Saturday July 13, 2013 @09:51AM (#44269571)
      Chinese backdoors. US backdoors. Aussie backdoors. Not just government, you can't even trust the companies you pay to look after you. Can anyone be trusted? Everyone will now encrypt the shit out of everything making it easier for the next bin Laden and perverts to hide their crimes.
    • by MacDork (560499)

      Don't use US services.

      Just US services? What about US closed source OSes? Flashback to 1999 and the _NSAKEY discovery. [slashdot.org] Microsoft denied speculations that _NSAKEY meant exactly what it sounds like. Everyone mostly believed it. If you didn't you were a tin foil hat conspiracy nut.

  • by Rockoon (1252108) on Saturday July 13, 2013 @07:33AM (#44269031)
    Businesses dont go out of their way to increase their costs with no tangible benefit. There is either a tangible benefit (Quid pro quo) or it was the best of a group of bad options (not doing it will cost us more.)

    I don't see what the NSA/FISA has to offer in return, so its probably being done due to a threat, and at that point you have to wonder what other companies are also doing for the same reason.
    • by gl4ss (559668)

      oh they do get to bill them for the surveillance.

      but the point is more about that they can be told to do it without mentioning there is a court order.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I don't see what the NSA/FISA has to offer in return, so its probably being done due to a threat, and at that point you have to wonder what other companies are also doing for the same reason.

      In exchange, they get their share of stolen data in order to compete against other (probably mostly foreign) companies. That data can be used to win orders in a bidding competition, for example, and to get previews of planned production models and other strategic information. Don't think for a second that MS would not offer their eager help for that kind of intel.

      See http://cryptome.org/echelon-ep-fin.htm [cryptome.org] for reference. Bit old, though.

    • by TheP4st (1164315)

      I don't see what the NSA/FISA has to offer in return

      Intelligence on non-US competitors, intelligence on the EU commissioner of competition and so forth. There is plenty of very high financial and strategic value that the NSA could offer in return. Whether doing so would be legal or not is a different story altogether, but it's not like the NSA allow pesky little details as legality get in their way.

    • by mcgrew (92797) *

      I always thought it was odd that after the DoJ kicking MS's ass in court that the incoming Bush administration would pretty much let them off scott-free.

      Pretty good guess as to why now.

      I have to get off my lazy butt and get Linux on this notebook now...

      • by Anonymous Coward on Saturday July 13, 2013 @09:55AM (#44269599)

        Yeah, put Linux on it.
        For your reading amusement during the installation:

        http://www.redhat.com/workshop/defense/agenda/

        Panelists:
        Neil Ziring: Technical Director, NSA Information Assurance Directorate
        Al Holt: Technical Director, NTOC, NSA
        Terry Sherryl: DISA FSO
        David A. Waltermire: Security Content Automation Protocol (SCAP) Architect, NIST

        It's weird that no one on /. seems to be curious if a corporation that is a leading contributor of OSS sofware with over a billion in revenues each year and a cozy relationship to the US defense sector has been pressured, like Microsoft, to put in backdoors/exploitable vulnerabilites into the Linux kernel or any of their other products. Yes, it's open source, but who audits the code? Supposedly each commit is signed off by another kernel dev. However, in most cases you have one developer signing off on commits of another developer from the same organization. Most times its just rubber-stamp procedure. Given that Linux is used across the world, it seems highly unlikely that the US government would only put pressure on proprietary software and services companies to comply with its demands to make their products easier for them to bypass?

        • I agree that one should question RedHat and a few other GNU/Linux distributions. Luckily we do not have to use RedHat if we choose to use GNU/Linux, there are many other variants. NSA may have a harder time getting their backdoors into Debian / Ubuntu than they have with RH, but there are questions there too. Anyone remember that "mistake" in Debians OpenSSL code which made it generate useless certificates for years without anyone noticing? As for the kernel itself.. I don't see it as likely that anyone wou
        • by gmuslera (3436)
          An open code (with reviewers on it) means that is at least hard that a backdoor sneaks in. In closed source software you must "trust" in the vendor to not include it (and this story is about a particular one, clearly not deserving any trust), as is even forbidden by law to reverse engineering software to see if it have backdoors or is spyware. in open source you have all the code, and more important, they have it too, they could check if there isnt backdoors from others too. They would be dumb if they are a
    • They do go out of their way to please regulators and governmental agencies that can interfere with their business. The USA still has extensive regulations on the export of encryption technologies, regulations that could require compliance reviews and delay major commercial releases by months or force expensive splitting off of encryption technologies as separate packages requiring expensive, separate registration to download. This has occurred repeatedly with older technologies, such as the "3DES" and other

    • by AHuxley (892839)
      Re wonder what other companies are also doing for the same reason.
      What could have the US gov done to M$? Take it to court 'again' and 'win' - shattering M$ down to a few MS branded product ranges as punishment?
      A massive ramping up of strange issues with taxes, people in the company, new gov/mil formats open to other US brands on the desktop?
      Setting standards reducing MS to just a desktop OS with a larger non MS application product pool been supported?
      Lock MS out of .edu and .mil?
      All very late to been
    • by sjames (1099)

      NSA to Microsoft: "Now I'm not sayin' nothing, but contracts fall through and audits happen... Youse could really use some insurance."

    • by gmuslera (3436)
      You should consider NSA/FISA by now as mobsters, and what they sell is "protection", specially from the law. And considering how much Microsoft has been protected from the law in the last 20-30 years, i'd say that their cooperation with US intelligence agencies goes back to the last century.
  • by hsmith (818216) on Saturday July 13, 2013 @07:39AM (#44269059)
    Does someone really need to connect the dots?
  • Missed an option. (Score:5, Interesting)

    by SuricouRaven (1897204) on Saturday July 13, 2013 @07:40AM (#44269065)

    It could be 'voluntary' complience, with the quotemarks. The classic offer-you-can't-refuse approach. Perhaps a government representative just explained that one way or another the NSA was going to get total access, but if MS (or any other company) complied now they could at least deign the taps in a way suited to their infrastructure, whereas resisting the request would result - after a couple of sessions of congress - in a new law mandating an NSA-designed system be installed and probably break half their well-designed systems by forcing centralisation.

    In the UK we used the same approach to compel ISPs to install anti-child-porn filters: The government never actually passed a law mandating ISPs install filtering, they just made it quite clear that they would pass a law if the industry didn't collectively do so 'voluntarily.' This suits the govermnent very well, because it means the filtering list can be maintained by the IWF, an ultra-secretive unaccoutable non-governmental organisation with all the procedural transparency of a lead brick. If they screw up and block wikipedia, no government department gets the blame and no embarassing enquery is launched.

    I'm expecting exactly the same tactic will be used within a few years to pressure ISPs into blocking regular adult pornography too - there's already a major tabloid and a couple of MPs campaigning for it. To protect the children, of course.

    • by drinkypoo (153816)

      If you were willing to assume Bill Gates was against it (could be, who knows) then you could assume that it's because they have him and his baby by the nuts. Remember, they were convicted of abusing their monopoly position once, and then let off with a handslap. The deal was altered, pray it is not altered further.

      • Need to work out timing issues - it's not clear how long this has been going on, and Gates hasn't been in charge at MS for a long time now.

        If it dates back as far as the antitrust trial, then it is quite plausible that some strings may have been pulled in exchange for cooperation. It might explain why the very harsh sanctions were overturned on appeal and replaced with just a slap-on-the-wrist. But this is just groundless speculation - those events were prior to 9/11, before there even was a DHS, and back w

        • by drinkypoo (153816)

          Need to work out timing issues - it's not clear how long this has been going on, and Gates hasn't been in charge at MS for a long time now.

          I say unto thee: NSAKEY.

  • by Anonymous Coward

    Although apples taste nice, the fact of the matter is that microsoft is only one (albeit a big fish) of a number of companies who have bent-over-backwards for the NSA/CIA/MOSSAD.

    Google`s Brin is ex-israeli army, Facebook`s Zuckerburger has undisclosed interests in israel (a foreign entity), and Akamai was founded by an israeli-commando?

    Hold up, lemme get this write....... The "mines" of the vast majority of private personal data are afilliated with israel? Can this be true? If so, what sort of proportions a

  • Possible answer (Score:5, Informative)

    by dkleinsc (563838) on Saturday July 13, 2013 @07:49AM (#44269099) Homepage

    Remember "national security letters" that were created as part of the "USA Patriot Act"? These were the special kind of fake warrants that were never approved by any judge, but any person or organization who got one wasn't allowed to tell anyone about, including a court of law (preventing anyone from saying "Hey, Fourth Amendment anyone?"). That would explain everything: why FISA didn't stop it, why the companies are cooperating with the NSA, and why they aren't including references to such things in their privacy policies.

    Bless you, former senator Russ Feingold, for having the guts to stand up for the Constitution when the entire rest of the Senate ignored it.

    • A National Security Letter, is the worst bloody thing that can happen to anyone, since it instantly turns the subject into a second class citizen, who cannot get a mortgage, cannot buy a car, cannot fly, cannot travel out of the country and best of all, cannot find out why, talk, or do anything about it either. The only thing such a person can do is walk south to another country, since being an illegal in South America would be better, because if you have a a white skin, everyone will assume that you are i
  • What do you expect Microsoft to do if the NSA come knocking with a request for information? Say no? You either provide it to them or your company will get severely fined with possible additional legal action taken against it.

    Doesn't make it right. Doesn't make it "land of the free". But fuck if Google wouldn't have to deal with the same shit if the NSA came to them (and no doubt they already have). It's just because Microsoft didn't want to make a big fuss for no reason that people are jumping over them.

    Hav

    • What do you expect Microsoft to do if the NSA come knocking with a request for information? Say no? You either provide it to them or your company will get severely fined with possible additional legal action taken against it.

      Ask to see the warrant signed by a judge specifying the individual and information they are requesting the information for?

      Say no when they can't produce that information?

      Take the government to court when they demand you do something unconstitutional?

      In other words, obey the law of the

      • by readingaccount (2909349) on Saturday July 13, 2013 @08:52AM (#44269311)

        Who says they didn't ask for the warrant? Do you know for sure how the requests went down? Also, what makes them illegal orders? If the courts uphold them, they aren't illegal (they might be immoral, but that's another story).

        Google's just better at the PR in these cases. But in the end, both companies (indeed, most companies) look out for themselves. They probably know it's not worth fighting the Unites States fucking Government unless you're pretty damn sure it's worth it.

        • by Arker (91948) on Saturday July 13, 2013 @09:00AM (#44269357) Homepage

          "If the courts uphold them, they aren't illegal"

          This is unfortunately a common misunderstanding.

          16 Am Jur 2d, Sec 177 late 2d, Sec 256:

          The general misconception is that any statute passed by legislators bearing the appearance of law constitutes the law of the land. The U.S. Constitution is the supreme law of the land, and any statute, to be valid, must be In agreement. It is impossible for both the Constitution and a law violating it to be valid; one must prevail. This is succinctly stated as follows:

          The General rule is that an unconstitutional statute, though having the form and name of law is in reality no law, but is wholly void, and ineffective for any purpose; since unconstitutionality dates from the time of it's enactment and not merely from the date of the decision so branding it. An unconstitutional law, in legal contemplation, is as inoperative as if it had never been passed. Such a statute leaves the question that it purports to settle just as it would be had the statute not been enacted.

          Since an unconstitutional law is void, the general principles follow that it imposes no duties, confers no rights, creates no office, bestows no power or authority on anyone, affords no protection, and justifies no acts performed under it.....

          A void act cannot be legally consistent with a valid one. An unconstitutional law cannot operate to supersede any existing valid law. Indeed, insofar as a statute runs counter to the fundamental law of the lend, it is superseded thereby.

          No one is bound to obey an unconstitutional law and no courts are bound to enforce it.

          • by jbolden (176878)

            That's nice in theory. But in reality what is enforced is the law. The United States has a constitution which is mostly enforced and almost universally respected. Other countries have had constitutions which are mostly ignored.

          • by dcollins (135727)

            But "if the courts uphold them" (what GP said) != "any statute passed by legislators" (what you quoted). You're talking about legislature, GP is talking about courts, and they are of course very different. If the court system, including the Supreme Court, passes judgement and says a law is enforceable, then indeed we can conclude that it is officially constitutional per our legal system. Your quote is not on topic to this point.

            • by Arker (91948)

              No, I am talking about the validity of laws, and you seem to be (willfully?) avoiding the point. The unconstitutionality of a law is a result of its conflict with a higher law, not of any pronouncement from a court. The court, should it work correctly, will refuse to enforce unconstitutional laws when that issue is brought before it, however should it fail to perform that duty the law remains unconstitutional nonetheless. It is void from the moment the legislature passes it and no one has any legal obligati

      • by drinkypoo (153816)

        Other companies - sadly only a handful - have fought these illegal orders

        And look where it got them. Forget not the story of Qwest. The moral, to me, is that you are not permitted to succeed past a certain point in the USA if you are not willing to violate the constitution.

    • by Anonymous Coward on Saturday July 13, 2013 @09:55AM (#44269589)

      It's worse than that. Joseph Nacchio at Qwest did resist and is now in prison. Given the secrecy and that Qwest is the only company to have publicly resisted, he certainly looks like a political prisoner, visibly targetted pour encourager les autres. Key evidence was suppressed on "national security" grounds. This was even before the "patriot" act. A couple of links:

  • by Anonymous Coward on Saturday July 13, 2013 @07:51AM (#44269107)

    http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data [guardian.co.uk]

    "Microsoft has collaborated closely with US intelligence services to allow usersâ(TM) communications to be intercepted, including helping the National Security Agency to circumvent the companyâ(TM)s own encryption, according to top-secret documents obtained by the Guardian.

    The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

    The documents show that:

    * Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

    * The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

    * The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

    * Microsoft also worked with the FBIâ(TM)s Data Intercept Unit to âoeunderstandâ potential issues with a feature in Outlook.com that allows users to create email aliases;

    * In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

    * Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a âoeteam sportâ."

    And you STILL want to do business with them? You STILL want to trust their OS with your personal files and/or communications?

    What more do you need?

    • by Cenan (1892902) on Saturday July 13, 2013 @08:34AM (#44269253)

      And you STILL want to do business with them? You STILL want to trust their OS with your personal files and/or communications?

      It really doesn't matter in what manner the three letter agencies are collecting their information, from the browser, from the SSL socket (pre encryption) or directly from the OS. Google, Facebook, you name it, they'll all have to comply with a national security letter. Oracle would too, and anyone running a Linux based service, the "OS from hell" argument is moot at this point. Nice try though.

      • by TyFoN (12980)

        So the option left is running open source software on your computer with local strong encryption and pray that the chips don't have nasty microcode in them.

        I'm already there :)

    • by mcgrew (92797) *

      And you STILL want to do business with them? You STILL want to trust their OS with your personal files and/or communications?

      It's pretty hard to buy a laptop without "doing business" with them. And I'm sure the NSA can get in my Linux box with little effort, too.

      If MS's poorly designed, feature-poor, buggy, user-hostile OS doesn't make folks change OSes I don't think anything will. The only thing keeping Windows on this notebook is laziness, and except for the Patch Tuesday bullshit W7 is almost tolerable.

      • by Skapare (16644)

        I'm running kubuntu on the tower. When a patch notification comes in, one click and it's done. No lengthy reboots with "configuring patches, do not turn off your computer." No reopening all the apps that were open after it reboots, no hunting for where I was on that document I was working on when the patch notice comes through.

        See ... the NSA really CAN get in. Now go back and rebuild your whole system from manually inspected source code, using a toolchain built from manually inspected source code, compiled with a compiler built from manually inspected source code.

  • Wasn't the frequency hopping rate in cell phone standards lowered to make surveillance more easy? AFAIK this happened far more than a decade ago.

    • by amorsen (7485)

      That sounds unlikely. If you know where the signal is going to hop, it is trivial to follow. I have not heard of a standard that picks the next frequency in a cryptographically secure way, but I am prepared to be surprised of course.

  • Who are you kidding?
  • I know we're bashing Microsoft, but this kind of reminds me when Apple was caught sending huge files home with an OS upgrade on their portable devices. They released a patch that "fixed" it (ie encrypted it). I wonder if that data was also being forwarded to the NSA. That would just leave linux. I hope.
  • Skype! (Score:5, Interesting)

    by Tasha26 (1613349) on Saturday July 13, 2013 @09:26AM (#44269455) Homepage
    The purchase of popular Skype and modification of supernode to ease snooping now makes perfect sense. MS is just a front for NSA spying!
  • They would all release the letters to the public all at once. What's the gov gonna do jail all of them?

  • Haven't you people been paying attention?

    Microsoft vs. DOJ was settled almost immediately after 9/11, from wikipedia "On November 2, 2001, the DOJ reached an agreement with Microsoft to settle the case". That's just enough time for the dust to settle, and for MS and the DOJ to wrangle a deal over permitting the government "backdoor access" to everything on your computer.

    Why do you think the US government permitted a convicted monopolist to continue without any punishment?
    The US DOJ had won the case, and like Aaron Schwartz, they were attempting to squeeze everything that's important to them from the convicted parth.

    Sure, they were ordered to go along with the consent decree, but that's not a real punishment, like the rest of us were expecting.

    Remember those NSA keys that were found in the release of Windows that included debugging symbols?...
    They were there in MS Windows even BEFORE 9/11....Look it up here: http://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]

    Don't you people pay attention?

    • by the eric conspiracy (20178) on Saturday July 13, 2013 @10:45AM (#44269801)

      Sorry for all you conspiracy theorists, but:

      Correlation does not imply causation.

      • by erroneus (253617)

        "Conspiracy theorist" is no longer a negative. Turns out a lot of conspiracy theory has been right all along. And even if not all of it is right, it has been demonstrated that the public trust has been completely compromised and so EVERYTHING the government does requires suspicion and scrutiny. It's much more convenient to try to think about other things or to just turn on the TV to see what else is on, but if you think that way -- if you're intentionally "protecting your sanity" by avoiding knowing the

      • by gmuslera (3436)
        Also, don't attribute to malice to what can be explained by idiocy. But we are talking about Microsoft here, probably was their idea to plant backdoors to settle with the DOJ.
      • by xiando (770382)
        "conspiracy theorist" is a term with two words, conspire and theory. If two people rob a bank and the bank manager calls the police then the police does not respond by saying "that's a stupid conspiracy theory", they actually look at the evidence. "conspiracy theorist" today means "person who thinks for himself" and it is used exclusively by people who don't.
        • Looking at the evidence means examining the facts to determine if a direct causal chain exists. Police are looking for evidence such as photographs taken at the time of the robbery showing pictures of an individual holding a gun or stuffing a pillowcase with money.

          The police are NOT looking at coincidences like Joe was not at work at the same time the bank robbery occurred.

          There is a BIG difference between correlation and causation. You can use correlation to rule out a hypothesis. However you cannot use it

    • by AHuxley (892839)
      Yes http://cryptome.org/jya/echelon-dk.htm [cryptome.org]
      "....today they monitor everything and everyone. Politicians, organizations, companies, private individuals, even friends in allied countries. In 1985, their long-term goal was "total hearability", i.e. the capability to listen in on all communication around the world.""
      Fun reading back in http://it.slashdot.org/story/00/09/26/1836244/ex-nsa-analyst-warns-of-nsa-security-backdoors [slashdot.org]
      Now we have the Snowden news to reflect:
      Did the risk of a stock crash and very ba
    • by dbIII (701233)

      Why do you think the US government permitted a convicted monopolist to continue without any punishment?

      I don't think George sees such a thing as a crime, so I think the backdoors and dropping the penalties are probably not connected. See also the tobacco company cases and other Clinton leftovers where the penalties were made irrelevant.

    • I don't think it's 'conspiracy' what the government's doing, they're behaving like every person and corp. Simply using legal and financial tools to get what they want.

      1) Telecoms granted immunity.
      http://www.guardian.co.uk/commentisfree/2012/oct/10/supreme-court-telecoms-win-immunity [guardian.co.uk]

      2) Quest CEO claims retaliation by NSA for refusal (old)
      http://dailycaller.com/2013/06/13/jailed-qwest-ceo-claimed-that-nsa-retaliated-because-he-wouldnt-participate-in-spy-program/ [dailycaller.com]

      Here's my point in relation to Microsoft: That

  • It's only because I believe it will be among the only more peaceful ways we can get things to straighten out.

    For hundreds or even thousands of years, business has sought to enjoy favor and support of government. With the help of government, they can more easily monopolize and therefore make more profit. Today is no different... well... maybe a little different.

    The thing is, we rely much more heavily on information than ever before. Sure, buying food and other tangibles haven't exactly gone out of style,

    • by dbIII (701233)

      Snowden and those like him are "harming" the US

      No more than people who report tornadoes are harming the trailer parks that get hit. He's not the damage. He's telling you about the damage.

  • Here is a concise summary of the new FISC interpretation.

    "Lubricant optional."

  • Unregulated free tarde with repressive low wage regimes meant the American blue color workers never stand a chance.

    Now the surveillance system will kill off the American software industry.

    Heck of a job, Congress.

  • by bytesex (112972) on Saturday July 13, 2013 @02:16PM (#44270973) Homepage

    Today, I've uninstalled Skype. And every single one of my colleagues. If trust is all you have as a company, and something like this happens, then you can go bankrupt for all I care.

  • What a joke that gang of brown nosing syncophants is. But thats not even the real problem, since another group of equally obsequious assholes would undoubtedly take their place,

    People who GET that high up in the power hierarchy by definition through attrition of anyone else at the hands of various gatekeepers are excellent at figuring out what are the unspoken requirements being put upon them by forces bigger than they are. Then they comply and between the figuring out and the complying not even a shard of

"Why can't we ever attempt to solve a problem in this country without having a 'War' on it?" -- Rich Thomson, talk.politics.misc

Working...