MS Handed NSA Access To Encrypted Chat & Email 379
kaptink writes with the latest revelation from Edward Snowden: "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal. The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail. The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide. Microsoft also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in Outlook.com that allows users to create email aliases. Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio. Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport.'"
Xbox One (Score:5, Insightful)
All this and now they want to put an always (or nearly) on mic and camera in my home?
Let's look in the mirror (Score:4, Insightful)
At what point do we call it a corporate-fascist police state?
Hilarious considering the Microsoft marketing (Score:5, Insightful)
http://www.theverge.com/2013/2/7/3962794/microsoft-revives-anti-google-scroogled-campaign-to-attack-gmail [theverge.com]
Tired (Score:2, Insightful)
I'm getting a bit tired of news like this. Can we just conclude that the NSA listens to and collects as much data as it can from the US's allies as well as their enemies? And that the US's allies probably have known that for a long time but now Snowden has reveiled it they have to act surprised and angry so their citizens don't panick?
Re:Tired (Score:5, Insightful)
I'm getting a bit tired of news like this.
That's the danger in fighting a bureaucracy that's overstepped its bounds: Bureaucracies don't get tired. Outraged private citizens do.
Re:Hilarious considering the Microsoft marketing (Score:5, Insightful)
One of the things that has bugged (oops) me about the NSA news is the assumption that non-US citizens aren't entitled to privacy. Here the NSA doesn't even need a warrant if it guesses (50%+1) that one of the people communicating is non-US. Why any foreign company would want to use a product from a company that can be forced to feed all info to the NSA is beyond my ability to understand but, then again, those paying for the privilege of using Microsoft products have always been a mystery to me.
Re:Hilarious considering the Microsoft marketing (Score:4, Insightful)
Yeah, but Google it reading your email to sell you stuff. That's evil.
Microsoft is reading your email to potentially arrest you; but innocent people, of course, have nothing to worry about. That's noble.
So the only hilarity here is how much better MS is at looking out for their users!
Re:Privacy as a sport (Score:2, Insightful)
Oh please. Working with a company to lay out how you would tap their technology isn't in of itself anything new. This report might as well say:
Shocking Report: Verizon Works With Law Enforcement on How to Tap Phones!"
The government has been tapping phones since the 1800s. Should we be *shocked* that they would also want to tap Skype phone calls?
Slashdot always whines that lawmakers feel the need to make special laws for old things e.g. "Stealing using a computer!? Isn't that just stealing, why create a new law?" or when people patent "___ with a computer." The double sided twist of that a phone call __using a computer__. Is just as tapable as a phone call using normal copper. Of course companies have to comply with legal wire-tap requests.
Re:Privacy as a sport (Score:5, Insightful)
What's that painful cramp between your ears? (Score:5, Insightful)
The vendors say they obey the law, respond only to direct requests for information, review those carefully, and then decided what data to release.
But how is that possible if the data is being hoovered? Would the "direct request" be something on the order of, "gives me all your data -- all of it, on everyone", in which case, that thoughtful review and careful decision is a MEANINGLESS exercise.
When the state has ultimate power, it drains the normal meanings of words. Even saying something like, "we are a nation of laws, not men" is meaningless in the face of such categorical activity. When the government is that intrusive, what's legal is whatever it wants it to be.
That's the problem. If I were a plucky startup, I would be busy getting together a technical response to this. Clearly, everyone needs to be able to encrypt everything BEFORE it gets into the hands of any information provider.
Re:Privacy as a sport (Score:5, Insightful)
Re:Let's look in the mirror (Score:5, Insightful)
More accurately, 11 years 303 days 8 hours and 38 minutes ago.
not me (Score:5, Insightful)
With all respect, I don't want to stop hearing these news. Because I want *confirmation* of every single thing that the US has done against people's freedom. I don't want to be considered a tinfoil hat paranoid anymore. I want proof, so no one can neglect later, about how fascist he US has become. And just because it was suspected, it doesn't mean that it is ok and we can just keep going with our lives as if nothing had happened. I want to see people resign, and I want to see people get spit at publicly, and ideally --even if it's never gonna happen-- I'd like to see people going to jail not only for having violated the most basic human rights, but for trying to brainwash the uneducated into believing that this is the correct approach to protect US's national security.
Re:Burying the lede (Score:4, Insightful)
Targeting US citizens does require an individual warrant
Right, and how do they determine if the person is a US citizen or not? They have a program (Prism) to analyze various things they know about that person, and if the person is 51% or more likely to be foreign, then they tap them. So it's like a coin toss, plus 1%. This is according to James Clapper. From here [nytimes.com]:
The government knows that it regularly obtains Americans’ protected communications. The Washington Post reported that Prism is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” By turning a blind eye to the fact that 49-plus percent of the communications might be purely among Americans, the N.S.A. has intentionally acquired information it is not allowed to have, even under the terrifyingly broad auspices of the FISA Amendments Act.
Re:Burying the lede (Score:4, Insightful)
Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time.
51% Believe? How the hell do you measure that?
I think we all know the answer to that question.
The absence of information is interpreted against you (unknowns are assumed to be outside of US by default). So unless you find NSA's complaint department and come in there with a proof that you are, in fact, in US, they can assume you are not.
Re:Burying the lede (Score:5, Insightful)
Written communication by an American cannot possibly be distinguished from written communication by a foreigner. Grammar? 2nd languages? How are they able to tell who's who?
If they accidentally targeted even one American, they've just breached the constitution and are in violation of US laws that came before their grandfathers making them criminals. Why has nobody in the government been arrested over this?
Because they think they can get away with anything. Scary stuff.
Re:Burying the lede (Score:2, Insightful)
My interpretation of a statement like a "has a 51% belief" is "feels that it is more likely than not". In other words, you can read "if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time" as "if the NSA operative feels that it is more likely than not that the target is not a US citizen and is not on US soil at the time". At that confidence level, pure speculation typically constitutes sufficient proof.
What it means is that the NSA AUTOMATICALLY assumes everyone is out of the country. Get it ?
They now can spy with impunity.
Anyone who believes the shit coming out of the NSA, Congress, Microsoft, Apple, Facebook, and Google better have his brains checked. They are all lying, and they don't give a shit about you. You want privacy ? Better start designing communication systems that are not dependent on any corporate structure. FOSS all the way. And even in this case better be alert 'cause it is all to easy to insert malicous code as several examples have shown in the past.
Re:Privacy as a sport (Score:5, Insightful)
I would view this action from them as illegal anyways.
It doesn't matter if the server is in USA or where.. MS is here, in Finland, selling and marketing this service to me. so they should adhere to our laws about our data. They don't(shouldn't) get out of the data protection and privacy responsibilities by outsourcing some of their work to USA - and if they do that is a dangerous precedent because then you could just dump all our laws about it while they go and put a proxy in some Zimbanaomiland - on principal level that's what they're doing.
Re:This is going to lead to serious Lawsuits!!! (Score:4, Insightful)
Except once the floodgates are opened the government will grant them retroactive immunity.
Law? What law?
well.. thing is.. american government can't grant them immunity for breaking the law abroad. or they can, but the other governments aren't likely to accept that - and since MS unlike NSA operatives has to keep operating(to generate profit) abroad.
think about it, would american government accept that snowden has immunity because hong kong would say so? fuck no. so why should it go the other way when the culprit is MS?
Re:Burying the lede (Score:5, Insightful)
In the modern world, "secure in their papers" doesn't mean anything, almost all communication is not via "papers", but rather are digital substitutes (sic) for paper. We are no longer secure in our papers, when we cannot trust that our effects are ours, if we happen to store them in an online vault.
What is worse, is that while we are unable to keep secrets from government, government feels perfectly fine trying to keep secrets from "we the people" that supposedly form it.
Re:Burying the lede (Score:2, Insightful)
They play with English a bit. They're 'targeting' foreign nationals. However, they're doing that by recording and monitoring information from everyone.
Re:Burying the lede (Score:4, Insightful)
Re:Burying the lede (Score:5, Insightful)
The bottom line is they've still collected information on US citizens that they can't constitutionally posses without a warrant. Whatever their intent is is irrelevant as they cannot constitutionally have the information in the first place.
Re:Let's look in the mirror (Score:5, Insightful)
Obama's culpability isn't in starting it. His is distinct, in that he campaigned against these kinds of things, and has done the exact opposite, expanded each and every one of GWB's programs. If you thought GWB was evil, then what are you thinking about Obama?
And please, do not justify bad behavior by pointing to other bad behavior. Do not even distract from what is going on by saying "it isn't Obama's fault", when he's had five years to end this and he has only expanded it. It is just as much Obama's fault as it is GWB, Clinton, GHWB, Reagan, Carter, Ford, Nixon, Johnson, Kennedy ....
EACH has built on the previous, without exception. -- why I am a Libertarian
Re:Burying the lede (Score:4, Insightful)
I doubt that they have breached the Constitution since it is bigger than you probably think
You doubt that they have breached the constitution because you are a pro-government stooge. You're literally just an object to be ridiculed here. You might as well go somewhere where people are on the fence about issues such as these and try to brainwash them, because most people on Slashdot likely think you're just a joke.
otherwise they wouldn't bother going to the courts, and ignore the FISA courts orders.
They don't even need to ignore the FISA court orders; the court will give them practically anything they want, and have rubberstamped sweeping warrants in the past.
Time to ditch Skype (Score:4, Insightful)
This is exactly what I feared when I read that Microsoft bought Skype. It was an eye-widening moment and now my fears have proven true.
Anyone who isn't rushing to start running their own XMPP server and get all their friends and family moved over to it is insane.
Re:This is going to lead to serious Lawsuits!!! (Score:5, Insightful)
Why? How many people do you think are going to care enough to switch to another chat client? Chances are if they're using Skype in the first place, they don't care about that kind of thing.
Once there is solid evidence that the NSA has worked with US Government agencies to install and exploit backdoors, and this looks like pretty good evidence, there is no direction but down. It's common knowledge that the NSA is very open and communicative with the corporate sector.
If you're a foreign corporation out of Taiwan or Brazil or Wherever, passing even day-to-day information using Microsoft products becomes risky. How can you be sure that your data isn't getting dumped into some NSA system and then made available to co-conspirators?
The NSA isn't getting this access for free. If they're coercing corporations like Yahoo to comply with broad destruction of civil liberties, some of those corporations have sold out and traded for the stolen R&D of other companies, or huge tax breaks. That's where the real story is, and one we probably won't ever get to read.
In any case, if you're a foreign corporation or government, using ANY Microsoft product just become a giant liability. Given that was already practically the case after Stuxnet, but now you'd have to be a complete fool to trust Microsoft with any of your data and expect it to remain private.
Re:Hilarious considering the Microsoft marketing (Score:5, Insightful)
But it is not just Microsoft. It is amazon cloud services. It is Google. It is any web based service that has servers in the US. It is any telco any where in the world that has a US telco as a partner.
What has surprised me is that no-one is talking of the harm this is (or should be) doing to US web brands. Especially in Europe given their privacy laws.
I have stopped using Google for search, and am looking for a non-US hosting provider for my web site. Not because I have anything to hide, but because if more people did this the corporations that are co-operating with the NSA, and the shareholders that own then, might then develop some balls.
Re:Burying the lede (Score:3, Insightful)
Id rather have infinite fame like Joan of Ark, than infinite fame like Stalin/Hitler/PolPot.
When will the average guy/pleb have more guts and take down evil leaders when in the inside circles, humans either are too eager to be sheep, or too eager to be Kings. We need to grow up as a human race and take down evil, drown it at birth if need be.