Microsoft Petitions US Attorney General For Permission To Disclose Data Requests 95
MojoKid writes "Microsoft is smarting in the wake of the Guardian's discussion of how chummy it's gotten with the NSA over the past few years, and the company wants permission to clarify its relationship with the federal government. To that end, the company has sent a follow-up letter (PDF) to the Attorney General's office, asking it to please address the petition it filed in court back on June 19. Redmond is undoubtedly cringing at the accolades being heaped on Yahoo and its repeated court battles on behalf of its users, and wants an opportunity to clear the air. But Microsoft has gone farther than simply asking the government to hurry up and rule on its petition — it has also issued a series of clarifying remarks regarding its relationship with the NSA. Microsoft refutes some of the Guardian's claims strongly. It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."
Re: (Score:2)
Re:Tough Cookies (Score:4, Insightful)
Yep, same here. And them there's weasel words from the clever lawyer at Microsoft anyway.
Notice how they keep using the phrase 'We do not provide any government...'? That's 'cause the NSA uses private contractors - like Snowden - to do the dirty work. There's lots more evasive lawyer-speak there too.
I'd trust them about as far as I could throw Ballmer. And I'm a 95 pound weakling...
Re:Tough Cookies (Score:5, Insightful)
Notice how they keep using the phrase 'We do not provide any government...'? That's 'cause the NSA uses private contractors - like Snowden - to do the dirty work. There's lots more evasive lawyer-speak there too.
Your right there, if you actually read the "series of clarifying remarks" - it is all lawyer weasel words aimed to try and persuade those that are left to listen, "there is nothing to see here, we comply with the law". Seriously - trust, once lost, is going to seriously hard to earn back for all these tech companies in bed with the Military Industrial Complex. We may not be able to do much immediately to rein in an out of control surveillance state run by the private and unaccountable MIC, but we sure as hell can vote with our feet by abandoning these big tech companies services, and encouraging those less informed about this whole debacle that they should too.
Now, just have to encourage in every way possible the development of easy to use default on encryption solutions for email (like OTR provides for chat). Also why the hell isnt slashdot offering https yet - apathy helps the sorry state of affairs continue...
Re: (Score:1)
And Redford's character in "3 Days of the Condor"; could he still tell his story to the New York Times?
Re: (Score:1)
Re: (Score:2)
It also implies that you don't trust those you are powerless over (unable to throw) or in a broader sense, people you cannot remove from your presence should the need arise.
A bit more abstract, it implies that you do not find them trustworthy and so your trust is limited by your ability to beat them in a fight (throw them in the trough in the old Westerns).
Re: (Score:1)
Re: (Score:2)
I like how you wildly exaggerate insults against others... for wild exaggerations. Very meta.
Show us some of these wild exaggerations Snowden has made by dumping pertinent documents sourced directly from the NSA. Tell us all how Edward R. Murrow was not a real journalist because he openly formed conclusions, rather than hiding his personal biases behind selectively-uncritical regurgitation of official talking points.
Re: (Score:1)
I like how you wildly exaggerate insults against others... for wild exaggerations. Very meta.
Show us some of these wild exaggerations Snowden has made by dumping pertinent documents sourced directly from the NSA. Tell us all how Edward R. Murrow was not a real journalist because he openly formed conclusions, rather than hiding his personal biases behind selectively-uncritical regurgitation of official talking points.
Snowden has yet to reveal anything we didn't already know. Everything is available via google.
Re: (Score:2)
Re: (Score:1)
...and then the text is only occasionally snickered over by an "analyst".
Re: (Score:2, Insightful)
Re: (Score:2)
Be honest. You subsidized their software just as much as everyone else ;)
There, fixed that for you.
This is why I bought a Chromebook (Score:5, Funny)
So Google can turn my data over to the NSA, I don't like Microsoft!
Re: (Score:2)
Re: (Score:3)
You may want to have a look at this [eff.org].
Re: (Score:2)
(Looks at parent's linked list of sell-out whores)
FFFFFFFFFUUUUUUCK.
Well, at least I don't use Verizon (whimper)
Re: (Score:2)
Zero Day Exploits (Score:5, Insightful)
Who needs encryption keys or back doors if Redmont is handing over (and not patching) Zero Day Exploits?
Re: (Score:3)
Why do you think it sometimes takes them forever to patch them?
Government oversight.
Re: (Score:2)
If you got a solid non Windows firewall AND user common sense (don't open anything you get in emails) AND encrypt your stuff, you should be safe.
Re: (Score:1)
Who needs encryption keys or back doors if Redmont is handing over (and not patching) Zero Day Exploits?
Exactly!
Damage control (Score:5, Insightful)
What about when the govt. agencies get those "legal papers" that compel MS to provide access to data on Outlook, Skydrive, etc? Do they provide encryption keys then? What about SSL certs? Do they send them over to the NSA after they expire?
And this should not be only about MS. Any company should answer these questions. I really hope this shitstorm will kill stupid usage of "the cloud" but I doubt it. People are dumb, education budgets diminish every year so there is no changing that fact.
I guess my point is that if you need to have sensitive data in "the cloud" roll your own already. The software to do that is already available and free (gratis and libre).
Re:Damage control (Score:5, Insightful)
My guess is that they provide the data itself, not the keys to decrypt the data.
Re: (Score:3)
Re: (Score:3)
And this should not be only about MS. Any company should answer these questions. I really hope this shitstorm will kill stupid usage of "the cloud" but I doubt it. People are dumb, education budgets diminish every year so there is no changing that fact.
Education budgets in the US may diminish every year, but that probably isn't true in other industrialized countries. The real issue is that foreign governments and other customers may now decide that using Microsoft or any US-based vendor is a bad idea, tha
Re:Damage control (Score:4)
What about when the govt. agencies get those "legal papers" that compel MS to provide access to data on Outlook, Skydrive, etc? Do they provide encryption keys then? What about SSL certs? Do they send them over to the NSA after they expire?
When the government, any government, comes with court orders, of course they comply. Every company does, because they are then legally required to do so. Don't pretend that situation has changed between 1789 and today. NSLs, as far as I know, have no real legal standing. I don't know what a company could do if they didn't want to comply with a NSL.
Re:Damage control (Score:5, Interesting)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
LOL. As if Microsoft has never provided encryption keys before. Like since WinNT.
https://en.wikipedia.org/wiki/NSAKEY [wikipedia.org]
It's Simple (Score:3)
Re: (Score:1)
The key that the wiki page mentions isn't for spying, it's for verifying digital signatures on third party cryptography service provider packages. It was named as such because CSP packages that are exported outside of USA have to receive export approval, something the NSA performed. So the NSAkey was named because it was a digital signature proving that a package had either received proper review or didn't need it (If it was for US only).
Not saying that NSA isn't spying, just that the key mentioned is not u
Re: (Score:2)
How could you possibly know that the key was not used for spying?
And why would they need their OWN key to verify the digital signatures?
And why would that key have the email of postmaster@nsa.gov?
My question is... (Score:3)
Why the encryption process employed is susceptible to third party decryption in the first place. To avoid this from happening, the design needs to be end-to-end with the users holding the keys.
Re: (Score:2)
The email service that Microsoft hosts for free is hosted on Exchange if I am not mistaken. This is this likely target of the NSA or other government agencies when they're talking about Exchange encryption keys and not Exchange in general.
Re: (Score:1)
People who use the cloud are dumb.
Wow... what a high level of reasoning. I can totally see why this is at +5 insightful. Fuck slashdot.
Re: (Score:2)
Right, because handing over your data after loosing a court battle is so much better than doing it before. You're focusing on the wrong part of the problem.
Re: (Score:1)
Not really. The point is that there is no court battle. Warrantless searches is exactly the problem, and MS is purposely confusing "legal papers" with "warrant." I guess you fell for it.
Snowden uses Lavabit (Score:1)
Yahoo is not a fix for this, they lost. Likely all US based services would/have also lost and handed over backdoor access if Yahoo lost. Microsoft just did it more willingly/quickly and more thoroughly.
If you used a non -US pop3 account, something capable of TLS, and a https webmail or tls POP3 connection, then your emails will still go into the big database but it will be encrypted and thus cannot be datamined. Well unless you're communicating with a US or UK based person (Canada?*).
Snowden used Lavabit, b
Re:Vote with your feet (Score:5, Insightful)
In fact, handing over data after a court battle is much, much better than doing it before. That's called due process, it's how things are supposed to work and it is a significant improvement over handing over the data just because the feds asked nicely. Now when you talking about "secret courts", that's when things get ugly again.
Re: (Score:2)
Welcome to the the digital https://en.wikipedia.org/wiki/Star_Chamber [wikipedia.org]
Re: (Score:2)
No, because the due process, in this case, only applies to American citizens. The rest of us get fuck-shafted by whichever email provider we have. To you American types, the recent string of lawsuits over this is good, to the rest of us, it's very bad. It focuses on the rights of you, over the rights of us.
The OP was about switching between US providers, and I guess I should have been clearer that this is only going to work for people, whom the various amendments apply to. All in all, we don't need to figur
Re: (Score:2)
Actually, it is. By forcing 'the authorities' to go to court, you at least maintain some shred of hope that their activities will be exposed, that the courts will see reason, or at least by making it a pain in the ass they will be just a tiny bit more hesitant to make outrageous requests.
It may not be much in the long run, but it's sure more than the big fat zero principles reflected in handing the data over like a good little sheep.
Re:Vote with your feet (Score:4, Insightful)
How is that going to help? The NSA and US government can get any data they want from any US-based email provider, Gmail, Outlook.com, or Yahoo. The only way you'll be really safe is to run your own mail server in a foreign country, but switching from one US-based provider to another US-based provider isn't going to make a bit of difference.
Re: (Score:2)
In-house email isn't safe either, unless your company is outside the US (and there, you're still going to be spied on if you're in the UK, Germany, France, etc. as those have all now been revealed to have programs just like PRISM or even worse). The reason for this is that email is fundamentally flawed from a security perspective: it travels completely unencrypted over what's basically a simple telnet session: you can telnet to port 25 of any mail server and send a bogus email quite easily using the approp
Re: (Score:2)
Interestingly, it looks like some stuff has changed since I last looked at SMTP, according to the Wikipedia article [wikipedia.org]. It does look like there's a SSL-secured SMTP, but it doesn't look like it's mandatory.
They don't give the keys, just the plain text... (Score:1, Troll)
Ah, all better! (Score:2)
Given that, at present, 'via the legal process' seems to consist of a variety of procedures that make getting a search warrant rubber-stamped by a handpicked sycophant look positively robust, I'm not sure how reassured I'd be even by 100% ironclad evidence that all data were divulged in accordance with 'legal process'.
Even aside from the high-volume shenanigans on the NSA side, whose legal justifications themselves are rather secretive, the good old 'National Security Letter' is a 'legal' process that essen
Skype reads your links (Score:2, Informative)
Time to reexamine this:
http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html
"associates in Germany at heise Security have now discovered that the Microsoft...Shortly after sending HTTPS URLs over the [skype] instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond."
Microsoft claimed it was for malware checking, but it was noticeable it targeted Germany, I did a test on my skype (to UK) and received no visit. T
In all Honesty... (Score:2)
Microsoft is a business, they are in the game to make money. They also know that doing stupid shit like providing wholesale access to data/keys/exploits/whatever is bad for business.
So, Microsoft, as a business, probably would not have given anything without a court order.
That being said, a better guess would be that someone within MS, possibly high up in the chain of command would be the one providing the data. Again, a total guess, and I could be completely wrong.
You are the product not the customer (Score:1)
Given the fees the telcos get for interception data, and given NSAs astronomical multi billion dollar budget I think its safe to assume Microsoft gets paid handsomely for PRISM interface usage and you are the product of Outlook.com and NSA is the customer.
Which makes sense if you think about it. You want to pump hidden subsidies into US online businesses because it's pretty much the only industry you have left. How would you do it? If you did it publicly then foreign countries would subsidize their online s
Re: (Score:2)
So, Microsoft, as a business, probably would not have given anything without a court order.
How does that actually improve the situation, since we now know (from the leaked secret order to Verizon) that these court orders can and will make demands such as "give us the entirety of your traffic for the next three months"?
And I'm not picking on Microsoft - this question stands to ALL of these US-based companies.
Re: (Score:2)
Unless, of course, they never anticipated a Snowden and figured nobody would ever know. Or perhaps they figured that whatever illegal benefit they were offered in return would bring enough profit to make up for any loss and then some.
smoke and mirrors (Score:5, Interesting)
All these companies are feigning outrage over these "requests" they get, when in reality I doubt the requests are ever used except in cases where the government needs evidence in court. The REAL data collection is done without Microsoft/Googles direct knowledge. The NSA surely has agents working on staff at every major tech company in the world with the sole goal of installing as many NSA backdoors as possible. The idea that the NSA has no respect what-so-ever of the American peoples privacy but at the same time wouldn't just take the same sort of data from a corporation is idiotic.
Re: (Score:3)
Re: (Score:2, Funny)
Microsoft refutes some of the Guardian's claims strongly. It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."
As a non-American, why should I give a fuck ? The NSA can simply demand access to my data in secret, legally, and also demand - again legally - that Microsoft not breathe a word about it to me, without any judicial oversight whatsoever. As far as I am concerned, no U.S. tech company (or any company that stores any of my data within U.S. jurisdiction) can be trusted, and I will vote with my wallet accordingly.
I'm glad you think non-US companies can be trusted.
What color is the sky on your planet?
Broken trust (Score:5, Insightful)
The problem with secret courts, secret executive orders and undisclosed legal reasoning is that even if Microsoft released some information as "transparency", can you really trust that they aren't holding something back or outright lying due to some other even more secret court order?
They were completely denying and fudging the question about Skype eavesdropping right up until the Snowden leaks. Then they did a complete 180 turn.So clearly they have no problem with obfuscating the discussion, why should we trust that any new information they provide is the whole truth and not some weasel legal loophole way of interpreting the facts? Kind of like how James Clapper weaseled and outright lied through his testimony to Congress. If these people are willing to lie to Congressmen and Senators, who the fuck are you?
I reckon Pandora's Box has been open and American technology companies will face an uphill, if not impossible, task to get anyone from the rest of the world to trust them again.
Re: (Score:2)
Their press will be tame or move on. Give it a few years and let the sock puppets (as seen on slashdot) go to work with doubt, legal questions, amount of data shared, patriotism, been at war, it was all international and thus very legal, the French, the UK, recall the Data Encryption Standard style trolling?
Over time fall back on the classic
Re: (Score:2)
Give it 5-10 years.
You're remarkably optimistic. I give it two years, at the outside. It will persist through the next Congressional election cycle, just barely. After that, it will vanish.
And the usual 90+% of incumbents will be reelected, despite a last gasp effort of PAC attack ads bringing up the spying. (I won't call them SuperPACs. They won't be that well funded.)
Why not just leak them? (Score:1)
They kept a secret (Score:2)
Its not like it was just some fax with a time, ip and port number from some city police department.. with an amazing letterhead.
http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act [wikipedia.org]
http://www.independent.co.uk/news/edward-snowden-claims-microsoft-collaborated-with-nsa-and-fbi-to-allow-access-to-user-data-8705755.html [independent.co.uk]
http://www.salon.com/2013/07/11/snowden_docs_detail_collaboration_between_nsa_and_microsoft/ [salon.com]
NSA is hacking, not asking. (Score:1)
Eliminate Speeding Tickets [wikispeedia.org]
Snowden In, Holder Out
Simple solution (Score:2)
Re-engineer Outlook and the back end services supporting it. Employ end-to-end encryption with private keys held only by the client. Microsoft's systems serve only to distribute public keys and store and forward encrypted content.
So when the NSA comes asking, Microsoft (or any other service provider) can honestly say "We can't decrypt that for you, signed warrant or not." The NSA can already scrape encrypted content off the backbone choke points, so bugging Microsoft for something they don't have would be
I will feel better.... (Score:2)
Shoulda listened to Franklin (Score:2)
Something about dogs and fleas.
Just release it you ball-less cowards (Score:1)
Fuck what the NSA tells you. 'No Such Agency' means they don't exist and their rules be damned. Gain the biggest share on the planet and grow a pair, and release the data, NSA be damned. Release it all. That sort of brutal honesty gets more respect from me than beating around the (George) bush, even if you were helping them spy on me.
Clueless Bosses (Score:2)
Because _they_ didn't get the NSLs to STFU and just do the dirty work; their sharpest senior techies did, and they still can't say squat, lest they suffer pain of arrest or worse.
Of course, NSLs to the underlings would also give the perfect cover to allow the execs and shysters to protest too much.