Microsoft, Skype and other online service providers regularly tell their customers that customer privacy is "our priority." Perhaps they should add a disclaimer, that orders from the federal government seeking surveillance of those customers are a higher priority.
The latest revelations from the files of Edward Snowden, the self-described National Security Agency (NSA) whistleblower, show that Microsoft, "collaborated closely with U.S. intelligence services to allow users' communications to be intercepted, including helping the NSA to circumvent the company's own encryption," according to The Guardian.
Snowden, a former Booz Allen Hamilton employee who worked as a contractor to the NSA, leaked a trove of classified documents to The Guardian and the Washington Post last month, and is now reportedly hiding out in the Moscow airport, seeking asylum in a number of countries in an effort to avoid arrest by the U.S. Justice Department.
The Guardian reported that those documents show that Microsoft helped the NSA circumvent encryption to intercept web chats on the Outlook.com portal, and to get easier access to its cloud storage service, SkyDrive, which has more than 250 million users worldwide. The agency already had access to Outlook.com and Hotmail.
They also show that, "In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism (a top-secret program to collect data from Internet service providers); Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport.'"
Microsofts response, in a statement, was that it provides customer data to the federal government only in response to "lawful demands & and we only ever comply with orders for requests about specific accounts or identifiers."
But, the simple online reality is that when the government makes "lawful demands" for information, those companies are "duty bound" to provide access to the government, said Steve Weis, CTO of encryption vendor PrivateCore.
U.S. government officials, from President Obama down through the heads of intelligence services, have emphasized that there are safeguards in place to limit data collection, and that the emails and phone calls of U.S. citizens are not being monitored in real time.
But, as has been reported many times in the last month, the Foreign Intelligence Surveillance Act (FISA) court routinely approves the collection of communications on citizens without a warrant if the NSA has a 51 percent belief that the target is not a U.S. citizen or is not in the U.S. at the time.
Privacy advocates like the Electronic Frontier Foundation (EFF) have argued for years that the government is abusing the laws that permit limited online surveillance in the hope of tracking suspected terrorists.
Sign up for CIO Asia eNewsletters.