The recent NSA scandal is probably one of the most talked about topics, with new findings appearing every day. Microsoft is also playing a central part in this, after whistleblower Edward Snowden has informed The Guardian that Microsoft has helped the National Security Agency bypass their encryption system to get access to private emails and messages.
Brad Smith is Microsoft’s general counsel and executive vice president, Legal and Corporate Affairs. He leads the company’s Legal and Corporate Affairs Group, which has approximately 1,100 employees located in 55 countries, and is responsible for the company’s legal work, its intellectual property portfolio and patent licensing business, and its government affairs, public policy and corporate citizenship and philanthropic work.
Along with the same post, Brad Smith has also asked the Attorney General of the United States to personally take action to permit Microsoft to disclose publicly just how the company handles national security requests when it comes for customer information. You can read the actual letter here.
Microsoft is denied by the Gov public data requests disclosure
More serious allegations are made by Microsoft, as the company says that the Government is stopping them from sharing more information with the public, and maybe that is the reason why they’ve kept so silent until now. After all, if you are not guilty of something, you stand up for yourself, right? Microsoft has actually filed a petition in court on June 19, asking for the right to publish the amount of the security requests they have received. We’re wondering why they haven’t been given that right so far – what is the Government hiding?
Now, with the letter to the Attorney General, Microsoft hopes to receive a direct order from superior forces in justice. Microsoft also wants to assure us that they are discussing with us ONLY what they are allowed to discuss, meaning that the government lawyers have denied that, as well. To put it briefly, here are the four main points in Microsoft’s defence, shared by mr. Brad Smith:
Microsoft does not provide any government with direct and unfettered access to our customer’s data; it only pulls and then provides the specific data mandated by the relevant legal demand.
If a government wants customer data, it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.
We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction – fractions of a percent – of our customers have ever been subject to a government demand related to criminal law or national security.
All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the request are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.
So, even if we’re talking about national security requests, like, say, the National Security Agency approaches Microsoft and says they have serious information regarding a certain Microsoft account that might belong to a terrorist. They still have to do all the “paperwork” and take all the legal steps before Microsoft hands them over that data.
Microsoft strongly defends itself, says it complies with the law
Also, here is Microsoft’s response to four of its products: Outlook.com (previously Hotmail), Skype, SkyDrive, Enterprise Email and Document Storage:
Outlook.com ( Hotmail): We do not provide any government with direct access to emails or instant messages. Full stop. We do not provide any government with the technical capability to access user content directly or by itself. Instead, governments must continue to rely on legal process to seek from us specified information about identified accounts.
SkyDrive: We respond to legal government demands for data stored in SkyDrive in the same way. All providers of these types of storage services have always been under legal obligations to provide stored content when they receive proper legal demands. In 2013 we made changes to our processes to be able to continue to comply with an increasing number of legal demands governments worldwide. None of these changes provided any government with direct access to SkyDrive.
Skype Calls: As with other services, we only respond to legal government demands, and we only comply with orders for requests about specific accounts or identifiers. The reporting last week made allegations about a specific change in 2012. We will not provide governments with direct or unfettered access to customer data or encryption keys.
Enterprise Email and Document Storage: If we receive a government demand for data held by a business customer, we take steps to redirect the government to the customer directly, and we notify the customer unless we are legally prohibited from doing so. We have never provided any government with customer data from any of our business or government customers for national security purposes. We do not provide any government with the ability to break the encryption used between our business customers and their data in the cloud, nor do we provide the government with the encryption keys.
It will be very interesting to see what will the Attorney General decide since now he has been directly and publicly approached. Most likely, in the near future, the Government will allow Microsoft to disclose the volume of national security requests it gets, but that remains to be seen.