Thursday, July 11, 2013

Microsoft helped the NSA bypass encryption, new Snowden leak reveals



Microsoft worked hand-in-hand with the United States government in order to let federal investigators bypass encryption mechanisms meant to protect the privacy of millions of users, Edward Snowden told the Guardian.

According to an article published on Thursday by the British paper, internal National Security Agency memos show that Microsoft actually helped the federal government find a way to decrypt messages sent over select platforms, including the Outlook.com Web chat, the Hotmail email service and the Skype messaging product.

The Guardian wrote that Snowden, the 30-year-old former systems administrator for NSA contractor Booz Allen Hamilton, provided the paper with files detailing a sophisticated relationship between America’s intelligence sector and Silicon Valley.

The documents, claim the Guardian, are marked top-secret and come in the wake of other high-profile disclosures that have been attributed to Snowden since he first started collaborating with the paper for articles published beginning June 6. 

The United States government has since indicted Snowden under the Espionage Act, and he has requested asylum from no fewer than 20 foreign nations.

Thursday’s article is authored by Glenn Greenwald and Laura Poitras, two journalists who interviewed Snowden at length before he publically revealed himself to be the source of the NSA leaks. 

They are joined by co-authors Ewen MacAskill, Spencer Ackerman and Dominic Rushe, who wrote that the classified documents reveal not just the degree in which Microsoft worked with the feds, but also detail the Internet surveillance program known as PRISM previously disclosed by the whistle blower, as well as tech companies’ true relationship with the government as brokered through back-door deals.

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration,” the journalists wrote. 

All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their cooperation with the NSA to meet their customers’ privacy concerns. 

Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In the case of Microsoft, however, it appears as if the Bill Gates-founded tech company went out of its way to assist federal investigators.
Edward Snowden (AFP Photo)
Among the discoveries made by the latest Snowden leaks, Guardian journalists say that Microsoft specifically aided the NSA in circumventing encrypted chat messages sent over the Outlook.com portal before the product was even launched to the public.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year,” they wrote. 

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats.”

According to internal documents cited by the journalists, Microsoft “developed a surveillance capability” that was launched “to deal” with the feds’ concerns that they’d be unable to wiretap encrypted communications conducted over the Web in real time.

These solutions were successfully tested and went live 12 Dec 2012,” the memo claims, two months before the Outlook.com portal was officially launched.

In a tweet, Greenwald wrote that “the ‘document’ for the Microsoft story is an internal, ongoing NSA bulletin over 3 years,” and that the Guardian “quoted all relevant parts.” 

The document is not included in the article.

Elsewhere in the report, the Guardian revealed that Microsoft worked with intelligence agencies in order to let administrators of the PRISM data collection program easily access user intelligence submitted through its cloud storage service SkyDrive and the Skype messaging program.

Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio,” they wrote.

That allegation comes as a stark contrast to claims made previously by Skype in which they swore to protect the privacy of its users. 

It doesn’t come as a terrible surprise, however, and RT reported previously that earlier documentation supplied by Snowden showed that the government possesses the ability to listen in or watch Skype chats “when one end of the call is a conventional telephone and for any combination of ‘audio, video, chat and file transfers’ when Skype users connect by computer alone.”

AFP Photo
Earlier, RT acknowledged that Microsoft obtained a patent last summer that provides for “legal intercept” technology that allows for agents to “silently copy communication transmitted via the communication session” without asking for user authorization.  

In recent weeks, however, Microsoft has attacked the government over its secretive spy powers and even asked the Foreign Intelligence Surveillance Court if they could be more transparent in discussing the details of FISA requests compiling tech companies for data.

We continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues,” Microsoft Vice President John Frank wrote last month.

In the past, Skype made affirmative promises to users about their inability to perform wiretaps,” Chris Soghoian of the American Civil Liberties Union told the Guardian. 

It’s hard to square Microsoft’s secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google.”

Earlier this week, Yahoo requested that the FISA court unseal documents in their own FISA battle.

That ruling in 2008 compelled Yahoo, and later other Silicon Valley entities, to supply the government with user data without requiring a warrant.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51 percent belief that the target is not a US citizen and is not on US soil at the time,” the Guardian reporters wrote. 

Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans’ communications without a warrant if the target is a foreign national located overseas.”

During a press conference this past march, FBI general counsel Andrew Weissman said that federal investigators plan on being able to wiretap any real-time Internet conversation by the end of 2014.

You do have laws that say you need to keep things for a certain amount of time, but in the cyber realm you can have companies that keep things for five minutes,” he said. 

You can imagine totally legitimate reasons for that, but you can also imagine how enticing that ability is for people who are up to no good because the evidence comes and it goes.”

No comments:

Post a Comment