NEW DELHI (TIP): A report published by the British newspaper Guardian on july 11 claimed that Microsoft not only provided users data to National Security Agency (NSA) in the US but also worked with spies to make the information more accessible. The report alleged that Microsoft and NSA officials worked together to create processes that could help them access user data related to Skype, which was acquired by Microsoft last year, and Outlook.com, earlier known as Hotmail.
The report is latest in the number of revelations that have exposed mass surveillance carried out by NSA on web users across the world, allegedly with the help of technology companies. The reports are based on the documents leaked by Edward Snowden, a former US spy contractor. According to the documents that Guardian reportedly saw, US spies had access to emails sent by Outlook.com users even before they reached the encryption stage.
“For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption,” a NSA newsletter claimed when Microsoft launched Outlook.com and moved Hotmail users to the new service. Another newsletter claimed that Microsoft and Federal Bureau of Investigation ( FBI) officials worked together for months to simplify how spies could access user data saved on SkyDrive, Microsoft’s cloud storage service.
The new process “means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about.” According to another document reportedly seen by Guardian, NSA got the ability to monitor Skype video calls in July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video.
Now, analysts will have the complete picture,” the document notes. Skype is a popular service used by millions of people to make audio and video calls using internet connection. A few hours after the report was published, Microsoft in a statement denied NSA had “direct” or “blanket” access to user data stored on its servers. “To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product,” said the company.
But it acknowledged that some sort of cooperation existed between the US spy agencies and Microsoft, most likely due to regulatory and legal obligations. “When we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely,” said the company.
Last month, Bloomberg reported that Microsoft shared zero-day vulnerabilities, the security loopholes that were not known publicly and hence had no defence, in its products with the NSA. These zero-day vulnerabilities, often used by cyber criminals and hackers, could have allowed computer experts working for NSA to break into machines powered by Microsoft products.
Incidentally, Microsoft services and products are widely used by government agencies in India. A few months ago, All India Council of Technical Education asked thousands of institutes and colleges across India to deploy Office 365, Microsoft’s cloudbased productivity suite. Almost all Indian government departments use Microsoft products like Windows and Office, even though open source and free alternatives like Linux and Libre Office exist.
The company has also worked with several state governments in the recent years to implement cloud-computing services. Earlier reports based on documents leaked by Snowden claimed that nine technology companies, including Google, Yahoo, Apple and Facebook, allowed NSA easy access to user data as part of a programme called Prism. All companies named in the Prism programme have denied giving NSA direct access to user data.