<p dir="ltr">What OS do you run? </p>
<div class="gmail_quote">On Jul 11, 2013 3:41 PM, "Eugen Leitl" <<a href="mailto:eugen@leitl.org">eugen@leitl.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<a href="http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data" target="_blank">http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data</a><br>
<br>
<br>
Revealed: how Microsoft handed the NSA access to encrypted messages<br>
<br>
Secret files show scale of Silicon Valley co-operation on Prism<br>
<br>
Outlook.com encryption unlocked even before official launch<br>
<br>
Skype worked to enable Prism collection of video calls<br>
<br>
Company says it is legally compelled to comply<br>
<br>
Glenn Greenwald, Ewen MacAskill, Laura Poitras, Spencer Ackerman and<br>
Dominic Rushe <a href="http://guardian.co.uk" target="_blank">guardian.co.uk</a>, Thursday 11 July 2013 18.53 BST<br>
<br>
Skype logo<br>
<br>
Skype worked with intelligence agencies last year to allow Prism to collect<br>
video and audio conversations. Photograph: Patrick Sinkel/AP<br>
<br>
Microsoft has collaborated closely with US intelligence services to allow<br>
users' communications to be intercepted, including helping the National<br>
Security Agency to circumvent the company's own encryption, according to<br>
top-secret documents obtained by the Guardian.<br>
<br>
The files provided by Edward Snowden illustrate the scale of co-operation<br>
between Silicon Valley and the intelligence agencies over the last three<br>
years. They also shed new light on the workings of the top-secret Prism<br>
program, which was disclosed by the Guardian and the Washington Post last<br>
month.<br>
<br>
The documents show that:<br>
<br>
Microsoft helped the NSA to circumvent its encryption to address concerns<br>
that the agency would be unable to intercept web chats on the new Outlook.com<br>
portal;<br>
<br>
The agency already had pre-encryption stage access to email on Outlook.com,<br>
including Hotmail;<br>
<br>
The company worked with the FBI this year to allow the NSA easier access<br>
via Prism to its cloud storage service SkyDrive, which now has more than 250<br>
million users worldwide;<br>
<br>
Microsoft also worked with the FBI's Data Intercept Unit to "understand"<br>
potential issues with a feature in Outlook.com that allows users to create<br>
email aliases;<br>
<br>
Skype, which was bought by Microsoft in October 2011, worked with<br>
intelligence agencies last year to allow Prism to collect video of<br>
conversations as well as audio;<br>
<br>
Material collected through Prism is routinely shared with the FBI and CIA,<br>
with one NSA document describing the program as a "team sport".<br>
<br>
The latest NSA revelations further expose the tensions between Silicon Valley<br>
and the Obama administration. All the major tech firms are lobbying the<br>
government to allow them to disclose more fully the extent and nature of<br>
their co-operation with the NSA to meet their customers' privacy concerns.<br>
Privately, tech executives are at pains to distance themselves from claims of<br>
collaboration and teamwork given by the NSA documents, and insist the process<br>
is driven by legal compulsion.<br>
<br>
In a statement, Microsoft said: "When we upgrade or update products we aren't<br>
absolved from the need to comply with existing or future lawful demands." The<br>
company reiterated its argument that it provides customer data "only in<br>
response to government demands and we only ever comply with orders for<br>
requests about specific accounts or identifiers".<br>
<br>
In June, the Guardian revealed that the NSA claimed to have "direct access"<br>
through the Prism program to the systems of many major internet companies,<br>
including Microsoft, Skype, Apple, Google, Facebook and Yahoo.<br>
<br>
Blanket orders from the secret surveillance court allow these communications<br>
to be collected without an individual warrant if the NSA operative has a 51%<br>
belief that the target is not a US citizen and is not on US soil at the time.<br>
Targeting US citizens does require an individual warrant, but the NSA is able<br>
to collect Americans' communications without a warrant if the target is a<br>
foreign national located overseas.<br>
<br>
Since Prism's existence became public, Microsoft and the other companies<br>
listed on the NSA documents as providers have denied all knowledge of the<br>
program and insisted that the intelligence agencies do not have back doors<br>
into their systems.<br>
<br>
Microsoft's latest marketing campaign, launched in April, emphasizes its<br>
commitment to privacy with the slogan: "Your privacy is our priority."<br>
<br>
Similarly, Skype's privacy policy states: "Skype is committed to respecting<br>
your privacy and the confidentiality of your personal data, traffic data and<br>
communications content."<br>
<br>
But internal NSA newsletters, marked top secret, suggest the co-operation<br>
between the intelligence community and the companies is deep and ongoing.<br>
<br>
The latest documents come from the NSA's Special Source Operations (SSO)<br>
division, described by Snowden as the "crown jewel" of the agency. It is<br>
responsible for all programs aimed at US communications systems through<br>
corporate partnerships such as Prism.<br>
<br>
The files show that the NSA became concerned about the interception of<br>
encrypted chats on Microsoft's Outlook.com portal from the moment the company<br>
began testing the service in July last year.<br>
<br>
Within five months, the documents explain, Microsoft and the FBI had come up<br>
with a solution that allowed the NSA to circumvent encryption on Outlook.com<br>
chats<br>
<br>
A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working<br>
with the FBI, developed a surveillance capability to deal" with the issue.<br>
"These solutions were successfully tested and went live 12 Dec 2012."<br>
<br>
Two months later, in February this year, Microsoft officially launched the<br>
Outlook.com portal.<br>
<br>
Another newsletter entry stated that NSA already had pre-encryption access to<br>
Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com<br>
emails will be unaffected because Prism collects this data prior to<br>
encryption."<br>
<br>
Microsoft's co-operation was not limited to Outlook.com. An entry dated 8<br>
April 2013 describes how the company worked "for many months" with the FBI <br>
which acts as the liaison between the intelligence agencies and Silicon<br>
Valley on Prism to allow Prism access without separate authorization to its<br>
cloud storage service SkyDrive.<br>
<br>
The document describes how this access "means that analysts will no longer<br>
have to make a special request to SSO for this a process step that many<br>
analysts may not have known about".<br>
<br>
The NSA explained that "this new capability will result in a much more<br>
complete and timely collection response". It continued: "This success is the<br>
result of the FBI working for many months with Microsoft to get this tasking<br>
and collection solution established."<br>
<br>
A separate entry identified another area for collaboration. "The FBI Data<br>
Intercept Technology Unit (DITU) team is working with Microsoft to understand<br>
an additional feature in Outlook.com which allows users to create email<br>
aliases, which may affect our tasking processes."<br>
<br>
The NSA has devoted substantial efforts in the last two years to work with<br>
Microsoft to ensure increased access to Skype, which has an estimated 663<br>
million global users.<br>
<br>
One document boasts that Prism monitoring of Skype video production has<br>
roughly tripled since a new capability was added on 14 July 2012. "The audio<br>
portions of these sessions have been processed correctly all along, but<br>
without the accompanying video. Now, analysts will have the complete<br>
'picture'," it says.<br>
<br>
Eight months before being bought by Microsoft, Skype joined the Prism program<br>
in February 2011.<br>
<br>
According to the NSA documents, work had begun on smoothly integrating Skype<br>
into Prism in November 2010, but it was not until 4 February 2011 that the<br>
company was served with a directive to comply signed by the attorney general.<br>
<br>
The NSA was able to start tasking Skype communications the following day, and<br>
collection began on 6 February. "Feedback indicated that a collected Skype<br>
call was very clear and the metadata looked complete," the document stated,<br>
praising the co-operation between NSA teams and the FBI. "Collaborative<br>
teamwork was the key to the successful addition of another provider to the<br>
Prism system."<br>
<br>
ACLU technology expert Chris Soghoian said the revelations would surprise<br>
many Skype users. "In the past, Skype made affirmative promises to users<br>
about their inability to perform wiretaps," he said. "It's hard to square<br>
Microsoft's secret collaboration with the NSA with its high-profile efforts<br>
to compete on privacy with Google."<br>
<br>
The information the NSA collects from Prism is routinely shared with both the<br>
FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently<br>
expanded sharing with the other two agencies.<br>
<br>
The NSA, the entry reveals, has even automated the sharing of aspects of<br>
Prism, using software that "enables our partners to see which selectors<br>
[search terms] the National Security Agency has tasked to Prism".<br>
<br>
The document continues: "The FBI and CIA then can request a copy of Prism<br>
collection of any selector
" As a result, the author notes: "these two<br>
activities underscore the point that Prism is a team sport!"<br>
<br>
In its statement to the Guardian, Microsoft said:<br>
<br>
We have clear principles which guide the response across our entire<br>
company to government demands for customer information for both law<br>
enforcement and national security issues. First, we take our commitments to<br>
our customers and to compliance with applicable law very seriously, so we<br>
provide customer data only in response to legal processes.<br>
<br>
Second, our compliance team examines all demands very closely, and we<br>
reject them if we believe they aren't valid. Third, we only ever comply with<br>
orders about specific accounts or identifiers, and we would not respond to<br>
the kind of blanket orders discussed in the press over the past few weeks, as<br>
the volumes documented in our most recent disclosure clearly illustrate.<br>
<br>
Finally when we upgrade or update products legal obligations may in some<br>
circumstances require that we maintain the ability to provide information in<br>
response to a law enforcement or national security request. There are aspects<br>
of this debate that we wish we were able to discuss more freely. That's why<br>
we've argued for additional transparency that would help everyone understand<br>
and debate these important issues.<br>
<br>
In a joint statement, Shawn Turner, spokesman for the director of National<br>
Intelligence, and Judith Emmel, spokeswoman for the NSA, said:<br>
<br>
The articles describe court-ordered surveillance and a US company's<br>
efforts to comply with these legally mandated requirements. The US operates<br>
its programs under a strict oversight regime, with careful monitoring by the<br>
courts, Congress and the Director of National Intelligence. Not all countries<br>
have equivalent oversight requirements to protect civil liberties and<br>
privacy.<br>
<br>
They added: "In practice, US companies put energy, focus and commitment into<br>
consistently protecting the privacy of their customers around the world,<br>
while meeting their obligations under the laws of the US and other countries<br>
in which they operate."<br>
<br>
_______________________________________________<br>
extropy-chat mailing list<br>
<a href="mailto:extropy-chat@lists.extropy.org">extropy-chat@lists.extropy.org</a><br>
<a href="http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat" target="_blank">http://lists.extropy.org/mailman/listinfo.cgi/extropy-chat</a><br>
</blockquote></div>