Microsoft hits out at NSA reports and Obama Justice department

Microsoft Corp. says it's been getting a raw deal, subject to what it complains are exaggerations of its compliance with US government data collection deals but also bound by a gag order from the Obama Justice Department that prevents it from fully defending itself.

The Guardian reported on July 11, citing files provided by former National Security Agency (NSA) contractor Edward Snowden, that "Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption."

The paper reported that Microsoft "helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal"; that the agency "already had pre-encryption stage access to email on Outlook.com, including Hotmail;" and that Microsoft "worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide."

Hogwash, says Microsoft General Counsel Brad Smith in a blog post released on a company website yesterday.

In a letter to Attorney General Eric Holder also sent yesterday, Mr. Smith complained that the government has been slow to respond to requests by Microsoft and other companies mentioned in stories connected to Mr. Snowden's leaks that they be allowed to publicly address the nature and extent of their cooperation with the government. "In my opinion, these issues are languishing amidst discussions among multiple parts of the Government, the Constitution itself is suffering, and it will take the personal involvement of you or the President to set things right," Smith wrote to Mr. Holder.

In his blog, Smith complains "there are significant inaccuracies in the interpretations of leaked government documents reported in the media last week. We have asked the Government again for permission to discuss the issues raised by these new documents, and our request was denied by government lawyers." 

He then goes on to disclose what he can. He writes: "We do not provide any government with direct access to emails or instant messages. Full stop." He writes that Microsoft provides access to information only in response to court orders and warrants, that it has not given the US or any other government access to its encryption keys or a means to break its encryption, and that "we do not provide any government with the technical capability to access user content directly or by itself. Instead, governments must continue to rely on legal process to seek from us specified information about identified account."

This doesn't necessarily mean one or the other side is wrong or lying on all of this. For instance, the Guardian wrote that the NSA "already had pre-encryption stage access to email on Outlook.com, including Hotmail." It could theoretically have that access without any help from Microsoft, and Smith does not categorically state what the NSA might have access to – just what Microsoft has or hasn't done.

Likewise with this claim in the Guardian article: "In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism (a US government data collection and analysis program)." It's certainly possible that NSA's "new capability" was created without the help or knowledge of Microsoft. Smith certainly doesn't rule it out.

"All of us now live in a world in which companies and government agencies are using big data, and it would be a mistake to assume this somehow is confined to the United States," he writes. "Agencies likely obtain this information from a variety of sources and in a variety of ways, but if they seek customer data from Microsoft they must follow legal processes."

But Smith rejects the assertion of closer collaboration made in the Guardian article. He writes:

Cutting through the technical details, all of the information in the recent leaked government documents adds up to two things. First, while we did discuss legal compliance requirements with the government as reported last week, in none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption. Second, these discussions were instead about how Microsoft would meet its continuing obligation to comply with the law by providing specific information in response to lawful government orders.

What does Microsoft want to share publicly that it says the Obama justice department is preventing? I'd sure like to know. Smith strongly implies that it's important, and relevant. And while the company disagrees with some of the assertions made by Snowden and the Guardian, they're in agreement with Snowden that something unconstitutional is going on. Smith concludes:

"The world needs a more open and public discussion of these practices. While the debate should focus on the practices of all governments, it should start with practices in the United States. In part, this is an obvious reflection of the most recent stories in the news. It’s also a reflection of something more timeless. The United States has been a role model by guaranteeing a Constitutional right to free speech. We want to exercise that right. With U.S. Government lawyers stopping us from sharing more information with the public, we need the Attorney General to uphold the Constitution."

And this gets to the heart of the matter stemming from the Snowden revelations. There has been a proliferation of secret warrants and secret orders in the past decade, many from the Foreign Intelligence Surveillance Court, whose rules require secrecy compliance from private companies and individuals.

Snowden with his leaks has basically argued that the government's mantra of "trust us" is overblown. Now Microsoft, albeit for different reasons, is saying the same.