Surveillance

Microsoft pushes back against surveillance

Placeholder Image for Article Template

Microsoft officials say they are taking steps to guarantee that governments -- including the United States -- follow legal processes rather than use what the company's top lawyer called "brute force" to access data about its customers.

The company plans to strengthen encryption of customer data and take a more active role in challenging efforts to collect information on its users. It will also be more active in informing customers when data is requested. In addition, Microsoft will expand customers' access to source code to allay concerns that built-in "back doors" exist to allow law enforcement and intelligence agencies to access the information.

"Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyberattacks," Microsoft General Counsel Brad Smith wrote in a Dec. 4 blog post.

Smith's post does not mention the National Security Agency or the U.S. government by name, but it does acknowledge concerns about reports of "governmental interception and collection -- without search warrants or legal subpoenas -- of customer data as it travels between customers and servers or between company data centers in our industry."

Microsoft has been deeply enmeshed in the U.S. government's information-mining efforts. According to documents leaked by former NSA contractor Edward Snowden, Microsoft gave the agency and the FBI access to information on users of the company's Outlook.com email service, SkyDrive storage service and Skype videoconferencing network.

Smith said the company will be more skeptical about governments' requests for personal information and data stored by its cloud customers.

"Except in the most limited circumstances, we believe that government agencies can go directly to business customers or government customers for information or data about one of their employees -- just as they did before these customers moved to the cloud -- without undermining their investigation or national security," Smith wrote.

Microsoft also plans to use applicable foreign laws when appropriate to resist data-collection attempts made outside established legal processes, which appears to be a nod to European customers who store material in data centers that are subject to the sometimes more stringent privacy protections of European law.

Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, said U.S.-based cloud vendors will have to go the extra mile to assure foreign customers that their data is safe from bulk collection. In August, he published a report that estimates NSA surveillance could cost U.S. cloud providers $22 billion to $35 billion over the next three years.

Castro said he expects more companies to follow Microsoft's lead in making privacy protection a selling point for customers. But he worries that NSA surveillance "is turning the Internet into a third-world country" in which each company is responsible for its own security. "The government is creating more risk, and that's a cost to everyone else," Castro told FCW.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.