Get the ECT News Network Weekly Newsletter » View Sample | Subscribe
Welcome Guest | Sign In

Microsoft Wants to Come Clean About PRISM

By Richard Adhikari
Jul 17, 2013 9:48 AM PT

In the wake of rising public anger against Microsoft over allegations of its involvement in the National Security Agency's PRISM program, the company on Tuesday urged U.S. Attorney General Eric Holder to let it share more details about the way it handles government requests for information about its customers.

Microsoft Wants to Come Clean About PRISM

There are "significant inaccuracies" in the interpretation of leaked government documents reported in the media last week, according to Microsoft General Counsel Brad Smith.

"We believe the U.S. Constitution guarantees our freedom to share information with the public, yet the government is stopping us," he wrote.

Microsoft has so far received no response to a petition it filed in June seeking permission to publish the volume of national security requests it has received.

The Guardian last week claimed that Microsoft helped the NSA circumvent its encryption on the portal; gave the agency pre-encryption-stage access to email on; and worked with the FBI's Data Intercept Unit to understand potential issues with a feature in that lets users create email aliases, among other things.

Smith denied those allegations.

Damned if You Do

"Tech companies are between a rock and a hard place," said Robin Feldman, a professor at the UC Hastings College of the Law and codirector of the college's Privacy and Technology Project.

In its plea to the Justice Department, Microsoft "is not necessarily trying to say this is unconstitutional -- they're saying they want not to do this," Feldman told the E-Commerce Times.

However, "if Microsoft really cared about privacy, it would be fighting these issues when these programs were implemented, not after they were made public," contended Yasha Heidari, managing partner at the Heidari Power Law Group. "Microsoft's actions are little more than a public relations stunt."

Microsoft is "not providing any additional comment or information beyond the Microsoft blog post and the embedded letter to the U.S. Attorney General," Tricia Payer of Waggener Edstrom, the company's public relations agency, told the E-Commerce Times.

Microsoft's Case

Microsoft does not provide any government with direct access to emails or instant messages or SkyDrive or the ability to break HTTPS encryption on instant messages, or provide any government with the encryption keys, Smith stated.

He also denied accusations that Microsoft made changes to Skype to afford easier governmental access to that service.

The company does comply with lawful demands from governments to turn over content for specific accounts on receipt of a search warrant or court order, Smith asserted.

Microsoft discussed legal compliance requirements with the government last week as reported, Smith said, but the discussion was confined to how it would continue to comply with lawful requests.

How Microsoft Turns Over Data

When Microsoft is legally obligated to comply with government demands, it pulls the specified content from its servers, where it sits in an unencrypted state, and then provides it to the government agency.

That could be tricky, because "if companies decrypt data at rest on servers they don't physically control, such as on cloud services, then their decryption keys are exposed in memory," Steve Weis, chief technology officer at PrivateCore, told the E-Commerce Times.

By taking a snapshot of the memory, people could parse out decryption key values and unlock data at rest, whether or not they had lawful access to that data, Weis continued.

Why Microsoft Might Be Antsy

Several other high-tech players, including Google and Facebook, are allegedly partners in the PRISM project, but Microsoft has objected the loudest and most fervently.

That's possibly because of its ownership of Skype, UC Hastings' Feldman speculated.

"For a long time, Skype was considered untraceable," she said. "It was used by journalists and revolutionaries because of that -- so for Microsoft, Skype is the key."

Or it could be that Microsoft is concerned about losing business.

"A number of Microsoft's products are directly marketed to government entities," Heidari pointed out. "This is an especially sensitive issue since it has previously faced scrutiny for certain improper practices with foreign governments, such as the EU."

digital to-do list for turning customers into fans
How important is the availability of curbside service when you consider a physical store to do your shopping?
Critically Important - I will not shop at an establishment that does not provide curbside service.
Quite Important - During the pandemic I prefer not to go inside a physical location. Still, I will consider a business that does not offer curbside service.
Somewhat Important - I like a curbside option, but itís not part of my decision-making process when I choose where to shop.
Not Important - I do not use curbside pickup. When I go out to shop I want to select everything myself.
digital to-do list for turning customers into fans
Women in Tech