Microsoft, responding to allegations that the company has helped the NSA circumvent encryption in Skype and Outlook.com and provided direct access to data from those and other services, says that it does none of those things and is petitioning the government for permission to publish more information about how it handles requests for customer data from government agencies.
Recent media reports have it that Microsoft has been helping the U.S. government get around the encryption on its Skype VoIP service in order to eavesdrop on the communications of users, ostensibly as part of intelligence investigations. Until Tuesday, Microsoft officials had been conspicuously silent on the allegations. That changed when the company’s general counsel published a detailed, but semantically careful, explanation of what Microsoft does and does not do in response to government data requests. Specifically, he said that Microsoft only provides data when legally required to do so in response to a court order or national security request, and that it never hands over encryption keys.
Regarding Skype, Brad Smith, general counsel at Microsoft, said: “As with other services, we only respond to legal government demands, and we only comply with orders for requests about specific accounts or identifiers. We will not provide governments with direct or unfettered access to customer data or encryption keys.”
Some of the recent leaked documents attributed to Edward Snowden, the former NSA contractor who has been parceling out classified intelligence documents for several weeks now, have implied that Microsoft also provides the government with direct access to data from its Outlook.com service. Smith said this is not the case, but that the company does provide data when required to by court order.
“We do not provide any government with direct access to emails or instant messages. Full stop,” Smith wrote. “Recent leaked government documents have focused on the addition of HTTPS encryption to Outlook.com instant messaging, which is designed to make this content more secure as it travels across the Internet. To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.”
Microsoft and other companies, including Google, publish periodic reports showing how many requests for user data they receive and comply with, including national security letters. In the wake of the NSA leaks, both Google and Microsoft have asked the government for permission to publish more specific information about the volume and kind of requests they receive in order to show what they turn over to the government. So far the Department of Justice has not been willing to let this happen, and Microsoft sent a letter to Attorney General Eric Holder on July 16 asking him to get involved in the process himself.
“I’m writing to ask you to get involved personally in assessing the Constitutional issues raised by Microsoft and other companies that have repeatedly asked to share publicly more complete information about how we handle national security requests for customer information. In my opinion, these issues are languishing amidst discussions among multiple parts of the Government, the Constitution itself is suffering, and it will take the personal involvement of you or the President to set things right,” Smith wrote in his letter to Holder.
“Last week we requested official permission to publicly explain practices that are the subject of newly-leaked documents that refer to Microsoft and have now been misinterpreted in news stories around the world. This request was rejected. While we understand that various government agencies are trying to reach a decision on these issues, this has been the response for weeks. In the meantime, the practical result of this indecision is continued refusals to allow us to share more information with the public.
“This opposition and these delays are serving poorly the public, the Government itself, and most importantly, the Constitutional principles that we all put first and foremost.”
The direct appeal to the attorney general and implication that his department is stonewalling is an unusual move for a company such as Microsoft. These kinds of machinations typically play out behind closed doors rather than out in the open, but the stakes have been raised quite a bit in recent weeks by the NSA leaks, something that Smith and Microsoft emphasized in the appeal to Holder.
“It’s time to face some obvious facts. Numerous documents are now in the public domain. As a result, there is no longer a compelling Government interest in stopping those of us with knowledge from sharing more information, especially when this information is likely to help allay public concerns,” Smith wrote. “Put simply, we need you to step in to ensure that common sense and our Constitutional safeguards prevail.”
Image from Flickr photos of Ryan J. Reilly.