Microsoft Denies Giving NSA "Direct Access,” Asks Holder To Allow Disclosure

By Staff Reporter| Jul 17, 2013

Microsoft, on Tuesday, pressed U.S. Attorney General Eric Holder to allow it to publish more information about its involvement in the NSA's PRISM program, while also denying recent assertions that it helped the NSA circumvent encryption on its online services.

In a post on Microsoft's public policy blog, Brad Smith, Microsoft's General Counsel and Executive Vice President of Legal Affairs denied reports that the company gives the National Security Agency any "direct or unfettered access" to customer data. This, after The Guardian's Glenn Greenwald, with documents provided by Edward Snowden, published an article claiming that Microsoft helped the NSA crack the encryption on its own Outlook.com web chat functions, as well as providing pre-encryption access to its email servers, SkyDrive, and Skype video chats.

Smith called on the U.S. Attorney General, Eric Holder, to "personally take action to permit Microsoft and other companies to share publicly more complete information," about how national security requests for its customer data are handled. Microsoft's top lawyer went on to write, "We believe the U.S. Constitution guarantees our freedom to share more information with the public, yet the Government is stopping us." He cited a petition filed in court by Microsoft on June 19, asking to publish the total number of national security requests received, which has not been responded to yet.

Smith posted responses to allegations by the Guardian, going through each Microsoft service mentioned in the report.

Email and Messaging:

The Guardian accused Microsoft of helping the NSA hack its own Outlook.com instant messaging web chat system, publishing an exerpt from a top secret internal NSA newsletter that says, "MS, working with the FBI, developed a surveillance capability" to decrypt chat messages. Greenwald then published an excerpt from a purported NSA newsletter that says that the government agency has pre-encryption access to Microsoft's email: "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."

Smith's response: "We do not provide any government with direct access to emails or instant messages. Full stop... We do not provide any government with the technical capability to access user content directly or by itself. Instead, governments must continue to rely on legal process to seek from us specified information about identified accounts."

Sky Drive:

Greenwald had purported NSA documents showing that Microsoft worked with the FBI to provide special access to SkyDrive cloud storage data, resulting in the NSA's praise for the FBI and Microsoft's teamwork: "This success is a result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

Microsoft responded saying, "In 2013 we made changes to our processes to be able to continue to comply with an increasing number of legal demands [from] governments worldwide. None of these changes provided any government with direct access to SkyDrive. Nor did any of them change the fact that we still require governments to follow legal processes when requesting customer data."

Skype Call Monitoring:

The Guardian reportedly had a document showing that the NSA was capable of tapping into Skype calls - at first audio, but then, starting about a year ago, video calls: "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture.'"

Microsoft said the change mentioned in 2012 was to move Skype supernode hosting in-house and migrate Skype IM traffic to servers in Microsoft's data centers (Microsoft bought Skype in 2011). Said Smith, "these changes were not made to facilitate greater government acess to audio, video, messaging or other customer data, " adding that "we... assume that all calls, whether over the Internet or by fixed line or mobile phone, will offer similar levels of privacy and security," meaning that court orders are required to tap a call. Again, Smith asserted that the NSA does not get "direct or unfettered access" to Skype data or encryption keys.

Microsoft's lawyer also said that requests for data from enterprise customers are rare and customers are notified, "unless the company is legally prohibited from doing so." Enterprise customers were not specifically mentioned in Greenwald's latest report, but Microsoft is likely covering that base just to be safe because it's (justifiably) worried about the damage these PRISM-related accusations can cause, just one day ahead of Microsoft's earnings report.

Microsoft, as well as Facebook, Apple, and Yahoo, have already published limited data on national security requests - usually representing a six-month period and giving only specifics on the number of requests and the number of customers targeted by them. Since the NSA PRISM program was leaked by Snowden and exposed by the Washington Post and The Guardian, these companies have denied giving the NSA "direct access" to customer data and petitioned to release as much information as possible on national security requests, as the story continues to grow into a public relations nightmare.

Latest News