News

Report: Microsoft Helped NSA Monitor SkyDrive, Skype and Outlook Users

New documents recently leaked to U.K. newspaper The Guardian suggest Microsoft worked with the National Security Agency (NSA) and its PRISM surveillance program to give the agency access to Microsoft customers' data.

The Guardian obtained the documents from NSA leaker Edward Snowden. According to a report from The Guardian on Thursday, Microsoft provided the NSA with an encryption workaround to broadly monitor the activities of Outlook.com, Skype and SkyDrive users.

Microsoft provided the workaround after the NSA expressed concern over not being able to gain access to Web chats on Microsoft's newly revamped Outlook.com service (formerly Hotmail). Before giving the encryption workaround, Microsoft had already provided access to personal e-mails through the Outlook.com and Hotmail services, according to The Guardian's account.

The recently released information also contained details alleging that Microsoft cooperated with the FBI in providing insights on how to undercut the e-mail alias feature in Outlook.com.

The Guardian also reported that the integration of the Skype voice-over-IP telephony service into the PRISM program began as far back as November 2010, before Microsoft's acquisition of the Luxembourg-based company. In February 2011, Skype received a signed directive from the attorney general to comply. Microsoft announced its plans to purchase of Skype in May 2011.  

Speaking on the issue of consumer privacy, ACLU technology expert Chris Soghoian told The Guardian that Microsoft's involvement with PRISM directly goes against its commitment to user privacy made on the Skype Web site. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," Soghoian told the newspaper. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."

In a statement made by Microsoft on Thursday, the company confirmed that it has been working with government agencies on national security matters, but that it had not provided the NSA with any means to broadly monitor Skype, Outlook.com or SkyDrive, except by subpoena:

"First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes. Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid.  Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate."

While Microsoft's statement directly contradicts the recently leaked information, the company has argued since the news of the PRISM surveillance program surfaced in June that it only provides specific access to a limited amount of personal data when requested by a court order. In March, Microsoft announced a new policy to disclose law enforcement requests for customer data. However in June, the company clarified that it now includes Foreign Intelligence Surveillance Act (FISA) request data in the bulk number of requests it reports every six months.

In a June blog post, Microsoft indicated that it is obligated by the U.S. government to obscure exactly which portion of that data is disclosed due to FISA requests. It also suggested that it hasn't received a bulk-spying FISA request such as the Verizon FISA order disclosed by Snowden.

"We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers," claimed John Frank, vice president and deputy general counsel for Microsoft, in the blog post.

Snowden had previously disclosed that other major technology companies, including Google, Facebook, Yahoo, AOL and Apple, also are actively participating in the Prism surveillance program. However, Microsoft was the first to join the program, according to the leaked NSA documents.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft Closing Most of Its Retail Stores

    Microsoft on Friday announced a major shift in its retail operations, with plans to close most of its physical Microsoft Store outlets in favor of online sales.

  • Matrix

    Microsoft, Harvard Describe Joint Privacy Initiative

    To facilitate data sharing while still preserving data privacy, Microsoft and Harvard have embarked on a set of open source tool called the "OpenDP Initiative."

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.