News

Report: Microsoft Helped NSA Monitor SkyDrive, Skype and Outlook Users

• By Chris Paoli
• July 11, 2013

New documents recently leaked to U.K. newspaper The Guardian suggest Microsoft worked with the National Security Agency (NSA) and its PRISM surveillance program to give the agency access to Microsoft customers' data.

The Guardian obtained the documents from NSA leaker Edward Snowden. According to a report from The Guardian on Thursday, Microsoft provided the NSA with an encryption workaround to broadly monitor the activities of Outlook.com, Skype and SkyDrive users.

Microsoft provided the workaround after the NSA expressed concern over not being able to gain access to Web chats on Microsoft's newly revamped Outlook.com service (formerly Hotmail). Before giving the encryption workaround, Microsoft had already provided access to personal e-mails through the Outlook.com and Hotmail services, according to The Guardian's account.

The recently released information also contained details alleging that Microsoft cooperated with the FBI in providing insights on how to undercut the e-mail alias feature in Outlook.com.

The Guardian also reported that the integration of the Skype voice-over-IP telephony service into the PRISM program began as far back as November 2010, before Microsoft's acquisition of the Luxembourg-based company. In February 2011, Skype received a signed directive from the attorney general to comply. Microsoft announced its plans to purchase of Skype in May 2011.  

Speaking on the issue of consumer privacy, ACLU technology expert Chris Soghoian told The Guardian that Microsoft's involvement with PRISM directly goes against its commitment to user privacy made on the Skype Web site. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," Soghoian told the newspaper. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."

In a statement made by Microsoft on Thursday, the company confirmed that it has been working with government agencies on national security matters, but that it had not provided the NSA with any means to broadly monitor Skype, Outlook.com or SkyDrive, except by subpoena:

"First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes. Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid.  Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate."

While Microsoft's statement directly contradicts the recently leaked information, the company has argued since the news of the PRISM surveillance program surfaced in June that it only provides specific access to a limited amount of personal data when requested by a court order. In March, Microsoft announced a new policy to disclose law enforcement requests for customer data. However in June, the company clarified that it now includes Foreign Intelligence Surveillance Act (FISA) request data in the bulk number of requests it reports every six months.

In a June blog post, Microsoft indicated that it is obligated by the U.S. government to obscure exactly which portion of that data is disclosed due to FISA requests. It also suggested that it hasn't received a bulk-spying FISA request such as the Verizon FISA order disclosed by Snowden.

"We have not received any national security orders of the type that Verizon was reported to have received that required Verizon to provide business records about U.S. customers," claimed John Frank, vice president and deputy general counsel for Microsoft, in the blog post.

Snowden had previously disclosed that other major technology companies, including Google, Facebook, Yahoo, AOL and Apple, also are actively participating in the Prism surveillance program. However, Microsoft was the first to join the program, according to the leaked NSA documents.