NSA Testimony: Microsoft, Others Knew of Government Surveillance
- By Kurt Mackie
- March 20, 2014
An attorney for the U.S. National Security Agency said that contrary to their denials, service providers, including Microsoft, knew of the NSA's broad access to customer data.
According to a report published Wednesday by The Guardian, NSA General Counsel Rajesh De said in a government hearing that service providers provided the data as part of a "compulsory legal process." In addition to being provided by service providers in response to subpoenas, customer data was also accessed in transit, per the authority of Section 702 of the FISA Amendments Act.
"After the hearing, De added that service providers also know and receive legal compulsions surrounding NSA's harvesting of communications data not from companies but directly in transit across the internet under 702 authority," The Guardian wrote.
The hearing was conducted by the Privacy and Civil Liberties Oversight Board, an executive branch-appointed body.
Whistle-blower and former NSA contractor Edward Snowden had contended that NSA analysts could simply reach into service provider traffic without a legal process through the NSA's PRISM program. De's explanation seems to be that Section 702 allows such broad access and that service providers are aware that the NSA has such access.
Microsoft and other service providers early on suggested that they only responded to specific legal requests. Microsoft made that point and suggested that it wasn't aware of the data collection process that came to be known as the PRISM program, according to a June statement issued by the company:
We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don't participate in it.
However, an NSA slide leaked as a result of Snowden's disclosures indicated that Microsoft had joined the PRISM program back in 2007, with Yahoo, Google, Facebook, Paltalk, Skype, AOL and Apple joining in subsequent years.
Facebook founder Mark Zuckerberg indicated this month that he had called President Obama to complain about U.S. government surveillance behavior, asking for greater transparency. Zuckerberg complained of being "confused and frustrated," but De's comments suggest that Facebook and other service providers are simply aware that the upstream-traffic taps take place.
Microsoft and other service providers dropped their lawsuits in January after an agreement was reached with the government to allow limited bulk reporting of law enforcement requests, including those from the secret Foreign Intelligence Surveillance Court. However, such reporting is delayed for two years if the target is a "new capability order" of that court, meaning that the information was requested for the first time. Microsoft issues its law enforcement request reports every six months, but the names of companies or individuals targeted by legal requests aren't named.
In March, Microsoft announced assurances that companies could use its cloud services with data stored outside the United States. Microsoft, as a U.S.-based company, is bound to comply with U.S. laws, which include non-transparent legal frameworks for searching data networks.
In related news, The Washington Post reported earlier this month that the NSA is capable of retrieving the phone traffic of entire countries for about a month's time. That bulk recording is carried out under a program called MYSTIC that began in 2009, according to the report. The NSA purportedly is capable of tapping major telecommunications hubs across the globe, according to past Snowden-associated leaks.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.