Slashdot Mirror
MS Handed NSA Access To Encrypted Chat & Email
kaptink writes with the latest revelation from Edward Snowden: "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal. The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail. The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide. Microsoft also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in Outlook.com that allows users to create email aliases. Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio. Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport.'"
All this and now they want to put an always (or nearly) on mic and camera in my home?
Paying taxes to buy civilization is like paying a hooker to buy love.
At what point do we call it a corporate-fascist police state?
http://cryptome.org/2012/07/gent-forum-spies.htm
campaign against Google, attacking Google for "reading your email" for putting ads on the screen.
http://www.theverge.com/2013/2/7/3962794/microsoft-revives-anti-google-scroogled-campaign-to-attack-gmail
I'm getting a bit tired of news like this. Can we just conclude that the NSA listens to and collects as much data as it can from the US's allies as well as their enemies? And that the US's allies probably have known that for a long time but now Snowden has reveiled it they have to act surprised and angry so their citizens don't panick?
-- Cheers!
welcome our email and chat reading overlords and I dare them to decrypt my ROT13 encoded emails...suckers.
If it's good enough for SCO, it's good to go.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
I've been following these revelations pretty closely but I didn't come across this until now, well worth a look: http://www.youtube.com/watch?v=d6m1XbWOfVk (Interview with Russell Tice, another NSA whistleblower)
MS Outlook/Hotmail/Skype has tens of millions of users in 190+ countries around the world. If MS handed ALL OF THAT PRIVATE INFO to the NSA while pretending NOT TO DO PRECISELY THAT, this is the beginning of the end for MS in this market segment. I've had a Hotmail account for over a decade, and I'm seriously pissed that MS made my private emails accessible to the NSA. ---- I hope that Microsoft gets fucked forwards, backwards and sideways for doing this by its loyal customers. I sure as hell won't be using Hotmail/Outlook for anything confidential anymore. ---- To Microsoft's executives: You are a bunch of reckless, lying, cheating, incompetent assworms pretending to be human beings. I hope you lying, backstabbing fucksticks get 20+ year jail sentences for what you have done to innocent users of your email products.
Why did the chicken cross the road? Because Elon Musk put an AI chip in its head.
.. if Microsoft bought Skype in order to provide access, and if any $ changed hands.
... for the first person to post that they've known this was happening for years and that anybody who didn't is a moron.
Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.
... only once the target has been confidently identified as an American, and if they're communicating with someone who has not been confidently identified as an American the communications are presumably still available. Snowden described "the widest possible aperture".
Companies cant design truly secure communications because government thinks that should not be legal. This is a fundamental problem.
Good-bye
Targeting US citizens does require an individual warrant,
They don't have to target anyone because they simply record all communications. Thus neatly bypassing the need for warrants etc. The NSA has been caught lying about this stuff already. I see no reason to believe their denials now.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
The vendors say they obey the law, respond only to direct requests for information, review those carefully, and then decided what data to release.
But how is that possible if the data is being hoovered? Would the "direct request" be something on the order of, "gives me all your data -- all of it, on everyone", in which case, that thoughtful review and careful decision is a MEANINGLESS exercise.
When the state has ultimate power, it drains the normal meanings of words. Even saying something like, "we are a nation of laws, not men" is meaningless in the face of such categorical activity. When the government is that intrusive, what's legal is whatever it wants it to be.
That's the problem. If I were a plucky startup, I would be busy getting together a technical response to this. Clearly, everyone needs to be able to encrypt everything BEFORE it gets into the hands of any information provider.
"We receive as friendly that which agrees with, we resist with dislike that which opposes us" - Faraday
What utter horseshit. M$ and others are private companies, trusted by the public with their personal data. If the NSA or other government agency has a specific need to look at a communication, they are supposed to go to a judge, obtain a warrant, and go to M$ with that authority. That is NOT what has been happening. It's unconstitutional, immoral, and unethical.
With all respect, I don't want to stop hearing these news. Because I want *confirmation* of every single thing that the US has done against people's freedom. I don't want to be considered a tinfoil hat paranoid anymore. I want proof, so no one can neglect later, about how fascist he US has become. And just because it was suspected, it doesn't mean that it is ok and we can just keep going with our lives as if nothing had happened. I want to see people resign, and I want to see people get spit at publicly, and ideally --even if it's never gonna happen-- I'd like to see people going to jail not only for having violated the most basic human rights, but for trying to brainwash the uneducated into believing that this is the correct approach to protect US's national security.
Targeting US citizens does require an individual warrant
Right, and how do they determine if the person is a US citizen or not? They have a program (Prism) to analyze various things they know about that person, and if the person is 51% or more likely to be foreign, then they tap them. So it's like a coin toss, plus 1%. This is according to James Clapper. From here:
The government knows that it regularly obtains Americans’ protected communications. The Washington Post reported that Prism is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” By turning a blind eye to the fact that 49-plus percent of the communications might be purely among Americans, the N.S.A. has intentionally acquired information it is not allowed to have, even under the terrifyingly broad auspices of the FISA Amendments Act.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
At least I didn't get Scroogled. Oh wait. That's exactly what happened.
Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.
I notice you carefully decided not to quote the first sentence of that paragraph:
Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time.
Why did you leave that out?
51% Believe? How the hell do you measure that?
The way I read it is any half assed idle speculation is sufficient to avoid even asking for a warrant at any time.
Is there anyone left on planet earth who still believes the Meta Data Only nonsense?
Did the NSA buy Skype for Microsoft? Did the NSA demand the routing of all conversations through Microsoft's own servers, instead
of the distributed nodes used in the original Skype design?
Where is Microsoft actually hosting their Skype servers? Are they using "overseas" Asure data centers so that the 51% can be met?
Sig Battery depleted. Reverting to safe mode.
Interpreting the lawyer-fied terms of service reveals that Microsoft has been hinting at this kind of thing for a while. That's fun. http://tosdr.org/#microsoft
Since my MS live account is generally only used to catch spam... I wonder how much this is costing me in tax dollars.
Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time.
51% Believe? How the hell do you measure that?
I think we all know the answer to that question.
The absence of information is interpreted against you (unknowns are assumed to be outside of US by default). So unless you find NSA's complaint department and come in there with a proof that you are, in fact, in US, they can assume you are not.
Written communication by an American cannot possibly be distinguished from written communication by a foreigner. Grammar? 2nd languages? How are they able to tell who's who?
If they accidentally targeted even one American, they've just breached the constitution and are in violation of US laws that came before their grandfathers making them criminals. Why has nobody in the government been arrested over this?
Because they think they can get away with anything. Scary stuff.
By recording the communications without a warrant they are targeting everyone without a warrant. How about passing a law that states you go to jail for violating the constitution and then hitting the NSA with 313 million counts of it?
In the name of terrorism however, this will never happen.
Bing'd: getting caught by law enforcement thanks to the ever helpful and ever present folks of the SS.....I mean MS.
(i.e. My neighbor got bing'd for skyping to a friend that he was he was still watering his lawn despite the water ration.)
-- L8R, guitardood
That isn't what the article is about. It is about Microsoft intentionally using a crippled encryption system to encourage a false sense of security and about some further specifics about Microsoft's cooperation with the PRISM blanket surveillance system. Basically more details about how Microsoft completely fucks over their customers and essentially acts as a branch of the NSA.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
Did the NSA buy Skype for Microsoft?
No, but the NSA probably paid MS more in tax payer dollars for access to that information than skype cost to buy for MS.
My interpretation of a statement like a "has a 51% belief" is "feels that it is more likely than not". In other words, you can read "if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time" as "if the NSA operative feels that it is more likely than not that the target is not a US citizen and is not on US soil at the time". At that confidence level, pure speculation typically constitutes sufficient proof.
What it means is that the NSA AUTOMATICALLY assumes everyone is out of the country. Get it ?
They now can spy with impunity.
Anyone who believes the shit coming out of the NSA, Congress, Microsoft, Apple, Facebook, and Google better have his brains checked. They are all lying, and they don't give a shit about you. You want privacy ? Better start designing communication systems that are not dependent on any corporate structure. FOSS all the way. And even in this case better be alert 'cause it is all to easy to insert malicous code as several examples have shown in the past.
I would view this action from them as illegal anyways.
It doesn't matter if the server is in USA or where.. MS is here, in Finland, selling and marketing this service to me. so they should adhere to our laws about our data. They don't(shouldn't) get out of the data protection and privacy responsibilities by outsourcing some of their work to USA - and if they do that is a dangerous precedent because then you could just dump all our laws about it while they go and put a proxy in some Zimbanaomiland - on principal level that's what they're doing.
world was created 5 seconds before this post as it is.
I'm getting a bit tired of news like this...
Slashdot is the hangout for exceptionally smart people, a lot of whom think that this situation presents a grave danger.
Granted, you don't have to agree with a lot of exceptionally smart people, but to ask them to stop worrying over something they think is important?
And note that you, yourself can avoid reading this type of news simply by not clicking on the article.
So you're saying that we should stop discussing this, for your personal convenience?
I am at a loss for [printable] words.
Did the NSA buy Skype for Microsoft?
No, but the NSA probably paid MS more in tax payer dollars for access to that information than skype cost to buy for MS.
You don't know that the NSA didn't funnel the money, either directly of embedded in contracts, or repay it via tax rebates.
Microsoft had no need of Skype. (Neither did Ebay, but they were too incompetent to do the government's bidding).
Almost their first major change was the routing of all calls through microsoft's servers. That was un-necessary from a
service perspective, and actually not desirable for either Microsoft or the end user.
Then presto-chango there are Asure datacenters sprouting all over the globe, for "cloud" services that Microsoft didn't even have, and which users didn't exist.
If you could follow the money, my bet is that you would find Skype is a NSA entity since Microsoft took over.
Sig Battery depleted. Reverting to safe mode.
Written communication by an American cannot possibly be distinguished from written communication by a foreigner. Grammar? 2nd languages? How are they able to tell who's who?
If they accidentally targeted even one American, they've just breached the constitution and are in violation of US laws that came before their grandfathers making them criminals. Why has nobody in the government been arrested over this?
Because they think they can get away with anything. Scary stuff.
You have to prove that they're doing it. And you can't do that because the information is classified.
Battlemaster--Game with friends in medival realms
You left out a few steps in your proof. Starting from what I said:
Check out my sci-fi/humor trilogy at PatriotsBooks.
The government knows that it regularly obtains Americans’ protected communications. The Washington Post reported that Prism is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” By turning a blind eye to the fact that 49-plus percent of the communications might be purely among Americans, the N.S.A. has intentionally acquired information it is not allowed to have, even under the terrifyingly broad auspices of the FISA Amendments Act.
"Tap them", indeed, and then some. This latest round of revelations by the whistlblower Snowden details how Microsofts cloud service SkyDrive pipes directly into Prism. Skydrive has a nasty little feature, turned on by default (and turned on again on any upgrade if you decided to turn it off) that allows remote access to all the contents of all hard drives connected to your computer. Yes, thats right, everything *outside* your Skydrive folder. If your a non US citizen then your hard drive is now potentially imaged by prism, if your a US citizen living in the US you have a coin toss +1% chance of the same. Even if it is turned off how can you know they cant remotely image your computer - you cant, because Microsoft (and google, and yahoo...) just a few weeks ago all assured us they only reluctantly respond to court orders. Snowden has blown the whistle on them there lies, at least in Micrisifts case. Interesting to see if Google did backflips like MS has to give all the three letter agencies direct access to our private data.
Since slashdot refuses to accept my submission on this, or anything else relating to this guy, I'll just leave this here:
The American Public: Edward Snowden is not a traitor
A new poll released Wednesday by Qunnipiac University finds that the vast majority of Americans thing that Edward Snowden is a whistle-blower, not a traitor. A mere 34% think he is a traitor 45% percent think the government’s anti-terrorism efforts go too far restricting civil liberties, a reversal from a January 10, 2010, survey.
"The fact that there is little difference now along party lines about the overall anti- terrorism effort and civil liberties and about Snowden is in itself unusual in a country sharply divided along political lines about almost everything. Moreover, the verdict that Snowden is not a traitor goes against almost the unified view of the nation's political establishment." — Peter Brown, assistant director of the Quinnipiac University Polling Institute.
http://www.quinnipiac.edu/institutes-and-centers/polling-institute/national/release-detail?ReleaseID=1919
In the modern world, "secure in their papers" doesn't mean anything, almost all communication is not via "papers", but rather are digital substitutes (sic) for paper. We are no longer secure in our papers, when we cannot trust that our effects are ours, if we happen to store them in an online vault.
What is worse, is that while we are unable to keep secrets from government, government feels perfectly fine trying to keep secrets from "we the people" that supposedly form it.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
They play with English a bit. They're 'targeting' foreign nationals. However, they're doing that by recording and monitoring information from everyone.
What's this obsession with American citizens? Someone talked a lot about morale recently here, does the morality suddenly lose its meaning when applied to somebody else than Americans?
The bottom line is they've still collected information on US citizens that they can't constitutionally posses without a warrant. Whatever their intent is is irrelevant as they cannot constitutionally have the information in the first place.
I doubt that they have breached the Constitution since it is bigger than you probably think
You doubt that they have breached the constitution because you are a pro-government stooge. You're literally just an object to be ridiculed here. You might as well go somewhere where people are on the fence about issues such as these and try to brainwash them, because most people on Slashdot likely think you're just a joke.
otherwise they wouldn't bother going to the courts, and ignore the FISA courts orders.
They don't even need to ignore the FISA court orders; the court will give them practically anything they want, and have rubberstamped sweeping warrants in the past.
"So? What are you going to do about it?"
The answer is that you'll do nothing. You won't dare elect anyone who will dismantle the system because you're afraid that you'll be put on a "list."
Why don't you people just stop whining about this? Just sit back and relax. Eat the bread and watch the circus.
If you can't think of ways by which you could derive indicators of the nationality of a sender, and maybe a recipient, of a piece of email you aren't really trying.
I can't think of ways by which I could derive indicators of American nationality of a sender/recipient of a piece of email that I haven't collected and examined. Not with a 0% FN rate anyway, which would be required. Collecting and examining it is the part people are claiming is unconstitutional -- and you can't "un-examine" a document.
Since everyone like that one, here's another for you:
New evidence released by the Washington Post confirms that the NSA is tapping major fiberoptic cables as well as has direct access to the internal servers of Google, Apple, etc... despite their claim to the contrary. It seems that room 641A http://en.wikipedia.org/wiki/Room_641A is not just a conspiracy theory after all...
http://www.washingtonpost.com/business/economy/the-nsa-slide-you-havent-seen/2013/07/10/32801426-e8e6-11e2-aa9f-c03a72e2d342_story.html
Written communication by an American cannot possibly be distinguished from written communication by a foreigner. Grammar? 2nd languages? How are they able to tell who's who?
That one's easy. The foreigner will be the one writing perfect, correct english. Americans can't spell and have zero grasp of grammar and syntax. Also, they write "alot" a lot, annoyingly enough.
(Not american, and not a native english speaker. Flame on.)
This is exactly what I feared when I read that Microsoft bought Skype. It was an eye-widening moment and now my fears have proven true.
Anyone who isn't rushing to start running their own XMPP server and get all their friends and family moved over to it is insane.
...because once the meta data indicates a problem, you need to look/listen/read the real data, which you can then only do if you had prerecorded it. Therefore the NSA (and others) record EVERYTHING - including this silly post.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Would be interesting if other countries modify slightly their laws, putting into all the forbidding things (i.e. not kill, steal, rape, whatever) the "unless is done to an american" exception, so when its that case have no punishment. More or less this is what is doing US.
You are right, who knows how much Google Glass could eventually hurt our privacy if it ever get popular, better forget how Microsoft is widely doing it now.
Aside from the EFF and half the Slashdot population, nobody will do a damn thing.
sorry to tell you, but snowden did it.
look what he got.
You have to prove that they're doing it. And you can't do that because the information is classified.
Have to? Negative. We could call a vote of no confidence in congress. We could DEMAND all government actions be made public record. However, this would require us to be as American as our founders...
American? Negative. I am a meat popsicle.
Have to? Negative. We could call a vote of no confidence in congress. We could DEMAND all government actions be made public record. However, this would require us to be as American as our founders...
Hate to be your missing middle school Social Studies/Civics teacher, but there is no such thing as a "no confidence vote" in a congressional-type system. You are calling for something that exists in parliamentary systems, such as the UK, Canada, Australia, where a no confidence vote can "bring down the government". At least in theory.
Not in the USA. Even if the US Congress, especially the gerrymandered-for-permanence House, were not so bought off that your vote for Party A's vs Party B's candidate had any real meaning, you only get to make that choice every 2 years for the House and 6 for any given Senate seat. There are no do-overs, no recalls, for the US Congress. In practice, no impeachments of Representatives or Senators. Sanctions (e.g. Charlie Rangel) that mean nothing.
They can.
Because PRISM is classified, you cannot subpoena them to prove they did it.
I would rather someone try the motion that my constitutional rights trump state secrets, and allege that anything preventing me from litigating to protect them is itself unconstitutional.
I might even cite that the mere plausibility of such a hypothetical case is itself an unconstitutional chilling effect which would give me standing based on real damage caused by a hypothetical that cannot be disproven.
I would allege that the mere possibility is enough of a chilling effect on my free speech rights to let me argue that classifying the information in question is itself unconstitutional as impeding my right to petition the government to stop the bullshit.
Telstra is currently moving all their customers email hosting to Microsoft.
For our US "allies" - that's Australia's largest ISP.
Id rather have infinite fame like Joan of Ark, than infinite fame like Stalin/Hitler/PolPot.
When will the average guy/pleb have more guts and take down evil leaders when in the inside circles, humans either are too eager to be sheep, or too eager to be Kings. We need to grow up as a human race and take down evil, drown it at birth if need be.
Liberty freedom are no1, not dicks in suits.
One of the most horrific things that the Bush Administration did post 9/11 was declare that, in effect, you cease to be an American Citizen once you leave the confines of the USA.
If you would, please expand on that. I don't think that is correct, at least not at face value.
If I had nothing better to do with my time, I'd dig out exact details. Most of the readily-available discussion of this is found on left-leaning websites, and I don't like using biased sources. However, recent attempts to expand that declaration by the Obama administration make references to the original declaration which can be pursued by anyone who's interested.
Here are 2 of the more objective items I dredged up.
http://www.fas.org/sgp/crs/natsec/R42337.pdf
Salon, of course, is more sensationalist, but here's their take on it: http://www.salon.com/2011/12/16/three_myths_about_the_detention_bill/
But whether or not literally American law extends beyond the borders of the USA, there is no doubt that effectively it does so. You can see that in the influence that the USA has had on shaping foreign copyright laws, as a prime example.
Countries negotiate all sorts of treaties, defense, trade, human rights. I don't think there is much special about that.
In the case of making the world's copyright laws an extension of the constitution of the Kingdom of Disney, a lot of people have noted that Don Corleone could learn a thing or two about negotiation from the USA.
Then, of course, there's the matter that apparently a mere hint from certain quarters was capable of major interference with the free international travel of an elected head of state.