MS Handed NSA Access To Encrypted Chat & Email

kaptink writes with the latest revelation from Edward Snowden: "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal. The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail. The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide. Microsoft also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in Outlook.com that allows users to create email aliases. Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio. Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport.'"

Xbox One

[ArsonSmith]

All this and now they want to put an always (or nearly) on mic and camera in my home?

Re:Xbox One

[Waffle+Iron]

All this and now they want to put an always (or nearly) on mic and camera in my home?

Not to worry. The NSA puts careful safeguards on the data: For all persons known to be US citizens, a software filter converts their in-home images into stick figures before saving.

Let's look in the mirror

At what point do we call it a corporate-fascist police state?

Re:Let's look in the mirror

[SecurityTheatre]

More accurately, 11 years 303 days 8 hours and 38 minutes ago.

Re:Let's look in the mirror

[stewsters]

Feingold for president. http://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=107&session=1&vote=00313

Re:Let's look in the mirror

[phantomfive]

Obama has a lot to do with this. When he came to office, he and his team reviewed it and approved everything that is happening now. That's what he said. Before he came to office, he went out of his way to give telecom companies immunity to this kind of thing. He didn't have to vote for it, but he did.

So yeah, Obama deserves blame as much as anybody. Let's be honest, it's not something Bush decided to do; the NSA came to him and said, "hey, this is a great idea." They would have done the same thing to Obama, and he would have approved it, too.

Re:Let's look in the mirror

[Archangel+Michael]

Obama's culpability isn't in starting it. His is distinct, in that he campaigned against these kinds of things, and has done the exact opposite, expanded each and every one of GWB's programs. If you thought GWB was evil, then what are you thinking about Obama?

And please, do not justify bad behavior by pointing to other bad behavior. Do not even distract from what is going on by saying "it isn't Obama's fault", when he's had five years to end this and he has only expanded it. It is just as much Obama's fault as it is GWB, Clinton, GHWB, Reagan, Carter, Ford, Nixon, Johnson, Kennedy ....

EACH has built on the previous, without exception. -- why I am a Libertarian

Re:Let's look in the mirror

[cold+fjord]

I think Barbara Lee would be an interesting candidate for the Democrats. Of course she will need a running mate. I think one of the "Pauls" might make an interesting choice. I had long thought a R (Paul (P) /Paul (VP) ) ticket would blend the mutual gravitas and seriousness of the ticket and make it approachable by more voters. With Ron getting too old to run that frees someone to run with Barbara. There might be someone better, but it would be an interesting choice.

Public Service Announcement

[Anachragnome]

http://cryptome.org/2012/07/gent-forum-spies.htm

Hilarious considering the Microsoft marketing

[hsmith]

campaign against Google, attacking Google for "reading your email" for putting ads on the screen.

http://www.theverge.com/2013/2/7/3962794/microsoft-revives-anti-google-scroogled-campaign-to-attack-gmail

Re:Hilarious considering the Microsoft marketing

[mtrachtenberg]

Microsoft: (Violating) your privacy is our priority(, because who doesn't love a police state).

Re:Hilarious considering the Microsoft marketing

[mtrachtenberg]

One of the things that has bugged (oops) me about the NSA news is the assumption that non-US citizens aren't entitled to privacy. Here the NSA doesn't even need a warrant if it guesses (50%+1) that one of the people communicating is non-US. Why any foreign company would want to use a product from a company that can be forced to feed all info to the NSA is beyond my ability to understand but, then again, those paying for the privilege of using Microsoft products have always been a mystery to me.

Re:Hilarious considering the Microsoft marketing

[Artraze]

Yeah, but Google it reading your email to sell you stuff. That's evil.

Microsoft is reading your email to potentially arrest you; but innocent people, of course, have nothing to worry about. That's noble.

So the only hilarity here is how much better MS is at looking out for their users!

Re:Hilarious considering the Microsoft marketing

[Znork]

The NSA doesn't need any warrant at all if GCHQ does the work. Which it does. So don't worry, US citizens aren't entitled to privacy either.

Re:Hilarious considering the Microsoft marketing

[Dodgy+G33za]

But it is not just Microsoft. It is amazon cloud services. It is Google. It is any web based service that has servers in the US. It is any telco any where in the world that has a US telco as a partner.

What has surprised me is that no-one is talking of the harm this is (or should be) doing to US web brands. Especially in Europe given their privacy laws.

I have stopped using Google for search, and am looking for a non-US hosting provider for my web site. Not because I have anything to hide, but because if more people did this the corporations that are co-operating with the NSA, and the shareholders that own then, might then develop some balls.

I, for one,

[mandark1967]

welcome our email and chat reading overlords and I dare them to decrypt my ROT13 encoded emails...suckers.

If it's good enough for SCO, it's good to go.

Worth a look

[Rougement]

I've been following these revelations pretty closely but I didn't come across this until now, well worth a look: http://www.youtube.com/watch?v=d6m1XbWOfVk (Interview with Russell Tice, another NSA whistleblower)

Re:Worth a look

[Rougement]

True. They (Tice suggests top NSA and the office of the then-VP Cheney) didn't bank on all of this getting out though. It's easy to threaten one person with blackmail but if enough of those in power stand up to the NSA, then what? There would be one hell of a lot of sudden "anonymous leaks" to the papers. Who knows how deep that rabbit hole would go? Blackmail certainly does tally with Obama's actions thus far, not to mention his complete 180 degree turn on these issues shortly after being sworn in.

This is going to lead to serious Lawsuits!!!

[dryriver]

MS Outlook/Hotmail/Skype has tens of millions of users in 190+ countries around the world. If MS handed ALL OF THAT PRIVATE INFO to the NSA while pretending NOT TO DO PRECISELY THAT, this is the beginning of the end for MS in this market segment. I've had a Hotmail account for over a decade, and I'm seriously pissed that MS made my private emails accessible to the NSA. ---- I hope that Microsoft gets fucked forwards, backwards and sideways for doing this by its loyal customers. I sure as hell won't be using Hotmail/Outlook for anything confidential anymore. ---- To Microsoft's executives: You are a bunch of reckless, lying, cheating, incompetent assworms pretending to be human beings. I hope you lying, backstabbing fucksticks get 20+ year jail sentences for what you have done to innocent users of your email products.

Re:This is going to lead to serious Lawsuits!!!

[gl4ss]

Except once the floodgates are opened the government will grant them retroactive immunity.

Law? What law?

well.. thing is.. american government can't grant them immunity for breaking the law abroad. or they can, but the other governments aren't likely to accept that - and since MS unlike NSA operatives has to keep operating(to generate profit) abroad.

think about it, would american government accept that snowden has immunity because hong kong would say so? fuck no. so why should it go the other way when the culprit is MS?

Re:This is going to lead to serious Lawsuits!!!

[deanklear]

Why? How many people do you think are going to care enough to switch to another chat client? Chances are if they're using Skype in the first place, they don't care about that kind of thing.

Once there is solid evidence that the NSA has worked with US Government agencies to install and exploit backdoors, and this looks like pretty good evidence, there is no direction but down. It's common knowledge that the NSA is very open and communicative with the corporate sector.

If you're a foreign corporation out of Taiwan or Brazil or Wherever, passing even day-to-day information using Microsoft products becomes risky. How can you be sure that your data isn't getting dumped into some NSA system and then made available to co-conspirators?

The NSA isn't getting this access for free. If they're coercing corporations like Yahoo to comply with broad destruction of civil liberties, some of those corporations have sold out and traded for the stolen R&D of other companies, or huge tax breaks. That's where the real story is, and one we probably won't ever get to read.

In any case, if you're a foreign corporation or government, using ANY Microsoft product just become a giant liability. Given that was already practically the case after Stuxnet, but now you'd have to be a complete fool to trust Microsoft with any of your data and expect it to remain private.

Re:Tired

[PhxBlue]

I'm getting a bit tired of news like this.

That's the danger in fighting a bureaucracy that's overstepped its bounds: Bureaucracies don't get tired. Outraged private citizens do.

Makes one wonder..

[DigitAl56K]

.. if Microsoft bought Skype in order to provide access, and if any $ changed hands.

Re:Makes one wonder..

[icebike]

Why do you think eBay bought them? It helped connect Skype and PayPal accounts together. There is really no other logical reason why an auction / wire transfer service would be interested in video chat.

Wait, what? You believe that?
I've never known skype or video chat to be useful or used at all with ebay shoppers.

The price eBay payed was so astronomical that it could only have been with back-door funding from the Government.

The point was to get Skype out of Estonian hands because there was no reliable way for the NSA to tap into it. Even if they managed to break the encryption they couldn't handle the peer-to-peer routing. It was something they had to either shut down, or buy up.

Ebay turned out to be an incompetent partner, so the government stepped up to the only company that was interested, and I suspect they paid for the Microsoft purchase from ebay, and paid for asure in the process.

Re:Burying the lede

Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.

... only once the target has been confidently identified as an American, and if they're communicating with someone who has not been confidently identified as an American the communications are presumably still available. Snowden described "the widest possible aperture".

Re:Privacy as a sport

[spire3661]

Companies cant design truly secure communications because government thinks that should not be legal. This is a fundamental problem.

Re:Tired

[spire3661]

WE have known this for a long time, the average citizen has not.

Re:Burying the lede

[0111+1110]

Targeting US citizens does require an individual warrant,

They don't have to target anyone because they simply record all communications. Thus neatly bypassing the need for warrants etc. The NSA has been caught lying about this stuff already. I see no reason to believe their denials now.

What's that painful cramp between your ears?

[davide+marney]

The vendors say they obey the law, respond only to direct requests for information, review those carefully, and then decided what data to release.

But how is that possible if the data is being hoovered? Would the "direct request" be something on the order of, "gives me all your data -- all of it, on everyone", in which case, that thoughtful review and careful decision is a MEANINGLESS exercise.

When the state has ultimate power, it drains the normal meanings of words. Even saying something like, "we are a nation of laws, not men" is meaningless in the face of such categorical activity. When the government is that intrusive, what's legal is whatever it wants it to be.

That's the problem. If I were a plucky startup, I would be busy getting together a technical response to this. Clearly, everyone needs to be able to encrypt everything BEFORE it gets into the hands of any information provider.

Re:Privacy as a sport

[Rougement]

What utter horseshit. M$ and others are private companies, trusted by the public with their personal data. If the NSA or other government agency has a specific need to look at a communication, they are supposed to go to a judge, obtain a warrant, and go to M$ with that authority. That is NOT what has been happening. It's unconstitutional, immoral, and unethical.

not me

[batistuta]

With all respect, I don't want to stop hearing these news. Because I want *confirmation* of every single thing that the US has done against people's freedom. I don't want to be considered a tinfoil hat paranoid anymore. I want proof, so no one can neglect later, about how fascist he US has become. And just because it was suspected, it doesn't mean that it is ok and we can just keep going with our lives as if nothing had happened. I want to see people resign, and I want to see people get spit at publicly, and ideally --even if it's never gonna happen-- I'd like to see people going to jail not only for having violated the most basic human rights, but for trying to brainwash the uneducated into believing that this is the correct approach to protect US's national security.

Re:Burying the lede

[amicusNYCL]

Targeting US citizens does require an individual warrant

Right, and how do they determine if the person is a US citizen or not? They have a program (Prism) to analyze various things they know about that person, and if the person is 51% or more likely to be foreign, then they tap them. So it's like a coin toss, plus 1%. This is according to James Clapper. From here:

The government knows that it regularly obtains Americans’ protected communications. The Washington Post reported that Prism is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” By turning a blind eye to the fact that 49-plus percent of the communications might be purely among Americans, the N.S.A. has intentionally acquired information it is not allowed to have, even under the terrifyingly broad auspices of the FISA Amendments Act.

Scroogled again!

[stewsters]

At least I didn't get Scroogled. Oh wait. That's exactly what happened.

Re:Burying the lede

[icebike]

Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.

I notice you carefully decided not to quote the first sentence of that paragraph:

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time.

Why did you leave that out?

51% Believe? How the hell do you measure that?
The way I read it is any half assed idle speculation is sufficient to avoid even asking for a warrant at any time.

Is there anyone left on planet earth who still believes the Meta Data Only nonsense?

Did the NSA buy Skype for Microsoft? Did the NSA demand the routing of all conversations through Microsoft's own servers, instead
of the distributed nodes used in the original Skype design?
Where is Microsoft actually hosting their Skype servers? Are they using "overseas" Asure data centers so that the 51% can be met?

Terms of Service

[hort_wort]

Interpreting the lawyer-fied terms of service reveals that Microsoft has been hinting at this kind of thing for a while. That's fun. http://tosdr.org/#microsoft

Re:Burying the lede

[Mitreya]

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time.

51% Believe? How the hell do you measure that?

I think we all know the answer to that question.
The absence of information is interpreted against you (unknowns are assumed to be outside of US by default). So unless you find NSA's complaint department and come in there with a proof that you are, in fact, in US, they can assume you are not.

Re:Burying the lede

[Synerg1y]

Written communication by an American cannot possibly be distinguished from written communication by a foreigner. Grammar? 2nd languages? How are they able to tell who's who?

If they accidentally targeted even one American, they've just breached the constitution and are in violation of US laws that came before their grandfathers making them criminals. Why has nobody in the government been arrested over this?

Because they think they can get away with anything. Scary stuff.

Re:Burying the lede

[Synerg1y]

By recording the communications without a warrant they are targeting everyone without a warrant. How about passing a law that states you go to jail for violating the constitution and then hitting the NSA with 313 million counts of it?

In the name of terrorism however, this will never happen.

Bing'd: New term for the American lexicon!

[guitardood]

Bing'd: getting caught by law enforcement thanks to the ever helpful and ever present folks of the SS.....I mean MS.

(i.e. My neighbor got bing'd for skyping to a friend that he was he was still watering his lawn despite the water ration.)

Re:Privacy as a sport

[0111+1110]

That isn't what the article is about. It is about Microsoft intentionally using a crippled encryption system to encourage a false sense of security and about some further specifics about Microsoft's cooperation with the PRISM blanket surveillance system. Basically more details about how Microsoft completely fucks over their customers and essentially acts as a branch of the NSA.

Re:Privacy as a sport

[gl4ss]

I would view this action from them as illegal anyways.

It doesn't matter if the server is in USA or where.. MS is here, in Finland, selling and marketing this service to me. so they should adhere to our laws about our data. They don't(shouldn't) get out of the data protection and privacy responsibilities by outsourcing some of their work to USA - and if they do that is a dangerous precedent because then you could just dump all our laws about it while they go and put a proxy in some Zimbanaomiland - on principal level that's what they're doing.

Re:Burying the lede

[FriendlyLurker]

The government knows that it regularly obtains Americans’ protected communications. The Washington Post reported that Prism is designed to produce at least 51 percent confidence in a target’s “foreignness” — as John Oliver of “The Daily Show” put it, “a coin flip plus 1 percent.” By turning a blind eye to the fact that 49-plus percent of the communications might be purely among Americans, the N.S.A. has intentionally acquired information it is not allowed to have, even under the terrifyingly broad auspices of the FISA Amendments Act.

"Tap them", indeed, and then some. This latest round of revelations by the whistlblower Snowden details how Microsofts cloud service SkyDrive pipes directly into Prism. Skydrive has a nasty little feature, turned on by default (and turned on again on any upgrade if you decided to turn it off) that allows remote access to all the contents of all hard drives connected to your computer. Yes, thats right, everything *outside* your Skydrive folder. If your a non US citizen then your hard drive is now potentially imaged by prism, if your a US citizen living in the US you have a coin toss +1% chance of the same. Even if it is turned off how can you know they cant remotely image your computer - you cant, because Microsoft (and google, and yahoo...) just a few weeks ago all assured us they only reluctantly respond to court orders. Snowden has blown the whistle on them there lies, at least in Micrisifts case. Interesting to see if Google did backflips like MS has to give all the three letter agencies direct access to our private data.

The American Public: Snowden is not a traitor

[Charliemopps]

Since slashdot refuses to accept my submission on this, or anything else relating to this guy, I'll just leave this here:
The American Public: Edward Snowden is not a traitor

A new poll released Wednesday by Qunnipiac University finds that the vast majority of Americans thing that Edward Snowden is a whistle-blower, not a traitor. A mere 34% think he is a traitor 45% percent think the government’s anti-terrorism efforts go too far restricting civil liberties, a reversal from a January 10, 2010, survey.

"The fact that there is little difference now along party lines about the overall anti- terrorism effort and civil liberties and about Snowden is in itself unusual in a country sharply divided along political lines about almost everything. Moreover, the verdict that Snowden is not a traitor goes against almost the unified view of the nation's political establishment." — Peter Brown, assistant director of the Quinnipiac University Polling Institute.

http://www.quinnipiac.edu/institutes-and-centers/polling-institute/national/release-detail?ReleaseID=1919

Re:The American Public: Snowden is not a traitor

[cffrost]

Thanks for the link. I think the following article is also worth bringing to Slashdot's attention:

"Snowden: I never gave any information to Chinese or Russian governments" [2013-07-10]

It seems The New York Times is participating in the US federal government's anti-whistleblower smear campaign by publishing such unsubstantiated bullshit.

Re:Burying the lede

[Archangel+Michael]

In the modern world, "secure in their papers" doesn't mean anything, almost all communication is not via "papers", but rather are digital substitutes (sic) for paper. We are no longer secure in our papers, when we cannot trust that our effects are ours, if we happen to store them in an online vault.

What is worse, is that while we are unable to keep secrets from government, government feels perfectly fine trying to keep secrets from "we the people" that supposedly form it.

Re:Burying the lede

[paavo512]

What's this obsession with American citizens? Someone talked a lot about morale recently here, does the morality suddenly lose its meaning when applied to somebody else than Americans?

Re:Burying the lede

[Synerg1y]

The bottom line is they've still collected information on US citizens that they can't constitutionally posses without a warrant. Whatever their intent is is irrelevant as they cannot constitutionally have the information in the first place.

Re:Burying the lede

I doubt that they have breached the Constitution since it is bigger than you probably think

You doubt that they have breached the constitution because you are a pro-government stooge. You're literally just an object to be ridiculed here. You might as well go somewhere where people are on the fence about issues such as these and try to brainwash them, because most people on Slashdot likely think you're just a joke.

otherwise they wouldn't bother going to the courts, and ignore the FISA courts orders.

They don't even need to ignore the FISA court orders; the court will give them practically anything they want, and have rubberstamped sweeping warrants in the past.

Evidence confirms NSA tapping fiberoptic cables

[Charliemopps]

Since everyone like that one, here's another for you:

New evidence released by the Washington Post confirms that the NSA is tapping major fiberoptic cables as well as has direct access to the internal servers of Google, Apple, etc... despite their claim to the contrary. It seems that room 641A http://en.wikipedia.org/wiki/Room_641A is not just a conspiracy theory after all...

http://www.washingtonpost.com/business/economy/the-nsa-slide-you-havent-seen/2013/07/10/32801426-e8e6-11e2-aa9f-c03a72e2d342_story.html

Time to ditch Skype

[FuzzNugget]

This is exactly what I feared when I read that Microsoft bought Skype. It was an eye-widening moment and now my fears have proven true.

Anyone who isn't rushing to start running their own XMPP server and get all their friends and family moved over to it is insane.

And nobody will care.

[OldSport]

Aside from the EFF and half the Slashdot population, nobody will do a damn thing.

No confidence vote? Wrong system

[xenoc_1]

Have to? Negative. We could call a vote of no confidence in congress. We could DEMAND all government actions be made public record. However, this would require us to be as American as our founders...

Hate to be your missing middle school Social Studies/Civics teacher, but there is no such thing as a "no confidence vote" in a congressional-type system. You are calling for something that exists in parliamentary systems, such as the UK, Canada, Australia, where a no confidence vote can "bring down the government". At least in theory.

Not in the USA. Even if the US Congress, especially the gerrymandered-for-permanence House, were not so bought off that your vote for Party A's vs Party B's candidate had any real meaning, you only get to make that choice every 2 years for the House and 6 for any given Senate seat. There are no do-overs, no recalls, for the US Congress. In practice, no impeachments of Representatives or Senators. Sanctions (e.g. Charlie Rangel) that mean nothing.

BigPond/Telstra and NSA

[Demonoid-Penguin]

Telstra is currently moving all their customers email hosting to Microsoft.

For our US "allies" - that's Australia's largest ISP.