Slashdot Mirror
Microsoft Petitions US Attorney General For Permission To Disclose Data Requests
MojoKid writes "Microsoft is smarting in the wake of the Guardian's discussion of how chummy it's gotten with the NSA over the past few years, and the company wants permission to clarify its relationship with the federal government. To that end, the company has sent a follow-up letter (PDF) to the Attorney General's office, asking it to please address the petition it filed in court back on June 19. Redmond is undoubtedly cringing at the accolades being heaped on Yahoo and its repeated court battles on behalf of its users, and wants an opportunity to clear the air. But Microsoft has gone farther than simply asking the government to hurry up and rule on its petition — it has also issued a series of clarifying remarks regarding its relationship with the NSA. Microsoft refutes some of the Guardian's claims strongly. It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."
So Google can turn my data over to the NSA, I don't like Microsoft!
* Carthago Delenda Est *
Who needs encryption keys or back doors if Redmont is handing over (and not patching) Zero Day Exploits?
"It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."
What about when the govt. agencies get those "legal papers" that compel MS to provide access to data on Outlook, Skydrive, etc? Do they provide encryption keys then? What about SSL certs? Do they send them over to the NSA after they expire?
And this should not be only about MS. Any company should answer these questions. I really hope this shitstorm will kill stupid usage of "the cloud" but I doubt it. People are dumb, education budgets diminish every year so there is no changing that fact.
I guess my point is that if you need to have sensitive data in "the cloud" roll your own already. The software to do that is already available and free (gratis and libre).
Yep, same here. And them there's weasel words from the clever lawyer at Microsoft anyway.
Notice how they keep using the phrase 'We do not provide any government...'? That's 'cause the NSA uses private contractors - like Snowden - to do the dirty work. There's lots more evasive lawyer-speak there too.
I'd trust them about as far as I could throw Ballmer. And I'm a 95 pound weakling...
Time to reexamine this:
http://www.h-online.com/security/news/item/Skype-with-care-Microsoft-is-reading-everything-you-write-1862870.html
"associates in Germany at heise Security have now discovered that the Microsoft...Shortly after sending HTTPS URLs over the [skype] instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond."
Microsoft claimed it was for malware checking, but it was noticeable it targeted Germany, I did a test on my skype (to UK) and received no visit. That could be the Prism interface Microsoft installed.
The rest of the claim is simply misleading, Guardian leaks show they worked around encryption by letting NSA grab the data before it was encrypted, and that they set up a team to help NSA with further surveillance problems, neither of these claims Microsoft has disputed.
"legal process" is meaningless. That program is clearly a violation of the 4th and thus illegal.
In fact, handing over data after a court battle is much, much better than doing it before. That's called due process, it's how things are supposed to work and it is a significant improvement over handing over the data just because the feds asked nicely. Now when you talking about "secret courts", that's when things get ugly again.
All these companies are feigning outrage over these "requests" they get, when in reality I doubt the requests are ever used except in cases where the government needs evidence in court. The REAL data collection is done without Microsoft/Googles direct knowledge. The NSA surely has agents working on staff at every major tech company in the world with the sole goal of installing as many NSA backdoors as possible. The idea that the NSA has no respect what-so-ever of the American peoples privacy but at the same time wouldn't just take the same sort of data from a corporation is idiotic.
How is that going to help? The NSA and US government can get any data they want from any US-based email provider, Gmail, Outlook.com, or Yahoo. The only way you'll be really safe is to run your own mail server in a foreign country, but switching from one US-based provider to another US-based provider isn't going to make a bit of difference.
Notice how they keep using the phrase 'We do not provide any government...'? That's 'cause the NSA uses private contractors - like Snowden - to do the dirty work. There's lots more evasive lawyer-speak there too.
Your right there, if you actually read the "series of clarifying remarks" - it is all lawyer weasel words aimed to try and persuade those that are left to listen, "there is nothing to see here, we comply with the law". Seriously - trust, once lost, is going to seriously hard to earn back for all these tech companies in bed with the Military Industrial Complex. We may not be able to do much immediately to rein in an out of control surveillance state run by the private and unaccountable MIC, but we sure as hell can vote with our feet by abandoning these big tech companies services, and encouraging those less informed about this whole debacle that they should too.
Now, just have to encourage in every way possible the development of easy to use default on encryption solutions for email (like OTR provides for chat). Also why the hell isnt slashdot offering https yet - apathy helps the sorry state of affairs continue...
Why the encryption process employed is susceptible to third party decryption in the first place. To avoid this from happening, the design needs to be end-to-end with the users holding the keys.
Select from tblFriends where interesting >= 4;
The problem with secret courts, secret executive orders and undisclosed legal reasoning is that even if Microsoft released some information as "transparency", can you really trust that they aren't holding something back or outright lying due to some other even more secret court order?
They were completely denying and fudging the question about Skype eavesdropping right up until the Snowden leaks. Then they did a complete 180 turn.So clearly they have no problem with obfuscating the discussion, why should we trust that any new information they provide is the whole truth and not some weasel legal loophole way of interpreting the facts? Kind of like how James Clapper weaseled and outright lied through his testimony to Congress. If these people are willing to lie to Congressmen and Senators, who the fuck are you?
I reckon Pandora's Box has been open and American technology companies will face an uphill, if not impossible, task to get anyone from the rest of the world to trust them again.
Microsoft refutes some of the Guardian's claims strongly. It insists it does not provide encryption keys or access to Outlook's encryption mechanisms, and that the government must petition MS to provide information via the legal process."
As a non-American, why should I give a fuck ? The NSA can simply demand access to my data in secret, legally, and also demand - again legally - that Microsoft not breathe a word about it to me, without any judicial oversight whatsoever. As far as I am concerned, no U.S. tech company (or any company that stores any of my data within U.S. jurisdiction) can be trusted, and I will vote with my wallet accordingly.
I'm glad you think non-US companies can be trusted.
What color is the sky on your planet?
It's simple. They don't have to turn over encryption keys to the NSA because that's where they got them in the first place.
When our name is on the back of your car, we're behind you all the way!