A strongly worded letter from Microsoft's general counsel to Attorney General Eric Holder says secrecy about National Security Agency surveillance is harming fundamental "constitutional principles." July 16, 2013 12:27 PM PDT Brad Smith, shown in this file photo, says Microsoft asked the Justice Department to let it divulge more information to clear its name -- but was rebuffed last week. (Credit: Getty Images) Microsoft today asked the Obama administration to allow it to reveal details how it responds to orders from the U.S. government for user account data. Brad Smith, Microsoft's general counsel, sent a strongly worded letter to Attorney General Eric Holder this afternoon saying there is "no longer a compelling government interest" in preventing companies "from sharing more information." That's especially true, the letter said, when this information is likely to help allay public concerns" about warrantless surveillance. The letter appears to be a response to a report last Thursday in the Guardian, based on internal National Security Agency documents provided by Edward Snowden, that said Skype calls and encrypted Outlook.com messages can be intercepted by the government. That's a change from 2008, when eBay owned Skype told CNET it "would not be able to comply" with a wiretapping court order. "The Constitution itself is suffering" from ongoing secrecy, Smith said, adding that "it will take the personal involvement of you or the president to set things right." Last week, Smith said, Microsoft requested permission to divulge more information in an effort to clear its name, but the Justice Department "rejected" the request. Microsoft said in a separate blog post by Smith today that: "We do not provide any government with the ability to break the [Outlook.com] encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency." Under U.S. law and similar laws in other countries, companies can be compelled to turn over confidential user data in some circumstances. In the United States, those demands arise through court orders that the FBI and other law enforcement agencies obtain for criminal investigations, and Foreign Intelligence Surveillance Act orders made through a separate process for terrorist and counterespionage investigations. (PRISM is a NSA software utility used to collate data gathered through FISA orders.) Microsoft's blog post also said, referring to Skype calls, that "we will not provide governments with direct or unfettered access to customer data or encryption keys." The company also said it responds only to orders for "specific accounts and identifiers," and never provides "blanket or indiscriminate access to Microsoft's customer data" -- a challenge to some claims of direct access to servers. It also said that changes it made to Skype in 2012 to shift to in-house hosting of supernodes, which may have allowed the service to become wiretap-compliant, were done for technical reasons, not to facilitate surveillance. CNET reported last Friday that the U.S. government has threatened Internet companies with installing surveillance devices on their networks if they do not help with surveillance requests. The article disclosed that Microsoft had created a wiretap compliance system to respond to legal orders for surveillance directed at Hotmail accounts -- a process that prevented government surveillance devices from being installed. The government has previously installed surveillance devices on networks owned by Verizon Business and Earthlink.
A strongly worded letter from Microsoft's general counsel to Attorney General Eric Holder says secrecy about National Security Agency surveillance is harming fundamental "constitutional principles."
Brad Smith, shown in this file photo, says Microsoft asked the Justice Department to let it divulge more information to clear its name -- but was rebuffed last week.
(Credit: Getty Images)
Microsoft today asked the Obama administration to allow it to reveal details how it responds to orders from the U.S. government for user account data.
Brad Smith, Microsoft's general counsel, sent a strongly worded letter to Attorney General Eric Holder this afternoon saying there is "no longer a compelling government interest" in preventing companies "from sharing more information." That's especially true, the letter said, when this information is likely to help allay public concerns" about warrantless surveillance.
The letter appears to be a response to a report last Thursday in the Guardian, based on internal National Security Agency documents provided by Edward Snowden, that said Skype calls and encrypted Outlook.com messages can be intercepted by the government. That's a change from 2008, when eBay owned Skype told CNET it "would not be able to comply" with a wiretapping court order.
"The Constitution itself is suffering" from ongoing secrecy, Smith said, adding that "it will take the personal involvement of you or the president to set things right." Last week, Smith said, Microsoft requested permission to divulge more information in an effort to clear its name, but the Justice Department "rejected" the request.
Microsoft said in a separate blog post by Smith today that: "We do not provide any government with the ability to break the [Outlook.com] encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency."
Under U.S. law and similar laws in other countries, companies can be compelled to turn over confidential user data in some circumstances. In the United States, those demands arise through court orders that the FBI and other law enforcement agencies obtain for criminal investigations, and Foreign Intelligence Surveillance Act orders made through a separate process for terrorist and counterespionage investigations. (PRISM is a NSA software utility used to collate data gathered through FISA orders.)
Microsoft's blog post also said, referring to Skype calls, that "we will not provide governments with direct or unfettered access to customer data or encryption keys." The company also said it responds only to orders for "specific accounts and identifiers," and never provides "blanket or indiscriminate access to Microsoft's customer data" -- a challenge to some claims of direct access to servers. It also said that changes it made to Skype in 2012 to shift to in-house hosting of supernodes, which may have allowed the service to become wiretap-compliant, were done for technical reasons, not to facilitate surveillance.
CNET reported last Friday that the U.S. government has threatened Internet companies with installing surveillance devices on their networks if they do not help with surveillance requests.
The article disclosed that Microsoft had created a wiretap compliance system to respond to legal orders for surveillance directed at Hotmail accounts -- a process that prevented government surveillance devices from being installed. The government has previously installed surveillance devices on networks owned by Verizon Business and Earthlink.
