Microsoft helped the NSA bypass encryption, new Snowden leak reveals

11 Jul, 2013 19:42 / Updated 11 years ago

Microsoft worked hand-in-hand with the United States government in order to allow federal investigators to bypass encryption mechanisms meant to protect the privacy of millions of users, Edward Snowden told The Guardian.

According to an article published on Thursday by the British newspaper, internal National Security Agency memos show that Microsoft actually helped the federal government find a way to decrypt messages sent over select platforms, including Outlook.com Web chat, Hotmail email service, and Skype.

The Guardian wrote that Snowden, the 30-year-old former systems administrator for NSA contractor Booz Allen Hamilton, provided the paper with files detailing a sophisticated relationship between America’s intelligence sector and Silicon Valley.

The documents, which are reportedly marked top-secret, come in the wake of other high-profile disclosures attributed to Snowden since he first started collaborating with the paper for articles published beginning June 6. The United States government has since indicted Snowden under the Espionage Act, and he has requested asylum from no fewer than 20 foreign nations.

Thursday’s article is authored by Glenn Greenwald and Laura Poitras, two journalists who interviewed Snowden at length before he publicly revealed himself to be the source of the NSA leaks. They are joined by co-authors Ewen MacAskill, Spencer Ackerman and Dominic Rushe, who wrote that the classified documents not only reveal the degree in which Microsoft worked with the feds, but also detail the PRISM internet surveillance program. The US government's relationships with tech companies are also included in the documents, according to the journalists.

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration,” the journalists wrote. “All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their cooperation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In the case of Microsoft, however, it appears as if the Bill Gates-founded tech company went out of its way to assist federal investigators.

Among the discoveries made by the latest Snowden leaks, Guardian journalists say that Microsoft specifically aided the NSA in circumventing encrypted chat messages sent over the Outlook.com portal before the product was even launched to the public.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's Outlook.com portal from the moment the company began testing the service in July last year,” they wrote. “Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats.”

According to internal documents cited by the journalists, Microsoft “developed a surveillance capability” that was launched “to deal" with the feds’ concerns that they’d be unable to wiretap encrypted communications conducted over the Web in real time.

"These solutions were successfully tested and went live 12 Dec 2012,” the memo claims, two months before the Outlook.com portal was officially launched.

In a tweet, Greenwald wrote that “the ‘document’ for the Microsoft story is an internal, ongoing NSA bulletin over 3 years,” and that The Guardian “quoted all relevant parts.” The document is not included in the article.

About primary docs: the "document" for the Microsoft story is an internal, ongoing NSA bulletin over 3 years - we quoted all relevant parts

— Glenn Greenwald (@ggreenwald) July 11, 2013

The Guardian revealed that Microsoft worked with intelligence agencies in order to let administrators of the PRISM data collection program easily access user intelligence submitted through its cloud storage service SkyDrive, as well as Skype.

Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio,” the journalists wrote.

That allegation comes in stark contrast to claims made previously by Skype, in which it swore to protect the privacy of its users. RT reported previously that earlier documentation supplied by Snowden showed that the government possesses the ability to listen in or watch Skype chats “when one end of the call is a conventional telephone and for any combination of 'audio, video, chat and file transfers' when Skype users connect by computer alone.”

RT earlier acknowledged that Microsoft obtained a patent last summer that provides for “legal intercept” technology. The technology allows agents to “silently copy communication transmitted via the communication session” without asking for user authorization. In recent weeks, however, Microsoft has attacked the government over its secretive spy powers and even asked the Foreign Intelligence Surveillance Court if it could be more transparent in discussing the details of FISA requests compiling tech companies for data.

"We continue to believe that what we are permitted to publish continues to fall short of what is needed to help the community understand and debate these issues,” Microsoft Vice President John Frank wrote last month.

In the past, Skype made affirmative promises to users about their inability to perform wiretaps," Chris Soghoian of the American Civil Liberties Union told The Guardian. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."

Earlier this week, Yahoo requested that the FISA court unseal documents from its own FISA battle. The court ruling in 2008 compelled Yahoo - and later other Silicon Valley entities - to supply the government with user data without requiring a warrant.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51 percent belief that the target is not a US citizen and is not on US soil at the time,”The Guardian reporters wrote. “Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.”

During a March press conference, FBI general counsel Andrew Weissman said that federal investigators plan on being able to wiretap any real-time Internet conversation by the end of 2014.

You do have laws that say you need to keep things for a certain amount of time, but in the cyber realm you can have companies that keep things for five minutes,” he said. “You can imagine totally legitimate reasons for that, but you can also imagine how enticing that ability is for people who are up to no good because the evidence comes and it goes.”

Former CIA officer Ray McGovern expanded further on the subject to RT, remembering the Bush presidency and how unsurprising it is that this sort of breach of rights continues to exist.

“If you look at what happened when Bush, Cheney and General Hayden – who was head of the NSA at the time – deliberately violated the law to eavesdrop on Americans without a warrant, did the telecommunications companies cooperate? Verizon, AT&T…All the giants did…the one that didn’t was Quest. And what happened to Quest? Well, the CEO ended up in jail – and he still might be in jail – on some unrelated charges.”

Later the Congress voted to hold everyone in an innocent light, including the companies who were complicit in the spying. So there is absolutely no disincentive not to engage in violating people’s rights, McGovern warns.