PDA

View Full Version : Microsoft works with the NSA in spying on you



Aragorn
16th August 2016, 06:35
Note: This article already dates back to 2013, but most non-tech people may have missed it when it first appeared. The matter came to my attention again due to a reference to it on Slashdot (https://ask.slashdot.org/story/16/08/15/0331239/ask-slashdot-are-there-secure-alternatives-to-skype) — be sure to also check out the TechDirt article (https://www.techdirt.com/articles/20130614/02110223467/microsoft-said-to-give-zero-day-exploits-to-us-government-before-it-patches-them.shtml), which I had already posted the link to on the forum earlier (http://jandeane81.com/threads/7694-WTF!!!-Torrent-Trackers-Ban-Windows-10-Over-Privacy-Concerns?p=841935558&viewfull=1#post841935558).

Anyway, given that this is an article from 2013, any relative indications of time — e.g. "this year", "last month", et al — as they appear in the article by The Guardian (https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data) as pasted here-below, are to be seen within that context. ;)





http://nnieuws.be/sites/default/files/hoofdafbeeldingen/microsoft-software-1024x661_1.jpg


Source: The Guardian (https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data)



" Secret files show scale of Silicon Valley co-operation on Prism (http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data)
Outlook.com encryption unlocked even before official launch
Skype worked to enable Prism collection of video calls
Company says it is legally compelled to comply



http://www.mactrast.com/wp-content/uploads/2013/07/Skype-logo-008.jpg
Skype worked with intelligence agencies to allow Prism to collect video and audio conversations.


Microsoft (https://www.theguardian.com/technology/microsoft) has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program (https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data), which was disclosed by the Guardian and the Washington Post last month.

The documents show that:


Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;


The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;


The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;


Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;


In July last year, nine months after Microsoft bought Skype (https://www.theguardian.com/technology/skype), the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;


Material collected through Prism is routinely shared with the FBI and CIA (https://www.theguardian.com/us-news/cia), with one NSA document describing the program as a "team sport".

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration (https://www.theguardian.com/us-news/obama-administration). All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In a statement, Microsoft said: "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".

In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant (https://www.theguardian.com/world/2013/jun/20/fisa-court-nsa-without-warrant) if the target is a foreign national located overseas.

Since Prism's existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.

Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."

Similarly, Skype's privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.

The latest documents come from the NSA's Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."

Microsoft's co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley (https://www.theguardian.com/technology/silicon-valley) on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.

The document describes how this access "means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about".

The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes."

The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says.

Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."

ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that "enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism".

The document continues: "The FBI and CIA then can request a copy of Prism collection of any selector…" As a result, the author notes: "these two activities underscore the point that Prism is a team sport!"

In its statement to the Guardian, Microsoft said:


"We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.

Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues."

In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:


"The articles describe court-ordered surveillance – and a US company's efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy."

They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."



This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prism collection on or around July 2012."


Source: The Guardian (https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data)

Gale Frierson
16th August 2016, 22:04
And of course, guess who's at the helm of the major corporation named here? One of the world's wealthiest people. Isn't that interesting. A seemingly complete lack of conscience about taking care of the humans who make it so profitable. The Biblical reference would call it "robbing Peter to pay Paul". An attempt to put political terminology into a legal framework. BIG FAIL!

Aragorn
17th August 2016, 06:39
And of course, guess who's at the helm of the major corporation named here? One of the world's wealthiest people. Isn't that interesting

I'm afraid I'm going to have to correct you there, Gale. ;) Bill Gates was one of the two founders of Microsoft — the other one being Paul Allen (https://en.wikipedia.org/wiki/Paul_Allen), who resigned from Microsoft because of health concerns in 1983, but who started a patent trolling firm a couple of years ago — and Gates may still be the company's biggest shareholder, but he had already stepped back as its CEO in 2000, handing that role over to Steve Ballmer (https://en.wikipedia.org/wiki/Steve_Ballmer). Unlike Gates and Allen however, Ballmer's roots did not lie in the IT sector.

Gates stayed on as Chief Software Architect until 2008, although he had already announced his retirement in 2006. He also remained chairman of the board of directors until 2014, when he was succeeded by John W. Thompson (https://en.wikipedia.org/wiki/John_W._Thompson) — Gates himself is still a member of the board of directors, though. Since Steve Ballmer's retirement in 2014, Microsoft is now being led on a daily basis by the slightly more liberal Satya Nadella (https://en.wikipedia.org/wiki/Satya_Nadella).


A seemingly complete lack of conscience about taking care of the humans who make it so profitable. The Biblical reference would call it "robbing Peter to pay Paul". An attempt to put political terminology into a legal framework. BIG FAIL!

Well, as for Microsoft's profitability, this is mainly due to the following...


Microsoft sells more OEM releases of Windows — i.e. Windows licenses which come bundled together with and pre-installed on a computer — than that they would be selling full licenses. (Note: One does not buy or ever own Windows. One buys and owns a license to use it, and on Microsoft's terms. One is not allowed to make any copies — let alone distribute these copies — nor is one allowed to study or modify the code, even if doing so would make it function better.)


Microsoft makes more money out of their (acquired) patent portfolio, their business support contracts and their bulk OEM licensing than they do out of plain consumer sales. For that purpose, Microsoft also partners up with hardware vendors and maintains an active political lobby to ensure that their software will be used in governments and businesses. They also behave anticompetitively through boycotts, cartels, bribes, and even sabotage. At one point in the past — most notably during the lifetime of Windows 3.0/3.1/3.11, which ran on top of DOS — they had a mechanism built into Windows which would check the underlying DOS version, and if it was a DOS version from Microsoft's competitor Digital Research, then Windows would start an internal timer with a randomly chosen timeout value, and upon expiry of that timeout, Windows would (deliberately) crash. (Digital Research discovered this sabotage and would from then on have their own DR DOS report its internal version to Windows as "Microsoft MS-DOS version 3.30". Microsoft in turn countered that strategy by making their next release of Windows — i.e. Windows 95 — inseparable from its built-in and underlying DOS version.)


Microsoft's software is considered production-ready when other software developers would still consider their software to be in the beta stage. The common order of software development would and should normally be "alpha" (rough design), followed by a couple of "beta" test versions, and then several "release candidates" (stabilization versions without new features added), all before the software is finally declared stable and ready for production use. Microsoft speeds up that process by skipping a few steps. Their software is marketed as production-ready not when it actually is production-ready, but rather by a certain calendar date. Their philosophy is to fix the bugs later, via the monthly updates on Patch Tuesday (https://en.wikipedia.org/wiki/Patch_Tuesday). There are also certain bugs and security holes in Microsoft's software that Microsoft is perfectly aware of, but which they won't fix unless it becomes an actual problem. So, rather than design, say, Microsoft Windows as a secure operating system, Microsoft relies on "security by obscurity".


Microsoft also operates on the basis of an 80% profit margin, and they will rather lay off personnel than cut in their profits.


What's also important to mention is that the vast majority of the software currently marketed by Microsoft was never actually developed by them, but rather acquired elsewhere — whether legally or illegally — and then rebranded. As an example, let's look at MS-DOS (https://en.wikipedia.org/wiki/MS-DOS).

MS-DOS was initially called 86-DOS (https://en.wikipedia.org/wiki/86-DOS) and was developed by Tim Paterson (https://en.wikipedia.org/wiki/Tim_Paterson) at Seattle Computer, as an unauthorized and simplified 16-bit rewrite of Gary Kildall (https://en.wikipedia.org/wiki/Gary_Kildall)'s 8-bit CP/M (https://en.wikipedia.org/wiki/CP/M) operating system. Given that Paterson had developed 86-DOS — which he himself initially dubbed QDOS ("quick & dirty operating system") — based upon CP/M but without Kildall's consent, he had no commercial use for it.

Around the same time — we're talking the early 1980s here — IBM was developing the very first version of what would later on become the IBM Personal Computer (https://en.wikipedia.org/wiki/IBM_Personal_Computer), which was powered by Intel's 8088 processor (https://en.wikipedia.org/wiki/Intel_8088). IBM needed an operating system for the new machine, and they approached Gary Kildall for a licensing deal with regard to CP/M. However, they could not come to an agreement over the terms of the licensing, and so IBM approached Bill Gates instead.

Microsoft did not write any operating systems at the time, but Bill Gates was aware of Tim Paterson's 86-DOS, so he in turn approached Paterson and bought the source code and the full rights from him for approximately USD $50'000 without telling Seattle Computer that Microsoft had been approached by IBM to deliver the operating system for the IBM Personal Computer. Gates also offered Paterson a job at Microsoft as Chief MS-DOS Developer.

86-DOS was subsequently rebranded, and would from then on be marketed as MS-DOS. This infuriated Gary Kildall, who would from then on tell the whole world and their dog that Bill Gates had stolen his software. Kildall ultimately died of a blunt head trauma under very suspicious circumstances (https://en.wikipedia.org/wiki/Gary_Kildall#Death) in 1994. The cleaned-up version of the story as you can read it at the Wikipedia link (https://en.wikipedia.org/wiki/Gary_Kildall#Death) has it that Gary Kildall died in a biking incident, but there are many who believe that Microsoft had him silenced.

Apart from all of the above, Microsoft is also known for its "embrace, extend and extinguish" (https://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish) policy of entering a market, adopting an industry standard, then extending that standard with proprietary features and finally, supplanting the existing standard with their proprietarized version. In line with this philosophy, they are also a member of the controversial Trusted Computing Group (https://en.wikipedia.org/wiki/Trusted_Computing_Group), as well as of the committee that designed the UEFI (https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface) standard, which includes the equally controversial Secure Boot (https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot_ 2) feature — considered by many to be Microsoft's strategy for proprietarizing the open x86 computing platform (https://en.wikipedia.org/wiki/IBM_PC_compatible) and sabotaging the use of GNU/Linux (https://en.wikipedia.org/wiki/Linux) and other non-Microsoft operating systems on said machines.

Lastly, all executive-level Microsoft employees are obligated to attend a one-weekend seminar at Landmark Worldwide (https://en.wikipedia.org/wiki/Landmark_Worldwide), a corporation owned and run by Werner Erhard (https://en.wikipedia.org/wiki/Werner_Erhard), who founded and used to run the Scientology-inspired Erhard Seminars Training (https://en.wikipedia.org/wiki/Erhard_Seminars_Training) in the 1970s and early 1980s. (Side note: Bill Ryan has attended Erhard's seminars and regards Erhard as one of his idols.)

Dreamtimer
17th August 2016, 14:41
Jeez, Aragorn. They're actually worse than I thought.

:shocked: