Microsoft Shares As Much Information On Spying As It Legally Can

Last week, we shared a report about Microsoft's involvement with the NSA and the Prism spying program. As we mentioned, Microsoft and other affected companies are restricted by law from sharing much. However, general counsel and executive vice president Brad Smith has published as much as is permitted about his company's involvement.

Microsoft has petitioned the United States government to share more about the types of requests made of it with regard to user information sharing. "Government lawyers have yet to respond to the petition we filed in court on June 19, seeking permission to publish the volume of national security requests we have received," he states.

Smith is adamant that the Guardian report, which we shared, does not accurately reflect the relationship between Microsoft and the NSA. "We do not provide any government with direct access to emails or instant messages. Full stop," he says in the letter. 

The Guardian report alleges that Microsoft made encryption keys and nearly unfettered access to Outlook.com, Skype, and SkyDrive available to security agencies. That isn't true claims Smith. "To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys," he explains. "When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency."

Microsoft also refutes that the Guardian's documents, while accurately identifying that conversations between the company and the NSA took place, are interpreted correctly. "While we did discuss legal compliance requirements with the government as reported last week, in none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption," Smith explains.

Requests for specific information are received by Microsoft's compliance team and are then reviewed for validity. The implication is that Microsoft can (and has) rejected invalid requests, though that isn't stated specifically. Unless Microsoft is granted permission to more fully disclose how it interacts with the NSA and other intelligence agencies, we won't know the depth and nature of the requests made by the United States and other governments.

[Source: Microsoft]

Our Take
This information offers hope. However, unless the United States government grants Microsoft permission to more fully discuss, we won't know how broad the requests for data have been and how many of our own citizens have been targeted. As we mentioned last week, even if demands for personal information come through appropriate legal channels, there is still concern about how the government identifies potential threats.

From the perspective of a gamer interested in the Xbox One, Microsoft has yet to deal head-on with how the Kinect might be used in conjunction with Skype to monitor gamers in their own homes. It's not inconceivable that Microsoft (under government mandate) could use the pairing of Skype and Kinect to capture audio or video without the user's knowledge.

This would be less of an issue if the Kinect could be disabled or disconnected during normal use of the Xbox One. At least those who chose to leave the camera plugged in would do be making a conscious choice to use the device. Instead, the Kinect must always be on when the Xbox One is in use. For some gamers, this makes the choice not about whether to use the Kinect, but about bringing an Xbox One into the house at all.