[Update] Report: Skype Monitoring Began In Early 2011, No Changes In 2012 Under Microsoft Ownership
Update: The Guardian has revised its story from yesterday regarding Prism, the NSA's spying program and services owned and operated by Microsoft. The changes are important as they deal directly with the timing of Skype participation and changes to how it was incorporated into the surveillance network.
According to the new information, Skype monitoring started in earnest in early February 2011 after the company received directive from the United States Attorney General's office. Microsoft's Skype acquisition was announced in May 2011. The Guardian report has also been revised to reflect that no changes were made to Skype in June 2012. Last year, Skype came under fire due to allegations that changes enabled further surveillance. These were denied in a blog post by Mark Gillet, Skype vice president at Microsoft.
A new report sheds light on the depth of interaction between Microsoft and the NSA's Prism spy program. The report alleges that the Redmond, Washington company collected and/or enabled the collection of private emails and Skype transmissions.
According to the report England's Guardian newspaper, in addition to unencrypted Outlook.com email and SkyDrive files, the NSA has been collecting Skype calls since February 2011 the NSA has been collecting Skype video since June 2012 and audio as early as November 2010 (see update above). As you might recall, Skype is the software that powers chat on Xbox One.
Additionally, Microsoft confirmed that the Xbox One will require the Kinect to be on in order to function. The camera and microphone bundle also offers a standby mode so that users can activate the console by voice at any time. Microsoft has also stated that the Kinect can be set to different power states so that it can be fully powered down when not in use. We approached Microsoft for comment on the allegations.
“We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues," a Microsoft representative told Game Informer. "First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes. Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate."
"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product. Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.”
The details presented today follow earlier reports in the Guardian and Washington Post that also accuse Apple, Google, Facebook, and Yahoo of being complicit in the Prism spy program.
[Update] The implications of the Prism spy program feed into the fears that many gamers have had about putting a new Kinect in their living rooms. Given that the device is designed to be "always on" for optimal use (even in a low-power state), it's no wonder that some are still begging for Microsoft to cut the cord. Even if Microsoft had absolutely no choice but to comply with the United States government (as seems to be the subtext of the last line of the provided statement), the pairing of the Kinect and the ability for Skype to be accessed easily are concerning.
It's also important to understand the Foreign Intelligence Surveillance Act (FISA), the court that handles wiretapping and electronic surveillance. An article last week in the New York Times details expansion of the secretive court's powers, including alleged exploitation and expansion of the "special needs" doctrine that enables airport security screenings and drunk driving checkpoints. Its relevance to this particular issue is that FISA judges have used the provision to exempt the NSA from warrants, thereby circumventing the fourth amendment's protection against unreasonable search and seizure in the search for possible terrorists.
The concern then becomes about the definition of "possible terrorist." The case of Justin Carter and a foolish Facebook post evidence how serious some declarations are being taken. While those comments were made in a more public setting, a combination of broadening legal application of surveillance law and the ease of accessing personal data through the services we use regularly give me pause.
Microsoft has indicated it is trying to get clear of the gag order so that they can speak more freely about these issues. Google and Yahoo have also filed to be able to reveal how they complied and what objections they made to the orders.