Feeds

Microsoft DENIES it gives backdoor access to Outlook encryption

Tells Attorney General gagging orders hurt US Constitution

The Power of One eBook: Top reasons to choose HP BladeSystem

Microsoft has written to the US Attorney General asking him to let the company be more open about what information it hands over to the NSA, and has published a rebuttal of the claims from NSA whistleblower Edward Snowden about the privacy of its users.

"The Constitution guarantees the fundamental freedom to engage in free expression unless silence is required by a narrowly tailored, compelling Government interest," said Microsoft's general counsel Brad Smith in a somewhat groveling letter to AG Eric Holder.

"It's time to face some obvious facts," Smith wrote. "Numerous documents are now in the public domain. As a result, there is no longer a compelling Government interest in stopping those of us with knowledge from sharing more information, especially when this information is likely to help allay public concerns.

Smith also published a blog post in which he rebutted claims that Microsoft has built backdoor access for federal investigations into some of its most popular software and services. Snowden's evidence has been misreported, Smith said, and Microsoft wants to set the record straight.

Possibly the most damaging allegation is that Microsoft installed a backdoor in the encryption system used in Outlook.com. Snowden's documents indicate this was installed at the request of the NSA and developed by Microsoft in conjunction with the FBI.

"We do not provide any government with direct access to emails or instant messages. Full stop," Smith said. "We do not provide any government with the technical capability to access user content directly or by itself. Instead, governments must continue to rely on legal process to seek from us specified information about identified accounts."

When Microsoft receives a valid information request from law enforcement, it has no need to disable the encryption of messages, Smith said. Instead, Microsoft can take the data from its own servers (where it sits unencrypted) and then pass it on if legally required to do so.

As for Microsoft's cloud service SkyDrive, Smith said that – like any other cloud provider – Redmond has to obey legal requests for data. The company had made changes in SkyDrive this year to "comply with an increasing number of legal demands governments worldwide," but he said direct access to the system's servers by analysts is not given.

Skype users should stop worrying as well, Smith suggested, and denied Snowden's claims that Microsoft had made changes to Skype so that investigators would get easier access to call data, saying changes like the shift to supernodes and storing Skype IM data on Redmond's own servers were simply improvements to Microsoft's back-end systems.

"As Internet-based voice and video communications increase," Smith wrote, "it is clear that governments will have an interest in using (or establishing) legal powers to secure access to this kind of content to investigate crimes or tackle terrorism. We therefore assume that all calls, whether over the Internet or by fixed line or mobile phone, will offer similar levels of privacy and security," he said.

Smith also took special care to reassure Microsoft's business and government customers that none of their data has been given to the government for national security purposes, although it does deal with a small number of criminal investigation requests, including four last year. Microsoft's encryption of such data has no backdoors, he said, and Redmond doesn't share encryption keys with government.

"The United States has been a role model by guaranteeing a Constitutional right to free speech. We want to exercise that right," Smith concludes. "With U.S. Government lawyers stopping us from sharing more information with the public, we need the Attorney General to uphold the Constitution." ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.