Microsoft DENIES it gives backdoor access to Outlook encryption
Tells Attorney General gagging orders hurt US Constitution
Microsoft has written to the US Attorney General asking him to let the company be more open about what information it hands over to the NSA, and has published a rebuttal of the claims from NSA whistleblower Edward Snowden about the privacy of its users.
"The Constitution guarantees the fundamental freedom to engage in free expression unless silence is required by a narrowly tailored, compelling Government interest," said Microsoft's general counsel Brad Smith in a somewhat groveling letter to AG Eric Holder.
"It's time to face some obvious facts," Smith wrote. "Numerous documents are now in the public domain. As a result, there is no longer a compelling Government interest in stopping those of us with knowledge from sharing more information, especially when this information is likely to help allay public concerns.
Smith also published a blog post in which he rebutted claims that Microsoft has built backdoor access for federal investigations into some of its most popular software and services. Snowden's evidence has been misreported, Smith said, and Microsoft wants to set the record straight.
Possibly the most damaging allegation is that Microsoft installed a backdoor in the encryption system used in Outlook.com. Snowden's documents indicate this was installed at the request of the NSA and developed by Microsoft in conjunction with the FBI.
"We do not provide any government with direct access to emails or instant messages. Full stop," Smith said. "We do not provide any government with the technical capability to access user content directly or by itself. Instead, governments must continue to rely on legal process to seek from us specified information about identified accounts."
When Microsoft receives a valid information request from law enforcement, it has no need to disable the encryption of messages, Smith said. Instead, Microsoft can take the data from its own servers (where it sits unencrypted) and then pass it on if legally required to do so.
As for Microsoft's cloud service SkyDrive, Smith said that – like any other cloud provider – Redmond has to obey legal requests for data. The company had made changes in SkyDrive this year to "comply with an increasing number of legal demands governments worldwide," but he said direct access to the system's servers by analysts is not given.
Skype users should stop worrying as well, Smith suggested, and denied Snowden's claims that Microsoft had made changes to Skype so that investigators would get easier access to call data, saying changes like the shift to supernodes and storing Skype IM data on Redmond's own servers were simply improvements to Microsoft's back-end systems.
"As Internet-based voice and video communications increase," Smith wrote, "it is clear that governments will have an interest in using (or establishing) legal powers to secure access to this kind of content to investigate crimes or tackle terrorism. We therefore assume that all calls, whether over the Internet or by fixed line or mobile phone, will offer similar levels of privacy and security," he said.
Smith also took special care to reassure Microsoft's business and government customers that none of their data has been given to the government for national security purposes, although it does deal with a small number of criminal investigation requests, including four last year. Microsoft's encryption of such data has no backdoors, he said, and Redmond doesn't share encryption keys with government.
"The United States has been a role model by guaranteeing a Constitutional right to free speech. We want to exercise that right," Smith concludes. "With U.S. Government lawyers stopping us from sharing more information with the public, we need the Attorney General to uphold the Constitution." ®
Sponsored: Becoming a Pragmatic Security Leader