Microsoft gave the NSA their encryption keys so they could spy on users of Skype & Outlook
Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.
The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.
The documents show that:
• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;
• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;
• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".
The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.
In a statement, Microsoft said: "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".
Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."
Similarly, Skype's privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."
But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.
The latest documents come from the NSA's Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.
The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's Outlook.com portal from the moment the company began testing the service in July last year.
Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats
A newsletter entry dated 26 December 2012 states: "MS (Microsoft), working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."
Two months later, in February this year, Microsoft officially launched the Outlook.com portal.
Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
Microsoft's co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.
The document describes how this access "means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about".
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
The NSA was wiretapping Skype video calls since 2008:
Skype now has a backdoor that permits government surveillance of users' video and audio calls, according to a new report in the Guardian.
The report, based on leaked slides from the National Security Agency, appears to confirm growing suspicions about the popular video chat service -- and indicates calls may be monitored as easily as an old-fashioned phone call.
One document quoted by the newspaper says intelligence analysts began to be able to monitor Skype video calls in July 2012: "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture.'"
In 2008, when the company was owned by eBay instead of Microsoft, a Skype spokeswoman told CNET: "We have not received any subpoenas or court orders asking us to perform a live interception or wiretap of Skype-to-Skype communications. In any event, because of Skype's peer-to-peer architecture and encryption techniques, Skype would not be able to comply with such a request."
http://news.cnet.com/8301-13578_3-57593339-38/nsa-docs-boast-now-we-can-wiretap-skype-video-calls/?part=rss&tag=feed&subj=News-PoliticsandLaw
The NSA has been spying on people since 1999:
The BBC reported in 1999, the NSA was using the Echelon surveillance system to spy on people globally.
Imagine a global spying network that can eavesdrop on every single phone call, fax or e-mail, anywhere on the planet.
It sounds like science fiction, but it’s true.
Two of the chief protagonists – Britain and America – officially deny its existence. But the BBC has confirmation from the Australian Government that such a network really does exist and politicians on both sides of the Atlantic are calling for an inquiry.
On the North Yorkshire moors above Harrogate … is the world’s most sophisticated eavesdropping technology, capable of listening-in to satellites high above the earth.
The base is linked directly to the headquarters of the US National Security Agency (NSA) at Fort Mead in Maryland, and it is also linked to a series of other listening posts scattered across the world, like Britain’s own GCHQ.
The power of Echelon, is astounding.
Every international telephone call, fax, e-mail, or radio transmission can be listened to by powerful computers capable of voice recognition. They home in on a long list of key words, or patterns of messages. They are looking for evidence of international crime, like terrorism.
Journalist Duncan Campbell has spent much of his life investigating Echelon. In a report commissioned by the European Parliament he produced evidence that the NSA snooped on phone calls from a French firm bidding for a contract in Brazil. They passed the information on to an American competitor, which won the contract.
“There’s no safeguards, no remedies, ” he said, “There’s nowhere you can go to say that they’ve been snooping on your international communications. Its a totally lawless world.”
http://www.washingtonsblog.com/2013/07/1999-quote-nsa-has-been-conducting-a-broad-dragnet-of-communications-and-invading-the-privacy-of-american-citizens.html
Documentary "Terms and Conditions May Apply" reveals how private companies sell or reveal our personal data to the NSA:
Terms and Conditions May Apply, a documentary that opened Friday, July 12, in New York and additional cities in coming weeks, could change all that.
The film argues that the threat is worse, and more troubling, than mere NSA spying on U.S. citizens. Rapid advances in technology are giving corporate behemoths like Google, Facebook, and Amazon the ability to strip-mine vast amounts of deeply personal data for profit (and to share, on occasion—warrant or otherwise—with curious government agencies), leaving the average citizen naked and vulnerable to a predatory new world of capitalist robber barons and so-called Western democracies that in fact are potential tyrannies.
The movie’s mouthful of a title refers to the interminable legalese to which all but a tiny few Internet users thoughtlessly click their agreement. “Who the hell reads the terms and conditions?” demands one of the bratty schoolchildren in the animated satire South Park (the documentary makes deft fair-use of countless pop-culture touchstones). It turns out that the verbiage is carte blanche to loot and plunder the most intimate details of consumers’ personal and business lives and then use the information to target them like the proverbial fish in a barrel.
In a bit of winking mischief, a British retailer, GameStation, managed to get 7,000 customers to agree to terms and conditions that stated: “By placing an order via this Web site you agree to grant us a nontransferable option to claim, now and for ever more, your immortal soul.” In exchange, customers are permitted to enjoy the amenities of apparently indispensable online services—hardly a prudent trade.
The movie asks the question: is privacy dead? And answers: if it’s not dead yet, it’s surely on life-support. Documentary director Cullen Hoback, who appears in and narrates the 80-minute film, says he found the loss-of-privacy issue so alarming that he and his colleagues spent $150,000 (Hoback is still $45,000 in the hole on his personal credit cards) and two solid years (including 2,700 hours in the editing room) to produce this witty, entertaining, and ultimately chilling documentary about a usually ignored reality of modern life.
Indeed, not even the constitutional prohibition “against unreasonable searches and seizures” holds much sway these days. According to an ominous legal theory known as the “third-party doctrine,” if you agree to a company’s terms and conditions, that company can provide your data to the FBI, CIA, or the NSA, without a warrant or court order, and you’ll be none the wiser.
It turns out that nothing, absolutely nothing, should carry the expectation of privacy.
Technological innovation and the proliferation of cellphones, tablets, and other basic tools of modern life, give governments and companies the ability to extract, analyze, and indefinitely archive every single oral communication, text, key stroke, search term, website visit, and any other digital transaction that every single citizen has ever made. “Anything that has been digitized is not private,” techno-rock musician Moby notes at one point in the film, “and that is terrifying.”
http://www.thedailybeast.com/articles/2013/07/11/terms-and-conditions-may-apply-the-death-of-privacy.html
XMission Utah's oldest internet service provider defies state's warrantless subpoena law:
Utah's oldest Internet service provider, XMission, has refused to give up customer information to law enforcement, reports . Specifically, the company says it won't comply with administrative subpoenas.
People tend to confuse these with warrants, but unlike warrants, administrative subpoenas don't require police officials to show they have "probable cause" of a crime. They also don't need approval from a judge — and that's the real problem, says company founder Pete Ashdown, a two-time unsuccessful candidate for the U.S. Senate and outspoken Democrat in an overwhelmingly Republican state. :
"It's not that he wants to enable suspects of child pornography or exploitation, vowing he would gladly comply when presented with a warrant. But the president and founder of XMission calls the subpoenas 'unconstitutional' — an invasion of the Fourth Amendment guarantee against unreasonable search and seizure — because they bypass the courts."
The courts tend to disagree. These administrative subpoenas are for connection data, not content. In other words, investigators are looking for evidence that person X connected to website Y at time Z. Courts have held that this kind of information is akin to the address written on the outside of an envelope; people don't have an expectation of privacy about connection data, and so it doesn't enjoy the protection of the Fourth Amendment.
http://www.sltrib.com/sltrib/politics/56544384-90/administrative-ashdown-attorney-barlow.html.csp?page=1
Bills introduced by Congress fail to fix unconstitutional NSA spying:
Congress has introduced a slew of bills responding to the Guardian's publication of a top secret court order using Section 215 of the PATRIOT Act to demand that Verizon Business Network Services give the National Security Agency (NSA) a record of every customer's call history for three months. The order was confirmed by officials like President Obama and Senator Feinstein, who said it was a "routine" 90 day reauthorization of a program started in 2007.
Currently, four bills have been introduced to fix the problem: one by Senator Leahy, Senator Sanders, Senators Udall and Wyden, and Rep. Conyers. The well-intentioned bills try to address the Justice Department's (DOJ) abusive interpretations of Section 215 (more formally, 50 USC § 1861) apparently approved by the reclusive Foreign Intelligence Surveillance Court (FISA Court) in secret legal opinions.
Sadly, all of them fail to fix the problem of unconstitutional domestic spying—not only because they ignore the PRISM program, which uses Section 702 of the Foreign Intelligence Surveillance Act (FISA) and collects Americans' emails and phone calls—but because the legislators simply don't have key information about how the government interprets and uses the statute. Congress must find out more about the programs before it can propose fixes. That's why a coalition of over 100 civil liberties groups and over half a million people are pushing for a special congressional investigatory committee, more transparency, and more accountability.
Some of the bills try to narrow Section 215 by heightening the legal standard for the government to access information.
Currently, the FBI can obtain "any tangible thing"—including, surprisingly, intangible business records about Americans—that is "relevant" to an authorized investigation to obtain foreign intelligence information not concerning a US person or to protect against international terrorism or clandestine intelligence activities with a statement of facts showing that there are "reasonable grounds to believe" that the tangible things are "relevant" to such an investigation. Bills by Rep. Conyers and Sen. Sanders attempt to heighten the standard by using pre-9/11 language mandating "specific and articulable facts" about why the FBI needs the records. Rep. Conyers goes one step further than Sen. Sanders by forcing the FBI to include why the records are "material," or significantly relevant, to an investigation.
By heightening the legal standard, the legislators intend for the FBI to show exactly why a mass database of calling records is relevant to an investigation. But it's impossible to know if these fixes will stop the unconstitutional spying without knowing how the government defines key terms in the bills. The bills by Sen. Leahy and Sens. Udall and Wyden do not touch this part of the law. https://www.eff.org/deeplinks/2013/07/bills-fail-fix-unconstitutional-nsa-spying