Microsoft Helped NSA Bypass Cloud Encryption: Report –


The Article is not long so take the time to read..

Think twice about doing business with Microsoft Hosted email solution called OUTLOOK.COM as VARS, MSP’S Resellers you may get your email free but are you really providing your clients the best security and privacy, our job is to protect our clients after all they put the bread on our tables. There are alternatives.

By Pedro Hernandez | Posted 2013-07-13 –

Skype, Outlook.com and SkyDrive got tangled up in the National Security Agency spying scandal.
Microsoft helped the U.S. National Security Agency (NSA) bypass the encryption safeguards on some of its popular cloud services, according to July 11 report in The Guardian.
The claims are the latest in the continuing NSA spying controversy, which made international headlines after NSA contractor Edward Snowden leaked top-secret documents and thrust the PRISM intelligence-gathering program into the spotlight. Fueling the scandal were assertions that the U.S. government had direct access to the servers, and therefore the data, of major Web services providers, including Google, Facebook and Microsoft.
“The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to,” Snowden told The Guardian.
Google and other major cloud companies were swift to push back against the accusation. In an Official Google Blog post dated June 11, Google Chief Legal Officer David Drummond wrote: “Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA [Foreign Intelligence Surveillance Act] national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.”

Following Google’s lead, and citing its First Amendment rights, Microsoft recently requested permission from the U.S. government to disclose more details about government requests for customer data in an effort to combat charges that the company grants the intelligence community unrestricted access to its cloud servers. –

“To promote additional transparency concerning the Government’s lawful access to Microsoft’s customer data, Microsoft seeks to report aggregate information about FISA orders and FAA [FISA Amendments Act] directives separately from all other local, state, and federal law enforcement demands,” said the company in its June 19 filing with the U.S. Foreign Intelligence Surveillance Court

Now Microsoft is facing renewed scrutiny after the U.K. news organization released more details on the documents provided by Snowden.

“Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept Web chats on the new Outlook.com portal,” said The Guardian report. Additionally, the “agency already had pre-encryption stage access to email on Outlook.com, including Hotmail,” reported the paper.

With the help of the FBI, Microsoft also reportedly helped the NSA give PRISM easier access to its cloud storage service, SkyDrive. Also ensnared in this latest controversy is Skype, the company’s massively popular voice and video calling service. “In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism,” revealed the report.

While the scandal embroiled consumer-grade services, by and large, enterprises should be wary, according to Steve Weis, chief technology officer for PrivateCore, a cloud security startup. It all boils down to who manages the encryption keys.

The former Google technologist, who worked on the search giant’s two-factor authentication system, noted that in terms of its technology foundation, Microsoft’s SkyDrive product is fundamentally the same for both enterprise users of its Office 365 product and consumers. He told eWEEK that for many cloud services, “the user isn’t in control of the [encryption] keys.”

Such services—”not specific to Microsoft,” Weis said—can be compelled by a lawful request to hand over decrypted data without the data’s owner being made aware. “If you don’t encrypt your data before you send your data, it’s exposed,” said Weis.

What if this is proven:
The files show that the NSA became concerned about the interception of encrypted chats on Microsoft’s Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: “MS [Microsoft], working with the FBI, developed a surveillance capability to deal” with the issue. “These solutions were successfully tested and went live 12 Dec 2012.”

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. “For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption.”

Microsoft’s co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked “for many months” with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.

The document describes how this access “means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about”.

Tags: , , , , , , ,

Comments are closed.

%d bloggers like this: