“The idea that the government may be hacking into corporate data centers was a bit like an earthquake, sending shock waves across the tech sector,” Microsoft General Counsel Brad Smith lamented in an interview. “We concluded that we better assume that there might be such an attempt at Microsoft, or has already been.” But he spoke with a forked tongue.
The Edward Snowden revelations have become part of daily life. That the NSA had tapped into the “cloud” – the place where your email is stored, and your online backups, photos, confidential documents, and all the rest of Big Data – has turned into a publicity nightmare for our tech heroes.
Hardware sales by American stalwarts like Cisco and IBM are already plunging in China and elsewhere due to the Snowden revelations. But that’s hardware, a beat-up industry. When the Snowden revelations hit the most promising corner of the tech sector, the corner on which all hopes were riding, and where exponential growth was supposed to make up for the hardware debacle, all heck broke loose.
Google and Yahoo were fingered in the leaks, but most likely, other companies that offer cloud services suffered a similar fate. And so the corporate damage-control machinery was cranked up, and Google, Yahoo, Twitter, Mozilla, Facebook, Microsoft, and so on, threw a public, carefully worded hissy fit, and were shocked and appalled that the government could do such a thing, when these companies were already tightly cooperating with the Intelligence Community on many projects to enhance their profits.
So in Microsoft’s official blog, Mr. Smith lashed out at “some governments,” without ever mentioning his big customer, the NSA, by name.
“Many of our customers have serious concerns about government surveillance of the Internet,” he started out, the understatement of the century. “We share their concerns.” He actually wrote that, I kid you not! He goes on (emphasis mine):
We are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.
What must have irked him was that the NSA had dared to “surreptitiously” collect this data. Corporate efforts to collect data and monetize it to maximize profits are patently OK and are part of the business model. Sharing this data in a profitable manner with the NSA and other members of the Intelligence Community, why not? What these corporate heroes didn’t like was that the NSA just went in and took the data.
And that this horrible mess blew into the open.
So Mr. Smith laid out a three-pronged damage-control plan. Microsoft would expand encryption across its cloud services, he wrote, which makes you wonder what they’d been thinking, storing your data in the cloud and sending it from one data center to the next unencrypted. OK, that was the old Microsoft. The new one is busy encrypting this data. It should be done with it “by the end of 2014.”
“Reinforcing legal protections” was promise No. 2. Hence, among other things, Microsoft would “commit to notifying businesses and government customers about legal orders concerning their data.” These “government customers” are entities overseas, such as the Chinese government. Absent from that list: individual users, like you and me. To heck with us. Our data will enjoy no such “legal protections.”
And promise No. 3? Increasing “transparency” by providing “government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors.” Microsoft is already in hot water with governments. The rebellious German government, for example, had warned its agencies about Windows 8 [LEAKED: German Government Warns Key Entities Not To Use Windows 8 – Links The NSA]. Yet, only “government customers” will benefit from this new “transparency,” not businesses and individuals.
And Microsoft’s promise No. 1 to encrypt all this data by 2014, how much is it worth? There is an indication. Take its subsidiary Skype, headquartered in Luxembourg and operating “pursuant to Luxembourg law.” So forget US legal protections, if any. Skype’s 600 million users have been relying on encryption for years. But the encryption was just for decoration. A marketing ploy. Turns out, Microsoft routinely hands over crypto keys to “law enforcement” and other agencies in 46 countries, including in the US [read …. Confident In The Security Of Skype And Other Encrypted Services?]
“We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution,” Mr. Smith wrote. “We want to ensure that important questions about government access are decided by courts rather than dictated by technological might.”
I can hear the crinkly sounds of a bag being pulled over my head.
Microsoft, Google, Yahoo, and all the others, from scrappy startups to aging mastodons, make money by collecting, storing, and mining user data, including emails. Their innumerable cloud services are a sitting duck not only for hackers, the NSA, and other intruders, but also for government subpoenas, legal action, or just official bullying. For many companies, user data collected by their cloud services is the most promising revenue opportunity. And the cloud itself is the keystone to the seamless, borderless surveillance society. Tech companies live off it. And these protestations by Microsoft, Google, and others are just propaganda designed to keep their cloud revenues intact.
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.