Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity

    Microsoft Helped NSA Bypass Cloud Encryption: Report

    By
    Pedro Hernandez
    -
    July 13, 2013
    Share
    Facebook
    Twitter
    Linkedin
      security

      Microsoft helped the U.S. National Security Agency (NSA) bypass the encryption safeguards on some of its popular cloud services, according to July 11 report in The Guardian.

      The claims are the latest in the continuing NSA spying controversy, which made international headlines after NSA contractor Edward Snowden leaked top-secret documents and thrust the PRISM intelligence-gathering program into the spotlight. Fueling the scandal were assertions that the U.S. government had direct access to the servers, and therefore the data, of major Web services providers, including Google, Facebook and Microsoft.

      “The government has granted itself power it is not entitled to. There is no public oversight. The result is people like myself have the latitude to go further than they are allowed to,” Snowden told The Guardian.

      Google and other major cloud companies were swift to push back against the accusation. In an Official Google Blog post dated June 11, Google Chief Legal Officer David Drummond wrote: “Assertions in the press that our compliance with these requests gives the U.S. government unfettered access to our users’ data are simply untrue. However, government nondisclosure obligations regarding the number of FISA [Foreign Intelligence Surveillance Act] national security requests that Google receives, as well as the number of accounts covered by those requests, fuel that speculation.”

      Following Google’s lead, and citing its First Amendment rights, Microsoft recently requested permission from the U.S. government to disclose more details about government requests for customer data in an effort to combat charges that the company grants the intelligence community unrestricted access to its cloud servers.

      “To promote additional transparency concerning the Government’s lawful access to Microsoft’s customer data, Microsoft seeks to report aggregate information about FISA orders and FAA [FISA Amendments Act] directives separately from all other local, state, and federal law enforcement demands,” said the company in its June 19 filing with the U.S. Foreign Intelligence Surveillance Court.

      Now Microsoft is facing renewed scrutiny after the U.K. news organization released more details on the documents provided by Snowden.

      “Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept Web chats on the new Outlook.com portal,” said The Guardian report. Additionally, the “agency already had pre-encryption stage access to email on Outlook.com, including Hotmail,” reported the paper.

      With the help of the FBI, Microsoft also reportedly helped the NSA give PRISM easier access to its cloud storage service, SkyDrive. Also ensnared in this latest controversy is Skype, the company’s massively popular voice and video calling service. “In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism,” revealed the report.

      While the scandal embroiled consumer-grade services, by and large, enterprises should be wary, according to Steve Weis, chief technology officer for PrivateCore, a cloud security startup. It all boils down to who manages the encryption keys.

      The former Google technologist, who worked on the search giant’s two-factor authentication system, noted that in terms of its technology foundation, Microsoft’s SkyDrive product is fundamentally the same for both enterprise users of its Office 365 product and consumers. He told eWEEK that for many cloud services, “the user isn’t in control of the [encryption] keys.”

      Such services—”not specific to Microsoft,” Weis said—can be compelled by a lawful request to hand over decrypted data without the data’s owner being made aware. “If you don’t encrypt your data before you send your data, it’s exposed,” said Weis.

      Pedro Hernandez
      Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the Internet.com network of IT-related websites and as the Green IT curator for GigaOM Pro.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×