Microsoft: There's 'Unfinished Business' a Year After NSA Bombshell

The U.S. government has left a lot of unresolved issues in the wake of the NSA scandal that rocked the tech industry, argues the software giant.


While a year may have passed since Edward Snowden, a former National Security Agency (NSA) contractor, shed light on the U.S. government's sweeping cyber-spying capabilities, the effects of those disclosures are still rippling across the IT industry.

Microsoft's Brad Smith, general counsel and executive vice president of Legal and Corporate Affairs, authored a June 4 blog post detailing some of the "unfinished business" that, according to the company, the U.S. government must tackle to restore faith in the tech sector. A large part of the concern stems from the scale at which the NSA collected private data.

In the wake of the Snowden saga, Smith said that it has become "apparent that the government intercepted data in transit across the Internet and hacked links between company data centers." Recognizing the role of governments in protecting its citizens, he said that mass surveillance at that level is setting the industry back.

For Smith, the controversy hits close to home. During his travels, including a recent European trip, he found that "people have real questions and concerns about how their data are protected," he said.

Moreover, uncertainty over the NSA's activities threatens to hit the brakes on the burgeoning cloud economy. "These concerns have real implications for cloud adoption," added Smith. "After all, people won't use technology they don't trust."

To alleviate those concerns, Microsoft proposes four actions that it feels the U.S. government should take. The first order of business is to end the bulk collection of data, said Smith.

Echoing President Barack Obama's stance on the bulk collection of telephone records, he said that while Microsoft has never been ordered to hand over Internet data on such a scale, the company believes that "the USA Freedom Act should be strengthened to prohibit more clearly any such orders in the future."

Next, the Foreign Intelligence Surveillance Act (FISA) Court could use a fundamental reassessment, he said.

As it is currently set up, the FISA Court lacks "the adversarial process that is the hallmark of a fair judicial system," he noted, adding that "a judge who hears only one side of a case is less likely to render a just result." As a result, Microsoft is calling on the U.S. Congress to spearhead measures to reform the FISA Court.

Microsoft is also seeking commitments from the U.S. government that it will not hack data centers and the communications networks that link them. Seven months after it was revealed that the NSA "hacked systems outside the U.S. to access data held by Yahoo! and Google the Executive Branch remains silent about its views of this practice," said Smith. In October, a report in The Washington Post revealed that the NSA had intercepted traffic that flowed between the private, non-public links that connect Google's and Yahoo's respective data centers, potentially exposing user data.

Finally, Smith called for more transparency across the board. "Earlier this year, we won the right to publish important data on the number of national security-related demands that we receive," he said. Although a step in the right direction, Microsoft feels that instead of the vague statistics that are allowed to be published by the U.S. government, "even more detail can be provided without undermining national security."

Pedro Hernandez

Pedro Hernandez

Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the network of...