Microsoft has come out with the harshest criticism by any tech company of National Security Agency (NSA) snooping, and likened it to the kinds of hacking carried out by top teams of hackers backed by the Chinese government. Is the criticism real, or an attempt to divert attention from Microsoft's past cooperation with intelligence agencies?
In a blog post, Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft, laid into NSA actions. Although Smith never directly names the NSA in the post, it's abundantly clear that's the agency he's speaking about when he writes:
"Many of our customers have serious concerns about government surveillance of the Internet.
"We share their concerns. That’s why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data.
"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry."
Smith was referring to recent stories saying that the NSA taps into fiber optic cables running between the data centers of Microsoft and other tech companies including Google and Yahoo, as a way of gathering massive amounts of customer data. The NSA does that because companies haven't encrypted data running between their data centers, believing them to be protected.
Smith said about the claims:
"If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks."
The term "advanced persistent threat" was chosen for a specific reason -- the Wall Street Journal notes that it "carries special weight in cybersecurity circles and is often used to describe hacker teams backed by the Chinese government."
Kudos to Microsoft for making that charge.The company is right. There is no difference between the Chinese government performing that kind of insidious data gathering and the U.S. government doing the same thing.
Kudos also to Microsoft for taking steps to fight it, including encrypting customer data as it travels between data centers. Google, Facebook, and Yahoo are already doing that.
Why is Microsoft coming out so strongly against the NSA? Cynics might point to Microsoft's past cooperation with intelligence agencies. There have been charges that Microsoft has long been allowing the NSA access to data. And Bloomberg reports that Microsoft has given advance warning to U.S. intelligence agencies about bugs in its software before it fixes them, so that those agencies can exploit those vulnerabilities in Microsoft software sold to foreign governments.
But in truth, right now that doesn't matter. All that does is that Microsoft has come out with the strongest statement yet by a tech company about NSA snooping, and that it's taking steps to protect its customers.