Microsoft: “Bleak future” ahead if government bulk data collection continues

Microsoft has emerged as one of the most vocal opponents in the growing campaign against bulk data collection by government agencies around the world, and particularly in the United States.

Earlier this year, Microsoft said that planned reforms of the NSA didn’t go far enough and proposed the formation of international conventions on government data access to establish a legal framework that respects the need for access to data for law enforcement needs while balancing the right to privacy for end users. The company has also accused the US government of overstepping its bounds in issuing a warrant demanding that it hand over a customer's emails stored overseas, in an Irish datacenter. 

Microsoft evidently has no intention of giving up the fight, and its senior lawyer spoke today at the Brookings Institution in Washington, DC, calling for an end to "the unfettered collection of bulk data" by the US government. As CNET reports, Microsoft general counsel Brad Smith said that such indiscriminate accumulation of data has to stop, adding that Congress and the White House must step up to make changes without delay. 

"By the end of this decade, there will be 50 billion devices connected to the Internet of Things around the world," he said. "This issue is going to become more important, not less." 

He also pointed out the need for authorities to live by the laws that they create, and which they purport to uphold: "I want law enforcement to do its job in an effective way pursuant to the rule of law. If we can't get to that world, then law enforcement is going to have a bleak future anyway." 

Smith also underlined the importance to companies of resolving these issues quickly. "We are in a business that relies on people's trust," he explained. "We're offering a world where you should feel comfortable about storing in the cloud... You need to have confidence that this information is still yours." 

With revelations continuing to emerge about governments and law enforcement agencies accessing users' data with impunity, that sense of security and 'comfort' remains wishful thinking for now. But, of course, that makes it all the more important that large corporations like Microsoft and many others in the tech industry - who, as Smith says, stand "fundamentally united" against bulk data collection - maintain their opposition and continue to lobby for change. 

Source: CNET | image via Microsoft

Report a problem with article
Previous Story

Microsoft and partners awarded $5m for datacenter fuel cell research

Next Story

More Nokia/Microsoft codenames leak online

9 Comments

Commenting is disabled on this article.

MS is in an interesting position, they've admitted to monitoring your data and also providing it to government/Law Enforcement in the past with little resistance all in the name of "the children" or "bad man X". Now that the public is aware and angered over this behavior, they're trying to win back trust to move forward. Many, including myself, will never trust another company with unencrypted sensitive data. There ARE a few shining examples of companies putting their customers privacy first, even at the expense of their business, so it's always been a choice. I'm sure MS was made an offer they felt they couldn't refuse at first and then were likely offered rewards for making it even easier. While understandable, it's not forgivable to many. In other words, this might be too little to late.

It's sad that all these government spying agencies spy on us and our data, I'd rather it was all these private marketing companies, at least we know what they want it for. /s

Id rather my data be mine unless they can prove to a judge that I'm some sort of threat. Marketing/advertising/etc. companies should NEVER be allowed to collect data on anyone, unless the user wants it collected.

A major part of the problem is MS' decision to be a public cloud first company, vs. a private cloud first company. A private cloud first strategy mitigates the problem of governments snooping through public cloud data, in an effort to find crucial private information. MS is however hell bent on its current strategy, as thin client guys have taken over the company.

There is also the assumption that data compromise on the Internet is only as bad as has been revealed by Snowden. There is absolutely no reason to make that assumption. In fact there is every reason to believe that it is far worse, and will reach devastating levels, should everyone pile their data into the public cloud, attracting every nefarious hacker soul to these giant bounties. Worry not only about the devils you know, but also about the devils you don't know.

Patmore Douglas said,
A major part of the problem is MS' decision to be a public cloud first company, vs. a private cloud first company.

Public cloud for consumers, private cloud for corporations. Expecting more than a couple consumers to set up their own private cloud (which will probably never get backed up or administered properly) is expecting too much. There is a reason why almost everybody is pursuing public cloud.

Microsoft has private cloud for businesses that need it.

As one who has a deep understanding of how to do the dirty and - if required - hack, let me explain a few facts of life. First, Cloud storage is FAR more difficult to hack than traditional local storage or even datacentre storage. Most hacking involves hacking the "meatware" (humans) rather than the "hardware" (servers) or "software" (OS) to gain entry. In a traditional environment the human owner of data knows where his data is stored and can be coerced or "phished" for clues about where the data is and how it can be accessed. In a Cloud scenario, the meatware hasn't a clue where the data is stored. This makes hacking much tougher.

From a purely software perspective, the Cloud, because it doesn't involve a single, simplistic, geographic storage location opens up entirely new concepts of data security. One example is file-system obfuscation where an encryption key can be used to determine where in the Cloud each block of each file is physically stored. We don't have this capability yet, but, if I can think of it then there are sure to be at least ten people working on it.

The Cloud has the potential for far stronger data security than anything we've seen in the past. It's only a matter of time and effort.

As indicated by the following article, cloud services can also easily be hacked "via social engineering".

http://white-hackers.blogspot....es-are-so-easy-to-hack.html

Look, if the same security protocols found in the public cloud are being brought to private clouds, the added timeless security protocol of splitting up valuable resources, instead of gathering them into gigantic pools, in order to mitigate loss, still holds true. The resilience of the Internet is due largely to its decentralized, distributed architecture. Maintaining this for corporate and individual data, can only be a good thing.

Private clouds requiring virtually zero attention, can conceivably be integrated into things like routers used in people's homes, giving them broad reach in the consumer market. Companies could then provide a host of services against these private clouds. One such service could be a proxy service, should the private cloud go offline. When the private cloud is back up and running, data from the proxy service could be downloaded to the private cloud, and then the data on the proxy service erased.