Report: Microsoft helped NSA to access SkyDrive, Skype and Outlook.com

While Microsoft has already said that it only provides access to its online services to the US government when it gets a "legally binding order or subpoena", a report now claims that the company has in fact worked with the National Security Agency to allow it to gain access to Microsoft's many online services.

The Guardian's story is based on files that have been leaked to the UK newspaper by the now famous (or infamous) ex-NSA contractor Edward Snowden. The story claims that Microsoft has facilitated access to its SkyDrive cloud data service to the NSA.

It also claims that the agency got a way to circumvent the encryption on the chats generated on Microsoft's Outlook.com service. The article also alleges that that Skype worked with the agency to collect audio and video chats, even before Microsoft acquired the company in 2011.

The story additionally claims that the NSA shares the information it has gathered from Microsoft's services with the FBI and CIA. In a statement to the Guardian, Microsoft repeated that it only gives out customer information to the government "in response to legal processes." Microsoft added that it checks every such request and rejects them if it does not consider them valid. Finally, Microsoft says it "would not respond to the kind of blanket orders discussed in the press over the past few weeks."

Source: The Guardian | Image via NSA

Report a problem with article
Previous Story

Microsoft shares details on next Windows Phone 8 update

Next Story

Nokia to bring Lumia 1020 Pro Camera software to Lumia 920, 925 and 928

63 Comments

Commenting is disabled on this article.

It seems it's time to put on my tinfoil hat....

People, this has been going on since the intercontinental phonelines. It was called the Echelon project.
And don't think the US is the only one here. France is doing it for years already, spying on it's citizens and Europeans alike.

Also, it's funny to see people react as if being kneejerked, but are dumping all of their social life on FB, Twitter, Instagram and alike.......

If you don't want to be found on the web, get off the grid ;-)

Been in a congressional restroom lately? They clean their gluteal folds with copies of the U.S. Constitution. And don't look to the White House for help, you will get more of the same there. Thanks a lot Barack...

People are very confused.

"Privacy practices" are there to help protect your information from advertisers, 3rd parties and so on.

What you see here is the result of government bullying and overreach. People that point how Microsoft is evil in this case, simply do not get it. It's like this: you want to operate on the US soil, you get to play by the rules that were originally placed here by the Patriot Act and gazillion other regulations that came after it.

Nobody is immune. Not Microsoft, not Google.

If you feel disappointed, you should be disappointed in what you allowed to happen and what your "representatives" have been doing. This has been long time in works but for last ~20 years we have really stepped up the efforts where government controls it all.

Wake up.

well spying are costly,
but since MOST of MSFT clouds revenues are came from CORPORATES CLIENTS,
NSA could hold the snooped business data and auctions 'em to interested party who willing to pay for it, because individuals citizen data are not worth as much.

win win solution for both Microsoft & NSA.

All I can say is, good on Edward Snowden for leaking these documents. Any one with half an ounze of common sense knew things like this happened although its good to finally get some proof. Meh..

Prisim's intentions are good, but I haven't done anything wrong, and its not right that I should be treated like a criminal or terrorist when I use Skype.

illage3 said,
Prisim's intentions are good, but I haven't done anything wrong, and its not right that I should be treated like a criminal or terrorist when I use Skype.

Unless you are communicating with someone of interest OUTSIDE the USA on Skype, then your communication isn't monitored. Even then, it still requires a warrant if you are a US citizen to listen to your communication.

People are conflating the overreach of the NSA program in the 2002-2006 era that were actively monitoring US citizen communications. Bing the 2006 Supreme Court rulings to see why this was wrong and stopped.

Ok so heres the deal. The laws that were changed to allow the NSA to do this (unconstitutional) tapping, also prevents any company that is forced to cooperate with them from disclosing their cooperation, this ms/google/facebook legally HAVE to deny this took place, while also having no legal option but to comply with them.

this is a government issue, they are the cause absolutely. No amount of complaining to or against these individual companies can change the fact that the US government is consistently undermining the constitution that legally they are bound to. Until people wake up and realise the power they have to change things (i.e. Actually become informed in enough numbers) nothing will change.

MS have already posted a reply to this stupid article on their news site. Just because you read **** in a tabloid does not make it true.

I'm not really surprised, remember all the people getting caught with CP on Skydrive? Yea

While I have to admit I'm actually glad they got caught, I don't believe it makes it ok for them to go through people's personal data

Spicoli said,
I can make a "report" that claims the government has been taken over by space aliens. Do I get a headline?

Do you work for the NSA?
Regardless you can always show up at the NYT or somewhere else, speak with a professional journalist and present your claim...

Meh you can't stop them even with voting..

Everyone knows these days you "VOTE FOR WHO WILL DO THE LEAST DAMAGE" and not just for who you like. Trouble is they are all at this crap and want it.

Quite a threat to the TPTB. They only put up candidates that are pre-approved to toe the line. Think about it, if you provide all the choices, who really cares which one gets "voted" for. Even local politics is getting this way.

gebs said,
I wonder why other governments are not reacting to US spying on their citizens
for the same reason the US doesn't complain when Russia or Great Britain do it to them

"World Wide Wiretap" an exited quote by the NSA years ago. This was the plan all along and what's more worrisome is it's right in our faces, no fear whatsoever, even going so far as to make everything "legal". Man up people, a much bigger fight is coming.

This is nothing new. Backdoors have been programmed in to Windows since its inception, and so does Mac...oh and so does Android.

Windows and Mac OS are closed source, so back-doors may or may not be there, no one can verify. Android is open-source, so I think someone would have found a backdoor if one existed.

greensabath said,
Windows and Mac OS are closed source, so back-doors may or may not be there, no one can verify. Android is open-source, so I think someone would have found a backdoor if one existed.

Err, no.
The core of OSX is open source, with some closed-source components added on top.
Microsoft shares source code for most of their software (including Windows) with governments, institutions, and more through their shared source initiative (http://www.microsoft.com/en-us/sharedsource/default.aspx). Not to mention the number of people who decompile Windows themselves for any number of reasons.

The bottom line is, even after these governments, institutions, and partners have seen and reviewed the Windows source code, most of them STILL decided to use Windows. If one of them had discovered a backdoor, you can be sure we'd have heard of it by now.

Only parts of windows are available under the shared source. Plus let's be honest, who the hell is going to go through all the available data anyway? Windows 2000's installer source code alone was 40GB compressed.

Parts of the Windows code base isn't owned by Microsoft, it's licensed so it would be up to those parties to reveal their code to whom would request it. In any case Windows on the desktop is so widely used and tested something like this would have been discovered. And at any rate the government isn't focusing on the devices but the connectivity and services which would be the important aspect in monitoring people.

greensabath said,
Windows and Mac OS are closed source, so back-doors may or may not be there, no one can verify. Android is open-source, so I think someone would have found a backdoor if one existed.
during the vista days a backdoor was discovered at a black hat convention, and I would say if that doesn't convince you, I'd say Stuxnet is a strong indicator they exist still.

n_K said,
Only parts of windows are available under the shared source. Plus let's be honest, who the hell is going to go through all the available data anyway? Windows 2000's installer source code alone was 40GB compressed.

I agree with you, but the same holds true for Android and most open-source programs as well - there's just too much data there to look through, and even if you do you have to take into account the fact that there are so many other places you need to look - who's compiling the source, the chance of a backdoor in the compiler, any proprietary code loaded by the handset manufacturer, automatic updates that could add a backdoor after-the-fact, etc. At some point you have to put your trust in someone else that there's not a backdoor.

Matthew_Thepc said,

Err, no.
The core of OSX is open source, with some closed-source components added on top.
Microsoft shares source code for most of their software (including Windows) with governments, institutions, and more through their shared source initiative (http://www.microsoft.com/en-us/sharedsource/default.aspx). Not to mention the number of people who decompile Windows themselves for any number of reasons.

The bottom line is, even after these governments, institutions, and partners have seen and reviewed the Windows source code, most of them STILL decided to use Windows. If one of them had discovered a backdoor, you can be sure we'd have heard of it by now.

Open and closed source have no legitimate bearing on this argument. Compiled code is just a s readable as open source code if the person is skilled enough in machine/assembly.

A good example is the backdoor in the IP stack of BSD/OpenBSD that wasn't realized until it made news in 2010. The 'bugs' were there and did allow for backdoor access, and had existed in readable code for nearly 20 years without anyone noticing.

The same is true of several other security related encryption technologies and procedures. From SELinux to AES there are have been readable, but 'unknown' backdoor code.

Which demonstrates that open source versus closed source makes very little difference at the end of the day.

What if Microsoft, Google, Apple and all the other big boys came together and just said 'no'? Im getting really tired of your spyshit uncle Sam!

Ronnet said,
What if Microsoft, Google, Apple and all the other big boys came together and just said 'no'? Im getting really tired of your spyshit uncle Sam!

Massive fines and continued Federal pressure to give it up. Worst case the Feds physically cease servers.

It does not usually boil down to the feds asking nicely for information their are very formal processes taken and massive fines incured if the company does not comply. It's as close to a no choice situation for a company as your going to get unless the company wants to fight the feds legally in court.

Ronnet said,
What if Microsoft, Google, Apple and all the other big boys came together and just said 'no'? Im getting really tired of your spyshit uncle Sam!

Hardly. Many of them own stocks in one or more of the above, while the lobbyists from these corporations speak louder and are often more influential to uncle sam than the American people who voted them into power.

The only time I can see it happening is if the people started paying attention more and voicing their concerns all around the country, and begin pressuring their constituents to do the right things. Most people are too careless and naive to do anything as long as they're getting their welfare checks and other social services.

Ronnet said,
What if Microsoft, Google, Apple and all the other big boys came together and just said 'no'? Im getting really tired of your spyshit uncle Sam!

I'm surprised that people keep acting like this is new or things have suddenly changed.

The FISA courts go back to the 1970s, and NSA tactics monitoring communications go back to the Silver War.

If people thing the NSA and Uncle Sam have increased, they need to step back to 2002 through 2006 where the NSA was ILLEGALLY allowed complete fiber mirror dumps of Internet data and was able to tap individuals without the oversight of the FISA courts. (These things are NO LONGER happening.)

Uncle Sam has been listening to ALL radio and telephonic communication for over 40 years, which is why there are listening installations in every key 'communication' area of the world. This is also public knowledge that has been disclosed since the 1970s.
(Hence the creation of the current FISA court laws in the 1970s.)

Mobius Enigma said,

I'm surprised that people keep acting like this is new or things have suddenly changed.

The FISA courts go back to the 1970s, and NSA tactics monitoring communications go back to the Silver War.

If people thing the NSA and Uncle Sam have increased, they need to step back to 2002 through 2006 where the NSA was ILLEGALLY allowed complete fiber mirror dumps of Internet data and was able to tap individuals without the oversight of the FISA courts. (These things are NO LONGER happening.)

Uncle Sam has been listening to ALL radio and telephonic communication for over 40 years, which is why there are listening installations in every key 'communication' area of the world. This is also public knowledge that has been disclosed since the 1970s.
(Hence the creation of the current FISA court laws in the 1970s.)

Hench why I said 'I'm getting really tired of' and not 'oh lord how could our very own uncle Sam do this!'

Amidst all this, do I really think that the government isn't going to get access to Kinect servers.

More importantly, Microsoft needs to do a better job at reassuring its customers. The cliche "we don't do ---" is not at all convincing and never was.

still_rookie said,
Amidst all this, do I really think that the government isn't going to get access to Kinect servers.

More importantly, Microsoft needs to do a better job at reassuring its customers. The cliche "we don't do ---" is not at all convincing and never was.

It's not up to them, MS can say whatever they want but if the feds come knocking with a valid legal request for information they are going to have to give up the data. If they refuse because MS does not consider it a valid request they will literally be fighting the US government on this and they will probably lose.

swanlee said,

It's not up to them, MS can say whatever they want but if the feds come knocking with a valid legal request for information they are going to have to give up the data. If they refuse because MS does not consider it a valid request they will literally be fighting the US government on this and they will probably lose.


And I would expect them to hand over user data if someone from the government comes knocking on their front door with a VALID search warrant that has undergone due process and diligence.

What they're talking about here is the illegal and unconstitutional search & seizure of bulk data from the general population without warrants, due diligence, just cause, or probable evidence.

This is something Microsoft (and other tech giants) have allowed to happen, and they didn't even bother to try and argue this in a court of law, as they could've defeated the request, because as previously stated, it's illegal and unconstitutional.

Because they didn't fight the court order, went along with it, and deny all complicity in the matter, it leads me to believe the NSA and CIA have something against Microsoft beyond legal and financial sanctions to encourage voluntary compliance.

It's not up to them, MS can say whatever they want but if the feds come knocking with a valid legal request for information they are going to have to give up the data. If they refuse because MS does not consider it a valid request they will literally be fighting the US government on this and they will probably lose.

Except the government DOESN'T have any legal grounds to access users' private information without real cause. Now unless the entire country is conspiring against themselves I see no real reason why MS should have to hand anything over. Its illegal for the government to be asking authorization to everyone's skype conversations and emails.

still_rookie said,
Amidst all this, do I really think that the government isn't going to get access to Kinect servers.

More importantly, Microsoft needs to do a better job at reassuring its customers. The cliche "we don't do ---" is not at all convincing and never was.

This may be an issue if Kinect actually stored anything personal. The only things it does store is audio snippets to help it learn and in that case it's totally detached from any individual and is just random data.

Before people flip out I've experienced government legal inquires that requested data before at work and you will provide it to them or your company will get seriously fined and and have serious legal action taken against it. Basically if the feds ask for information you give it to them or you are ****ed. This goes for any US based corporation.

swanlee said,
Before people flip out I've experienced government legal inquires that requested data before at work and you will provide it to them or your company will get seriously fined and and have serious legal action taken against it. Basically if the feds ask for information you give it to them or you are ****ed. This goes for any US based corporation.

Still doesn't make it right in the "land of the free"

Depicus said,

Still doesn't make it right in the "land of the free"

The only thing you can do is vote the people out of office who push this kind of stuff. MS has no real choice but to give the feds the information they request

swanlee said,

The only thing you can do is vote the people out of office who push this kind of stuff. MS has no real choice but to give the feds the information they request

Sadly looks like your two parties both wish to spy on you so you have no choice.

swanlee said,
MS has no real choice but to give the feds the information they request

Depends if they are presented with a court order or not.

The only thing you can do is vote the people out of office who push this kind of stuff. MS has no real choice but to give the feds the information they request

This is bull****. For a company like Microsoft they aren't forced to do anything.

still_rookie said,
This is bull****. For a company like Microsoft they aren't forced to do anything.
Yes they are? Do you somehow think that the employees can't be arrested, or something?

Depicus said,

Still doesn't make it right in the "land of the free"

Who said that Freedom is free? We all have to pay for it in some form or fashion.

ROTFLMAO.... you think that just because there is a document leaked that says MS did this, that Google did not? Google, who could be driven out of business and loose billions if it got on the wrong side of favor with the US government? If you think this, you sir are a fool.

None of your data is safe in the cloud from the eyes of the government. If you can live with that (as I can) the cont. to use cloud services. Oh, and don't encrypt your stuff before putting it out there, that just draws their attention.

Depicus said,

Still doesn't make it right in the "land of the free"


It's totally possible to argue that no protected freedoms were infringed here. It's really just a question of whether you're being a literalist or bringing your own definition of freedom to the table.

still_rookie said,

This is bull****. For a company like Microsoft they aren't forced to do anything.


"Microsoft repeated that it only gives out customer information to the government "in response to legal processes.""

still_rookie said,

This is bull****. For a company like Microsoft they aren't forced to do anything.

What are you talking about?
If the government or the courts request information with a formal legal request then MS can't turn that request away. Neither could any of the bigger companies

Microsoft got on their face... Especially in light of all their Scroogled, "Your privacy matters to us" etc. etc. etc.

FSS I would rather have an algorithm scan my mail and give me ads rather than the government having direct access to EVERYTHING i do.

MindTrickz said,
Microsoft got on their face... Especially in light of all their Scroogled, "Your privacy matters to us" etc. etc. etc.

Exactly. Microsoft claims to care about your privacy, all the while handing over all of your private communications to intelligence services without any resistance. What a sad state of affairs.

So you're saying that if Google gets a legal order from NSA/FBI/CIA they will not comply with it? Anyone who thinks that corporations will not help US govt agencies with any kind of information they want, need to go read the ToS of each and every online service they subscribe to.