Microsoft has given NSA complete access to Outlook.com and Skype, encryption is useless says Guardian report

skypeoutlook

The Guardian continues to release more information regarding leaked documents that claim the NSA was spying on American citizen via its PRISM program. The latest information claims Microsoft, the FBI, and the NSA are all in a tight relationship. So tight is this relationship that it is said Microsoft — and it’s subsidiary Skype — willingly joined PRISM.

Leaked documents claim the NSA can easily gain access to emails on Microsoft servers or Skype audio calls through the PRISM program. Furthermore, the documents said Skype signed on with PRISM back in 2010 before it was acquired by Microsoft for over $8 billion, and since then has continued to provide access to audio calls made by users across the globe. What’s even more heart wrenching, is the FBI and NSA have reportedly dubbed PRISM as a “team sport”, a clear sign that many American top companies were in on the plan.

Not surprisingly, Skype has denied these claims and has stated that its technology does not have the proficiencies to accomplish a program like PRISM. The company will need more than that to convince users they are not being spied on the FBI and the NSA.

It is also understood that Outlook.com was designed with PRISM in mind, and thus emails and other data are shared with the NSA; HTTPS and other forms of encryption used by Outlook.com does not stop NSA from spying. Furthermore, NSA has similar access to Microsoft’s SkyDrive — the ability to view files and data despite encryption used by the service.

As expected, Microsoft denied these claims by stating it does not provide data to the government. Furthermore, in a statement regarding the Guardian report, Microsoft said the following:

We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues … To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product … There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.

If you want to read the whole leaked document, you won’t be able to, as the Microsoft information is from a NSA bulletin system on the Internet. We would have preferred if we could see the original document, but as it stands, we have no choice but to take go with what the Guardian has reported.

[via The Guardian]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

11 comments

  1. Louis

    [@Tom] Indeed ! I came to the same conclusion when I read the link you sent : They ALL send these geo-location data to, guess where — Google Location Services, who in term provides (sells ?) it to other websites wanting to target you.

    Like I said — I followed all the guide-lines and steps, going into Chrome’s ‘Advance Settings’ and enabled “‘ Do not track me or tell anyone my geo info, but still, many do get it.

    And like I said, this is from a cold boot into a high quality commercial VPN which does mostly show me as residing in the USA, or another if the event is closer that I want to watch, like Wimbledon etc.

    Now you’ve essentially told me FF will give me the same end results. Money rules over privacy.

    But I will somehow crack this problem, it will just take time, and research, and more creative thinking. In the meantime, for what it’s worth, I came across 2 interesting sites, which I’ll be using as a stop gap measure :

    The first tell you about having Google Maps permanently open on your browser — I do, its vital to me here in China, no-one on the streets speak English, and my mandarin is improving, but not as fast as I would like — so http://no-geolocation.blogspot.com/ will tell you to remove any address currently in the search bar of Google Maps tab, and then click on the whote circle shaped icon above the scale slider — if it centres on a spot away from your real location, you have mabaged to (for a while at least) turn off geo-location.

    The second at http://techlogon.com/2013/04/23/how-to-disable-geolocation-in-ie-chrome-or-firefox/ (you’ll have to scroll down to the bottom, and click where it says : “How To Test If Geolocation Is Disabled

    An easy way to make sure that geolocation is disabled is to just visit the test webpage [HERE].

    If the page displays a message that ‘Your browser does not support geolocation’ (Firefox) as shown below then you know that you have permanently disabled geolocation in your browser:

    geolocation5
    Test site – geolocation is disabled

    What do you think of “Incognito / In-private” browsing as another option, provided its possible to keep your tabs open in it ?

  2. Louis

    [@Seamus McSeamus] Thanks for the link, it was informative, and has led me to others as well. I had in fact done the Chrome equivalent of the about : config feature (which cannot be done in Chrome) , yet despite that I got the feeling Chrome is still passing on my data to Google Location Services, for use by other websites.

    However, I’ve found one or two other ways some has suggested, plus running a test site that will inform you whether Chrome (or any browser) gives out your geo-location, and it has come up clean (for now anyway). Chrome is a great browser, even though I love FireFox, with its great add-ons, I permanently have at a minimum 36 vital tabs open on a permanent basis, and that’s where FF just got too slow for me, once I tasted Chrome’s speed, I tried returning to FF many times, but always end up reverting to Chrome, as my main browser for the permanent tabs.

    I do still use FF, for the great add-on called toomanytabs (which has a Chrome version, but which works differently and is pretty useless) — so FF is a great storage space for those intermediate tabs that are just too many to keep open, but too much needed regularly to bury in folders of bookmarks ! (And I’ve disabled the geo-location in Ff as per your link).

    And for my default browser (don’t stone me :-) ) I set IE — this is for when I open a link in an email or on dotTech for example for a picture etc, I don’t want to see anything else than that link at that moment, and then kill it afterwards.

    Back to the geo-location issue though :

    Nothing beats privacy for me though, so these latest measures your link has helped me to find indirectly, to neutralise Chrome’s liberties with my privacy is indeed their last chance, speed or not.

    If I notice thos problem again with Chrome, I’m moving back to FF lock stock and barrel, and will find a system, perhaps just using toomanytabs more intensively, to enable me to keep less permanent tabs open.

  3. Louis

    [@Unicorn02] Hi; thanks for the explanation, when you mentioned the supernode, it came back to me. Yes, you’re right, if they’re really interested in monitoring a specific individual’s calls, who has to log in of course, I guess there probably is some kind of back door, especially now since NSA friendly MS has taken it over.

    One could register a second dummy profile I guess, and not that it’s necessary, since you’re assigned a different dynamic IP each time you break your internet connection and reconnect, they may still have some superflash cookie, or other geolocation mechanism to identify you — only way around that would be to get a commercial VPN (as I’m using here in China mainland), pick another server from another country, and make the call from your second dummy name account.

    One thing I don’t like, and I don’t know whether to blame it on the Chrome browser, since my technical knowledge is ok, but not expert level :

    I cold start my laptop, my VPN’s set to a server located say in Australia or wherever, geolocation is turned off in Chrome,the VPN functions perfectly well here to fool the substantial anti-VPN measures here on this side of the Great Firewall, and I can access Youtube, FB etc, BUT :

    Some websites still mention that they’re aware I’m located in China.

    Can you or anyone explain to me what technology is still at work on my system that I need to neutralise to avoid that ?

  4. Seamus McSeamus

    Get used to it. The United States government doesn’t respect your rights, and it doesn’t matter to them which country you live in. A government that will lie to its own citizens (Gulf of Tonkin, WMDs in Iraq among many others) won’t hesitate to do so to foreign governments.

  5. Unicorn02

    Concerning Skype: This is how far I understood it.
    If the communicating skype users are not behind a restrictive firewall, the connection between these users is peer to peer using a technique called “udp-hole-punching” and also encrypted. If one of the communicating parties is firewalled or is using an http-proxy, a third party comes into place which is called a supernode and acts as a man in the middle for the communication (because both parties can contact this node, but not each other directly). So both skype users chat via this supernode, and communication is still encrypted.
    BUT: There is still the possibility that the skype client itself might capture the communication traffic and send it to another server if triggered by a backdoor. So that a backdoor might be used to eavesdrop on the communication on one of the skype clients. This is pure speculation, but really possible.

  6. Coyote

    [@Louis] They may not have access to all the voice data but they would have logs of every connection between users. The NSA loves to get aggregate data so they can use them for profiling. Not individual profiling, but profiling of entire cities/states/religions/ethnics/etc. With Skype they can distil this information and see what groups are connected to others. And with this information they can… umm… ok so the NSA is just collecting marketing data it seems… but then that data would be invaluable in the case of oh say a revolution where everybody without a badge turns into a terrorist.

  7. Louis

    The way I always understood Skype works, is that it’s in fact operated on the same principle as peer to peer filesharing does — using the connections from all that is online to connect video calls.

    Has this foundation ever changed, and if so, from which version ?

    If it’s stilloperating on that basis, how can accessing Microsoft’s servers be of any use to the NSA in monitoring Skype calls, if it’s distributed through its users ?

  8. Coyote

    There’s willingly and then there’s hand me your papers. When dealing with the government there is no willingly. if they hadn’t turned over the records they would probably be targeted with tax audits or other government sanctioned inspections. If you don’t play with the big dog he will bite you.