Microsoft gave NSA's PRISM access to Skype, Outlook.com and SkyDrive
According to a report in the Guardian, Microsoft helped the NSA to bypass data encryption by users of its services. Even before it was launched, Microsoft is alleged to have taken steps to ensure that the NSA had continuous access to data sent via its new Outlook.com email portal. In a statement, Microsoft stressed that it only cooperates with the authorities where legally required to do so. The statement claims that the company does not provide across the board access, but does so in individual cases only. This, however, is contradicted by information which the Guardian claims to have gleaned from leaked NSA documents.
The report is based on further documents disclosed by whistleblower Edward Snowden, who previously worked for the NSA. These appear to show that the PRISM surveillance programme provided the authorities with access to emails sent using Microsoft's Hotmail, Live and Outlook.com services before the emails were encrypted. Microsoft is also reported to have worked with the FBI to make it easier for the organisation to access data stored on its SkyDrive online storage service. According to the Guardian, the FBI acted as the interface between the security services operating PRISM and IT companies. The NSA documents state that PRISM's extended data collection capabilities were the result of collaboration between the FBI and Microsoft.
The NSA also praised the collaboration with the FBI in the case of messaging and VoIP service Skype. According to the documents, Skype joined PRISM in early 2011, before it was acquired by Microsoft. That takeover is alleged to have resulted in a redoubling of efforts to enable PRISM to access Skype communications. According to the NSA, in July 2012, the volume of intercepted Skype data tripled following the introduction of new surveillance capability. There have been repeated rumours of backdoors in Skype intended to enable encrypted communications to be intercepted by the security services. Skype has always denied these reports.
In its response in the Guardian, Microsoft stresses that it is obliged to provide the authorities with the ability to access this information. It also says that it would like to be able to disclose more details of its role and is lobbying for greater openness. According to the dpa, internet businesses have consistently denied providing US authorities with direct access to their servers. Snowden, however, maintains that the NSA was able to access information at will.
In May, The H security published an article entitled "Skype with care – Microsoft is reading everything you write", in which it noted that sending URLs via Skype led to unexplained attempts to access those URLs. These observations showed that Microsoft was analysing instant messaging sessions. At the time, this was interpreted as automated analysis of potential spam or phishing URLs. The PRISM revelations suggest that these observations may need to be re-evaluated.
See also:
- Skype with care – Microsoft is reading everything you write, a feature from The H.
- Skype's ominous link checking: Facts and speculation, a report from The H.
(sno)