- Kentucky food truck repurposes ‘LGBTQ’ to support Trump, BBQ Tuesday 8:47 PM
- Trump complains about his Twitter follower count to Jack Dorsey Tuesday 6:34 PM
- ‘Avengers: Endgame’ sticks the devastating landing—and gives you time to grieve Tuesday 5:00 PM
- Teen hits Apple with $1 billion lawsuit over alleged face recognition arrest Tuesday 4:48 PM
- John Cornyn tried to attack Patton Oswalt for his old tweets and failed miserably Tuesday 4:29 PM
- Logan Paul is selling a pillow of his dead dog—for a good cause Tuesday 4:04 PM
- Study: Too much Netflix, not enough ‘chill’ Tuesday 3:36 PM
- Pete Buttigieg under fire for saying incarcerated Americans shouldn’t be allowed to vote Tuesday 2:54 PM
- Vine’s co-founder is beta testing a new app called Byte Tuesday 2:51 PM
- Report: Joe Biden’s first 2020 fundraiser will be with a Comcast executive Tuesday 2:49 PM
- Netflix’s ‘Sabrina’ appears to have an art-copying problem (updated) Tuesday 2:47 PM
- People are crying over these cats’ window-sill romance Tuesday 2:27 PM
- The ‘I’m baby’ meme is all about being comforted Tuesday 2:24 PM
- Parody video totally nails what men are like on Tinder Tuesday 1:57 PM
- Twitch star AriLove latest woman to be arbitrarily banned for ‘sexually suggestive’ attire Tuesday 1:47 PM
The FBI makes a great middlman between comapnies like Microsoft and the NSA.
Microsoft worked to provide the FBI with court-ordered user data after the company began using encryption for customers who used Outlook, according to newly-released documents first leaked by Edward Snowden.
Snowden, of course, is the former National Security Agency contractor who obtained a huge cache of agency documents and passed them to a handful of journalists, including Glenn Greenwald, in 2013. Among the earliest programs his documents revealed was PRISM, which allows the NSA to get emails, chats, and other files from targets who use any of nine different American tech companies, like Yahoo, Google, and Facebook.
Some of PRISM’s specifics are still sketchy, but U.S. officials have admitted it’s authorized by section 702 of the FISA Amendment Act. While most PRISM companies have explicitly and specifically denied working with the NSA to knowingly give the agency customers’ information, these documents contribute to the knowledge that the FBI played intermediary between the tecnology giant and the NSA.
Referencing Microsoft’s implementation of Secure Socket Layer (SSL) encryption for its customers who use Outlook, one newly-revealed slide—released as part of Glenn Greenwald’s recent document dump that coincides with his new book tour—says:
MS working with the FBI, developed a surveillance capability to deal with the new SSL. These solutions were successfully tested and went live 12 Dec 2012. The SSL solution was applied to all current FISA and 702/PRISM requirements.
A spokesperson for Microsoft declined to go on the record, but strongly rejected the implication in that document that the company had given encryption keys to the government.
In an earlier blog post responding to the PRISM program, Microsoft General Counsel Brad Smith wrote that when the company began using encryption as the default for Outlook users, it kept those encryption keys a secret, but still obeyed court orders for user information:
To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys. When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.
When news of PRISM broke, most of those nine companies denied knowingly worked with the NSA on the PRISM companies. Microsoft’s specific statement was:
[W]e provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.
Another PRISM slide makes it explicit that PRISM doesn’t have for a direct relationship with Internet companies, and that such a relationship is available “only through FBI.”
Clarification: This story has been updated with additional contextual information from Microsoft, as well as new language to make clear that Microsoft denies any attempts to hand over user data to the FBI without legal obligation.
H/T Matthew Keys | Image by Jason Reed
A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.