Microsoft issues the company’s strongest denials yet on direct National Security Agency links to its cloud servers.
In the wake of the National Security Agency ( NSA) Prism controversy, Microsoft wants to come clean on how it handles national security requests for user data. Citing a First Amendment right to release such information, Microsoft joined a chorus of other big tech firms in getting the official go-ahead from the U.S. government.
Now, Microsoft is signaling that its patience with Washington is wearing thin.
In a July 16 letter from Microsoft General Counsel Bradford L. Smith, the Redmond, Wash.-based software and cloud services giant made an appeal to U.S.
Attorney General Eric Holder “to get involved personally in assessing the Constitutional issues raised by Microsoft and other companies that have repeatedly asked to share publicly more complete information about how we handle national security requests for customer information.” He added that it will take the “personal involvement of you or the president to set things right” as the issues languish among the agencies tasked with settling the matter.
On June 14, John Frank, vice president and deputy general counsel for Microsoft, released some statistics in a blog post on the government’s requests for user data for the last half of 2012. “For the six months ended Dec. 31, 2012, Microsoft received between 6,000 and 7,000 criminal and national security warrants, subpoenas and orders affecting between 31,000 and 32,000 consumer accounts from U.S. governmental entities (including local, state and federal).”
According to Smith, the FBI denied Microsoft’s request to share more detailed information. So the company turned to the U.S.
Foreign Intelligence Surveillance Court in a motion filed on June 19. Smith, arguing that “we’re not making adequate progress,” wrote that nearly a month later, the government is still considering its response to Microsoft’s motion.
“This opposition and these delays are serving poorly the public, the government itself, and most importantly, the constitutional principles that we all put first and foremost,” Smith asserted. “It’s time to face some obvious facts,” he added, before reminding the attorney general that once-secret information is now in the public domain. Thus, concluded Smith, “There is no longer a compelling government interest” in preventing Microsoft and its fellow cloud services providers from sharing more information that “is likely to help allay public concerns.”
In the meantime, Smith took to the Microsoft on the Issues blog to address some of the other concerns that have arisen since Edward Snowden first thrust the NSA’s intelligence activities into the spotlight.
Weighing in on allegations that U.S. government intelligence agencies enjoy unrestricted access to user accounts on Microsoft’s popular online services, like Outlook.com and Skype, Smith wrote, “Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.”
He added that no “blanket or indiscriminate access” exists to Microsoft’s customer data.
What about enterprise customers of its email and cloud document storage services? Microsoft has “never provided any government with customer data from any of our business or government customers for national security purposes,” Smith said.
The company complied with only four criminal law enforcement requests involving business or government customers. In all cases, the customer was made aware and asked Microsoft to produce the data.
Finally, Microsoft claims that it does not undermine the security safeguards placed on its business cloud platform. “We do not provide any government with the ability to break the encryption used between our business customers and their data in the cloud, nor do we provide the government with the encryption keys,” stated Smith.