Even as it seeks more freedom to discuss how it turns over customer data to the government, Microsoft is revealing details that don’t violate laws meant to keep such transfers secret.
In a blog post yesterday, Microsoft General Counsel Brad Smith says:
= Microsoft does not provide direct access to Outlook.com emails or instant messages but does turn over content for specific accounts named in search warrants or court orders. “When we receive such a demand, we review it and, if obligated to we comply. We do not provide any government with the technical capability to access user content directly or by itself,” the post says.
= Outlook.com uses HTTPS to encrypt Outlook.com instant messaging as it travels across the Internet and does not provide tools or encryption keys to help the government decrypt that traffic. “When we are legally obligated to comply with demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency,” Smith writes.
= The government does not have direct access to customer information in Microsoft’s SkyDrive storage service. This year it has made changes to the procedures it uses to respond to requests for customer information to make it easier to handle an increasing volume.
“None of these changes provided any government with direct access to SkyDrive. Nor did any of them change the fact that we still require governments to follow legal processes when requesting customer data.”
= Microsoft moved its Skype peer-to-peer Internet-calling and instant messaging service infrastructure in-house to improve the technical back-end of the service. “These changes were not made to facilitate greater government access to audio, video, messaging or other customer data,” Smith says. “We will not provide governments with direct or unfettered access to customer data or encryption keys.”
= When the government wants emails and documents of Microsoft business customers that are stored in Microsoft clouds, the company recommends the government seek them from those customers directly. “We do not provide any government with the ability to break the encryption used between our business customers and their data in the cloud, nor do we provide the government with the encryption keys,” Smith writes.
In general, Microsoft doesn’t provide “direct and unfettered” access to customer data, he says, “Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.”
That means it turns over data for accounts and identifiers specified by the legal requests, all of which Microsoft lawyers review to make sure they are valid, he says.
Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at firstname.lastname@example.org and follow him on Twitter@Tim_Greene.