Microsoft Subnet An independent Microsoft community View more

How much privacy will you have with Microsoft's 'family of devices'?

After collaborating with NSA and FBI to offer surveillance for Skype, SkyDrive, Outlook.com, even circumventing its own encryption, how much privacy will you have with Microsoft's upcoming 'family of devices'?

Windows may only be a "shell" now, said six different times by Steve Ballmer as he revealed a new strategy for Microsoft that revolves around a "family of devices." The company will "design, create and deliver through us and through third parties a complete family of Windows-powered devices," which will include "a full spectrum of both partner and first-party devices. Our family will include phones, tablets, PCs, 2-in-1s, TV-attached devices and other devices to be imagined and developed."

What good is a door lock if the manufacturer first hands out a master key to law enforcement? What good is a promise that your privacy is a top priority by a company that provides free spying to law enforcement? What good is encryption if PRISM capabilities allow intelligence agencies to collect your emails, such as those from Outlook.com, Hotmail or Live, before they are encrypted? What do you have to look forward to with Microsoft's upcoming "family of devices?" Surely there will be government surveillance backdoors on all.

Your privacy is very important to Microsoft, the company alleges, as it used privacy for a battleground to slam Google. For example, during its anti-Google campaign called 'Scroogled,' Microsoft launched a privacy petition to stop Google from scanning "every word of every email" to serve up relevant ads. The Redmond giant pointed out that "there's no way to opt out of this invasion of your privacy." But, thanks to documents provided by Edward Snowden, we know that there is no way to opt out of Microsoft practically handing all your emails directly to intelligence agencies. It's more than email; what you store on SkyDrive and what you do over Skype is not private. Is that not also an invasion of your privacy?

After reviewing top-secret PRISM documents obtained by Snowden, The Guardian reported that Microsoft collaborated with intelligence agencies and even helped the NSA circumvent Microsoft's own encryption, so the government could conduct surveillance through the company's products.

  • Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;
  • The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;
  • The company worked with the FBI this year to allow the NSA easier access via PRISM to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
  • Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;
  • In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through PRISM;
  • Material collected through PRISM is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".

In fact, one document dated a year ago, in July 2012, claims that monitoring of Microsoft-owned Skype now includes video chats. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'."

Another document, dated April 2013, claims the FBI worked "for many months" with Microsoft "to allow Prism access without separate authorization to its cloud storage service SkyDrive."

Microsoft said it does not provide "blanket" or "direct" access to "any government" for all its products, but only provides customer data "in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers." The company added, "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands."

Yet Microsoft has a long history of spurning users' privacy in favor of assisting law enforcement and intelligence agencies obtain private user data. For example, Microsoft—unlike other tech giants—does not charge the government even a penny for surveillance of its users. Besides spying on its users for free, the Redmond giant offers the computer forensic software COFEE for free to law enforcement; COFEE assists LEA in extracting private data from Windows computers.

Regarding the future of Microsoft, Ballmer promised that "Going forward, our strategy will focus on creating a family of devices and services for individuals and businesses that empower people around the globe at home, at work and on the go, for the activities they value most."

I suppose privacy is not usually described as an activity, but don't expect to have any privacy in Microsoft's cloud and "family of devices." Microsoft may offer privacy features to users in its upcoming family of "phones, tablets, PCs, 2-in-1s, TV-attached devices," but not before making sure those features are cracked to assure they are not kept private from intelligence agencies. After all, Microsoft isn't "absolved from the need to comply with existing or future lawful demands," so how could any new products not come with built-in backdoors to assist in surveillance by intelligence agencies?

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.