"Your privacy is very important to us," Microsoft is fond of saying. But if a former Microsoft Privacy Chief no longer trusts Microsoft, should you?
Bowden's statements were made during a conference about privacy and surveillance that was held in Lausanne, Switzerland, and reported on by the Guardian. At one point, Bowden's presentation slide showed a "NSA surveillance octopus" to help illustrate the evils of surveillance in the U.S. cloud; but this was not a PowerPoint presentation. He was using LibreOffice 3.6 because he doesn't trust Microsoft software at all anymore. In fact, he said he only uses open source software so he can examine the underlying code.
An attendee pointed out that free software has been subverted too, but Bowden called open source software "the least worst" and the best option to use if you are trying to avoid surveillance. Another privacy tip...the privacy pro also does not carry a personal tracker on him, meaning Bowden gave up on carrying a mobile phone two years ago.
No privacy in the cloud: zero, zippy, none
According to Bowden, "In about 2009 the whole industry turned on a dime and turned to cloud computing - massively parallel computation sold as a commodity at a distance." He said, "Cloud computing leaves you no privacy protection." However, "cloud computing is too useful to be disinvented. Unlike Echelon, though, which was only interception, potentially all EU data is at risk. FISA (Foreign Intelligence Surveillance Act) can grab data after it's stored, and decrypted."
Bowden authored a paper about "the U.S. National Security Agency (NSA) surveillance programs (PRISM) and Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens' fundamental rights." While it mostly dissects how "surveillance activities by the U.S. authorities are conducted without taking into account the rights of non-U.S. citizens and residents," it also looks at some "serious limitations to the Fourth Amendment for U.S. citizens."
"The thoughts prompted in the mind of the public by the revelations of Edward Snowden cannot be unthought. We are already living in a different society in consequence," Bowden wrote [pdf]. He again pointed out the dangers to privacy in cloud computing. "The scope of FAA creates a power of mass-surveillance specifically targeted at the data of non-U.S. persons located outside the U.S., including data processed by 'Cloud computing', which eludes EU Data Protection regulation."
Data can only be processed whilst decrypted, and thus any Cloud processor can be secretly ordered under FISA 702 to hand over a key, or the information itself in its decrypted state. Encryption is futile to defend against NSA accessing data processed by US Clouds (but still useful against external adversaries such as criminal hackers). Using the Cloud as a remote disk-drive does not provide the competitiveness and scalability benefits of Cloud as a computation engine. There is no technical solution to the problem.
He concluded that there is an "absence of any cognizable privacy rights for 'non-U.S. persons' under FISA."
Microsoft's strategy: Grind down people's privacy expectations
It was Bowden's position over privacy policies for Microsoft that makes his point of view important. This man, a privacy expert, no longer trusts Microsoft as a company, nor its software. Yet Microsoft (and most all other companies) love to publicize the quote, "Your privacy is very important to us." But does Microsoft really care about your privacy?
During an interview with Bowden, the London School of Economics and Political Science (LSE) asked, "Do you think the general public understands how much privacy they have in the digital world?"
Bowden replied, "There's been a grinding down of people's privacy expectations in a systematic way as part of the corporate strategy, which I saw in Microsoft."
Regarding the Guardian's report that Bowden does not trust the Redmond giant, Microsoft sent this PR-damage control statement to CNET:
"We believe greater transparency on the part of governments - including the U.S. government - would help the community understand the facts and better debate these important issues. That's why we've taken a number of steps to try and secure permission, including filing legal action with the U.S. government."
About that transparency...LSE asked Bowden, "What's your view on the transparency policies of tech-companies?"
Bowden replied, "It is purely public relations strategy - corporate propaganda aimed at the public sphere - and due to the existence of secret mass-surveillance laws will never be truly transparent."
Like this? Here's more posts:
- Wickr: Free texting app has military-grade encryption, messages self-destruct
- IE zero-day attacks to ramp up: Metasploit releases module
- Ctrl+Alt+Del 'was a mistake' admits Bill Gates, who said 'no' about returning as CEO
- Report: NSA tracks and maps American citizens' social connections
- Researchers develop attack framework for cracking Windows 8 picture passwords
- Microsoft warns of IE zero day in the wild, all IE versions vulnerable
- Been groped by TSA agents? Former DHS official implied privacy advocates are to blame
- F-Secure's Mikko Hypponen: George Orwell was an optimist
- Cautionary tales: Teen beauty queen and baby spied on via hacked cameras
- Microsoft Research: Secret tags in 3D-printed objects, hooked to the Internet of Things
- Gmail is the preferred email service of terrorists, claims former NSA chief
- ACLU: FBI has '20 separate records' for every adult and child in the USA
Follow me on Twitter @PrivacyFanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited