Microsoft, Security and the NSA


New from The Guardian:

Microsoft has collaborated closely with US intelligence services to allow users’ communications to be intercepted, including helping the National Security Agency to circumvent the company’s own encryption, according to top-secret documents obtained by the Guardian.

…The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’,” it says.


Don't get your knickers in a twist: Why would anyone think there was ever a postal monopoly?

Won't the list be shorter or who wasn't involved with this?
And boy this is sure cheaper than lobbying for more H1B visas.

To Microsoft, Facebook, et al, PRISM is part of lobbying for more H1B visas. Lower wages for software engineers are part of Washington's payoff to Bill Gates, Mark Zuckerberg, and so forth.

Once the intelligence community regards you as an important contractor, hiring non-citizens gets harder, not easier.

This times a thousand. Enjoy trying to get security clearances for Indian nationals.

My understanding from job discussions I had while my citizenship was still an issue was that prior to September 11th the defense or intelligence community could pull strings and make things happen for sufficiently important immigrants (and the right kind of engineer counted), but that after September 11th that got a lot harder to do.

"Im made of metal
My circuits gleam
I am perpetual
I keep the country clean"

Electric Eye - Judas Priest

Surely it's "Your ^lack of^ privacy is our priority"

Front page news for 40 million poor americans: no more food stamps, but no cuts for $200bn in subsidies for rich farmers.

Front page news for libertarians: they're reading my e-mail!

Economic woes and problems may fluctuate in course of years

... sorry, unfinished comment ...

but damage on civil liberties is usually permanent. Talk about short-sightedness, man.

At the risk of Godwinizing the thread, Hitler gave people jobs and vacations. At first. What followed, wasn't so nice.

If government reads your e-mails, does it send a message to you that they consider your person basically their property?

There's not a lot of "fluctuation" in the farm bill--it's been subsidizing farmers for decades. That said, deciding whether to be outraged about farm subsidies or civil liberties is the ultimate false dichotomy.

Continuing the offtopicness: Is opposition to the farm bill and the general concept of farm subsidies now at an all-time high (despite not being able to stop this year's bill in the House)? I am in my mid-20s, so I don't know how much this was debated in, say, the 90s. But with the urban-rural coalition fractured more than ever, are we nearing the point where subsidies start getting rolled back?

MW: If only it were possible to care about more than one issue at a time.

It seems like all the universities now use Microsoft for their student and faculty email. Both my undergrad and now my grad school (gmu) use microsoft. Students really should protest the use of Microsoft by universities for email.

Mine uses Google, although they probably aen't too trustworthy either. I wonder if this is going to affect the adoption of cloud computer services.

Do you really think there's some clean alternative?

Alex's scare article is about Skype, not about your university's Exchange server.

Right, because I'm sure Microsoft stood firm against the NSA in protecting the Exchange server software.

Oh, I love the irony. An anti-intellectual property professor named Alex T is concerned with privacy. But professor, don't we just love open information? We're on the declining side of IP-Laffer curve, no? Or perhaps Alex favors trade secrets over intellectual property? LOL. As for me, it's well known that HTTPS can be read at the server by anybody. It only prevents eavesdropping *between* servers (i.e., a man-in-the-middle), not *at* the server. All of your emails can be read by a punk at your ISP server or recipient server if he or she wants to...and I've seen them do it just as a bragging right to show me that it can be done. Nothing new here.

Everybody is now talking about patent trolls. Do you have any ideas other than the tautology that by definition a good, yet untried, patent system would be nice?

Just because people can do something doesn't mean they should. People could read your snail mail, and shouldn't. Just because electronics makes things easier.

I'd bet Alex does not advocate stealing trade secrets.

I have lots of ideas on a better IP system, and this is not the place to share them; for one I doubt anybody here who does not have my expertise would understand or appreciate them. As for reading snail mail, it's a lot harder than reading email. Imagine having to intercept a letter, unseal it, etc. But with electronics it's easy. Finally, I bet Alex does advocate stealing trade secrets--I'm almost positive he does. I recall Alex was in favor of (and I think--without Googling it, he was an expert witness for Canada?'s law on this) not strictly or rigidly enforcing non-compete employee agreements. These are typically used so a new employer 'steals' trade secrets from a departing employee. By *not* enforcing rigidly these non-compete agreements, you essentially allow trade secrets to be stolen. Thus Alex is for lax enforcement of these non-competes...OK let me Google it...OK could not find it...OK I found was an email to me (I love how MR authors will sometimes engage you in private email...flatters the ego)... here is Alex "FYI, one argument against patents is that trade secrecy is enough. Another argument is that any secrecy is bad. I fall more towards the first than the second although I have argued that CA's no labor restriction policy has been good.". So there you have it. Alex T advocates (indirectly, and legally) stealing trade secrets. Case closed.

So Alex is able to differentiate between personal data and non-personal data. Where do you see irony?

And then you don't see the difference between individual admins rummaging through their servers for fun and the large-scale spying effort of the NSA, correlating data on millions of users across major providers?

SSL or TLS is end to end encryption, from your browser to a web server. If you are in control of one of the endpoints, the encryption can't possibly help. But it's still worthwhile for getting security against attackers who haven't compromised an endpoint.

Wow, it's like there might be some nuance beyond "all information in the entire world should be totally open to every person" and "all information in the entire world should be completely locked down as tightly as possible."

In the same way that people can be "pro a reasonable level of taxation" and "anti theft," or "for a military that uses lethal force in defense of the nation" but "anti murder," it is entirely reasonable to be "pro privacy from the government absent reasonable targeted suspicion" but "anti ultra-strong patents."

If you fail to understand this, the problem is you.

If you want to keep current on security and privacy (or the lack thereof), I recommend:

So, SELinux still OK?

And no, I only used it for a few weeks back when it was SuSE - too locked down to be useful in my lax daily routine.

There remains my pre-2001 uranium hexaflouride DC local call tale involving Bell Atlantic and a repair crew, a conversation with a GMU professor involving GMU bioweapon defense center in Prince William County - he not mangling the name of Ken Alibek, though I certainly did using the defector's previous last name of 'Alibekov' ( ) - followed by an interrupted banking telemarketing session? They weren't as smooth back then, though no blame on Microsoft's part - no telecommunications company would ever use any of its products in network operations - SELinux? Maybe.

No need to go into much detail - just a couple of the words in this comment alone are enough to put a couple of undying flags in a few databases.

Welcome to the country that talks obsessively about 'freedom.'

I've been a little surprised that there's not been much discussion in the economics blogsphere about the NSA disclosures. It seems to be a topic ripe for for the application of economic concepts. For example, Bayes Theorem suggests that for PRISM, the ratio of false positives to true positives could be as high as a million to one. Even if only 1% of those false positives need to be investigated by an FBI agent, there's a problem in regards to incentives for the agent. There would be 10's of thousands of people who would need to be investigated. The job security of the agents investigating these people is probably dependent upon their arrest rate. Therefore, the agents could have a strong incentive to find anything in order to bring criminal charges on many of these innocent people. As far as the NSA database is concerned, there's non-rivalry in consumption and no marginal cost to gain extra value from the data by using it for political blackmail. Wouldn't it be naive under such circumstances to believe that it'll never be used for such a purpose? Former NSA whistle blower Russell Tice has said the NSA conducted surveillance on then Senators Clinton and Obama and on Supreme Court Justice Alito.

The NSA databases will DEFINIETLY be used for all sorts of nefarious purposes. There cannot be any doubt in this.

Even more interesting, think about the relevance of surveillance capabilities to the Efficient Markets Hypothesis: you can only beat the market if you have inside information.

This goes along with that I was saying in another post, especially if you appreciate the fact that most of the actual work in building this database and conducting surveillance is being carried out by private contractors who are free to do all sorts of dirty work either on behalf of the government or themselves.

From whom do I collect what I'm owed regarding Holder?

Any takers?

Does this guy have pictures of everyone? Oopsie! He does now!

What a bluff of secret documents leakage. Any example of how the surveillance system is used? Is it real-time or just access Microsoft's sky drive data? Applied to everybody or just individuals with previous records and/or NSA established red flags? Under which circumstances the system is launched? Any record of misuses? The Guardian article is as informative as any conspiracy blog.

PS. I would rename the post title as "NSA, security and Microsoft".

Love the Internet, somewhere 5 years ago.

The new FISA compromise: it’s worse than you think.

FISA Amendments Act of 2008

It didn't end on Dec 2012, in 2011 got an extension until June 1, 2015. So, everybody was distracted with Lehman Brothers and real state bubble when this happened? Why the blogosphere seems to be surprised by Snowden's "leak"?

Formal confirmation of what we have long suspected was going on, which contradicts on the record statements by various important people, is quite valuable. For example, the talking point that all eavesdropping is done under the supervision of the FISA court kind-of falls apart when you see that the FISA court was making blanket authorizations for gathering data about millions of people.

Is that Nick Gillespie in the picture?

One of the numerous problems that is associated with Big Data. I predict more to come.

Comments for this post are closed