I have to agree Microsoft needs to get out in front of this immediately. I recently had a conversation with a coworker who described the fear she had using her new computer. She used words like worrying, uneasy, and dirty feeling.
Also.
>The company said it responds only to orders for "specific accounts and identifiers," and never provides "blanket or indiscriminate access to Microsoft's customer data"
Does not mean they did not provide the mechanism to access encrypted data in transit.
I think that's exactly what is said at http://blogs.technet.com/b/microsoft_on_the_issues/archive/2... : "Recent leaked government documents have focused on the addition of HTTPS encryption to Outlook.com instant messaging, which is designed to make this content more secure as it travels across the Internet. To be clear, we do not provide any government with the ability to break the encryption, nor do we provide the government with the encryption keys."
Nah. The third option is that both are telling the truth.
Microsoft doesn't do end-to-end encryption so it can be forced to turn over the cleartext. (Skype calls go through MS servers in unencrypted form, and Outlook/Hotmail messages are stored in cleartext.)
Don't forget the possibility that collaboration is on a "need-to-know" basis internally within Microsoft, and/or that the data is being captured by agents or coercion at the data center level.
I suspect you've been watching too many spy movies. If a Microsoft employee surreptitiously "captured" user data when asked by the NSA, he would be guilty of multiple federal felonies and subject to significant civil liability. I suppose if this were a movie, the president would secretly pardon him, or he'd get a new identity under the witness protection program or something, but, alas, this is not fiction.
Microsoft's deputy general counsel and VP John Frank has a top secret security clearance. So do at least three of its attorneys -- all those clearences were granted by FedGov precisely so the company could respond to legal requests.
Surely government institutions would never break their own rules, or lie to anyone?
To be clear, I'm not saying anything is true or not. I'm just saying we shouldn't rule anything out. It's possible that some of the tech companies are themselves partially or fully in the dark.
Government institutions frequently break their own rules, lie, and violate the law.
I suppose anything's possible, in some abstract sense, but we're talking about reality here, which excludes some more creative theories. And, alas for screenwriters, there is precisely zero evidence to support your "in the dark" theory. :)
> Does not mean they did not provide the mechanism to access encrypted data in transit.
they are required , by the law , to deny any involvement with the NSA if caught. They are required to lie ,by the law. So at this point you cant believe anything they say.
Also.
>The company said it responds only to orders for "specific accounts and identifiers," and never provides "blanket or indiscriminate access to Microsoft's customer data"
Does not mean they did not provide the mechanism to access encrypted data in transit.