Press "Enter" to skip to content

NSA/PRISM Mess–Yahoo Wins & Microsoft Loses

I’m beginning to rethink Yahoo, just as I reappraised my feelings on the old Novel after they went to bat against SCO for the benefit of IBM and Linux.

On Monday, the Sunnyvale, California company pulled a honest-to-goodness rabbit out of the hat when they managed to persuade a FISA court to order the Obama administration to declassify as much as possible of a 2008 court decision justifying Prism before releasing it to the public.

Yahoo’s victory came one day before Microsoft went into damage control mode by denying allegations revealed by the publication last Thursday of documents leaked to the Guardian newspaper and website.

As reported on FOSS Force, the Guardian reported that Microsoft had helped the NSA “circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal.” In addition, “The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail.” In other words, according to the Guardian it would appear that Microsoft was going well beyond mere legal obligations in their dealings with the NSA.

Yesterday we learned from Grant Gross at PCWorld that Microsoft is denying these allegations. The denial came from Microsoft General Counsel Brad Smith writing in a blog post. He summed-up his points in a bullet list near the end of the post:

  • Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.
  • If a government wants customer data – including for national security purposes – it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.
  • We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction – fractions of a percent – of our customers have ever been subject to a government demand related to criminal law or national security.
  • All of these requests are explicitly reviewed by Microsoft’s compliance team, who ensure the requests are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order.

YahooEvidently Brad Smith was having a busy day yesterday and getting tons of press coverage to show for it. We learned from Reuters of Mr. Smith’s written request to U.S. Attorney General Eric Holder, asking for permission to disclose how Microsoft treats requests for customer data from government agencies.

This isn’t really news but is an ongoing dance with many tech giants on the floor:

“So far, the U.S. government has restricted what companies can say under about the requests under the highly secret Foreign Intelligence Surveillance Act. Last month, it allowed the disclosure of aggregate numbers of requests for customer data, but not the breakdown of the split between surveillance and crime-related requests.

“Microsoft and Google Inc, along with Apple Inc, Facebook Inc and other U.S. tech leaders are scrambling to assert their independence after documents leaked to the Guardian suggested they gave the U.S. government “direct access” to customer accounts as part of a National Security Agency (NSA) program called Prism.”

[yop_poll id=”21″]

One of those “other U.S. tech leaders” is Yahoo, surprisingly the only player looking like a good guy in this mess. We first told you on June 21 that Yahoo was the only tech company that attempted to appeal a FISA order and convince the courts that the NSA was going too far. It’s been reported that the loss of this appeal was the reason why Google and others didn’t seek legal remedies but caved-in to the NSA’s demands.

The news that a FISA judge has now sided with the Sunnyvale web portal and is ordering the release of documents surrounding their 2008 appeal comes as welcome relief and may be a sign that the carte blanche authority handed to the NSA and the CIA by the Bush administration in the aftermath of 9/11 and continued by Obama and his pals might now be coming to an end.

The ruling was handed down Monday by Judge Reggie B. Walton. As noted by the Washington Post, it comes at a time when “the court is bristling at suggestions that it effectively rubber-stamped a government surveillance effort…” The ruling gives the administration just two weeks to report back to him with information on how long it’ll take to release the documents with redactions for items that should remain classified.

Yahoo, of course, expressed happiness with the court’s decision:

“‘We’re very pleased with the decision by the Foreign Intelligence Surveillance Court (FISC) ordering the government to conduct a declassification review of the Court’s Memorandum of Opinion of April 25, 2008, as well as the legal briefs submitted,’ Yahoo said Monday in a statement. ‘Once those documents are made public, we believe they will contribute constructively to the ongoing public discussion around online privacy.'”

We’re expecting to see this story rapidly develop from this point forward. Just as we’re seeing Microsoft going into damage control mode, we’re expecting to see the same from Washington. Obama is not going to want to see his policies result in a severe economic downturn in the tech sector, especially one involving foreign trade, even if those policies were originally implemented by Bush/Cheney.

One Comment

  1. Dave Bean Dave Bean July 21, 2013

    Corporate Data Collection Threatens Everyone:

    To claim that confessing to sharing our personal information from their database as harvested by possible bad guys is better than not publishing the sharing of our data collection, seems a non-point.

    As has happened in Syria and Iran, among many nations, personal info is hacked from Social Media databases by bad guys whether shared or not. Fact is our information is shared nearly 100% of the time anyway, and now Yahoo and Google will verify that.

    I suggest they stop collecting our private and personal info entirely without a warrant. Erase all searches immediately, or understand that Tech information collection is the problem, not just governments accessing that collected info.

    From Yahoo News: “Syrian state television claimed that a pro-government group hacked into two social messaging networks and seized records of local users. That could expose Syrian rebels and other activists who depend on the networks to publicize army crackdowns on their hometowns and communicate with each other. Many telephone landlines and cellphones in Syria are assumed to be tapped.”

    Close the data-bases completely. If not, admit it is tech profiteers who allow and support this. Stop blaming the NSA for something so unconstitutional, yet Google, Twitter, and many others are doing the same thing for-profit.

    It seems like basic logic to understand that’s where the problem started and only there can it be stopped. Do you think that if Syrian Social Media posted who was hacked like Yahoo is offering six-months or more after the fact, that it would make any real difference to the opposition forces who were targeted through their Social Media? Most of them are probably dead now.

Comments are closed.

Breaking News: