Newly released documents reveal the depth of collaboration between Microsoft and the National Security Agency in collecting data from the company’s users, including communications and documents sent or accessed over Outlook.com, SkyDrive and Skype. They also show that Microsoft worked with the NSA to break the company’s own encryption, ensuring the fullest possible access for the agency.
The latest files, provided by whistleblower Edward Snowden and reported in the Guardian, come from the the Special Source Operations (SSO) division. The SSO overseas all programs that target US telecommunications via corporate partnerships, of which Prism, exposed by Snowden last month, is just one.
What has been released so far reveals how Microsoft in particular worked with the US intelligence apparatus to provide full access to all documents and messages of the company’s users. The NSA referred to the program as a “team sport.”
Microsoft—which boasts the slogan is “your privacy is our priority”—was reportedly involved in the Prism program to provide NSA data since 2007, the year the program began. While Microsoft claims that it only submits to “legal processes” initiated by the government, it does not specify what those are. Such a vague statement could mean anything, especially since it is now known that the NSA operates under a set of laws secretly overseen and interpreted by the Foreign Intelligence Surveillance Court.
According to the documents, a major project between Microsoft and the NSA involved handing over the data passing through Outlook.com, Microsoft’s primary email client, which includes Hotmail. Last July, the NSA became concerned that it would be unable to intercept the encrypted messages being passed through Outlook’s chat service. In response, Microsoft worked with the agency to break its own encryption.
A document from 26 December 2012 states: “MS [Microsoft], working with the FBI, developed a surveillance capability to deal” with the need to bypass Outlook’s encryption. “These solutions were successfully tested and went live 12 Dec 2012.” This was a full two months before Outlook.com went live to the public.
At the time, the NSA already had full, unencrypted access to all emails sent via Outlook.com. “For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption,” the documents state. The only difficulty was collecting email aliases, which can make tracking specific people slightly more difficult. However, as one entry states, “The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand” this feature and overcome it.
Microsoft’s collusion with the NSA also extends to the SkyDrive cloud storage service introduced last year, which now houses documents of 250 million users and is fully integrated into Windows 8 and the latest Office suite. The company worked “for many months” with the FBI to allow Prism full access to the service without any separate or special authorization.
This means, according to a document dated April 8, 2013, “that analysts will no longer have to make a special request to SSO for this—a process step that many analysts may not have known about”.
In other words, every analyst at the NSA has full and easy access to everything that is on SkyDrive. This includes essentially every file that is generated in Microsoft Word, Excel, and other office programs on a Windows 8 machine, which automatically “backs up” everything to the SkyDrive.
In the words of the NSA, “this new capability will result in a much more complete and timely collection response” of the data of Microsoft users. The agency then applauded Microsoft: “This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established.”
The NSA has also worked intensively with Skype, both before and after it was bought by Microsoft, to gain access to the text, audio and video communications of Skype’s estimated 800 million users. Despite its denials, Skype does appear to have the ability to collect all the information and data from all calls and hand them over to the US government. This throws into question denials of other companies, such as Facebook, Google and others, on the same question.
According to the files, the NSA began working on integrating Skype into Prism in November 2010 but didn’t succeed until February 4, 2011. Two days later, it began full audio communications interception. “Feedback indicated that a collected Skype call was very clear and the metadata looked complete,” reads the initial reports on collected Skype calls.
Now, even video communications are collected. “The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete ‘picture’”, bragged one NSA file from July 14, 2012, when the NSA tripled its ability to collect Skype video communications.
These revelations underscore the extent to which the government has relied on, and received the active assistance of, giant companies that control much of the Internet and telecommunications systems. Through relations with these corporations—including Microsoft, Apple, Google, Facebook, Yahoo!, AOL, Verizon, AT&T, and others—the government has been able to tap into the Internet backbone, collect online communications, and gather the phone records of hundreds of millions of people.
These companies are all part of a state, intelligence and corporate nexus that has been engaged in the systematic and illegal violation of the democratic rights of the population of the United States and the world.