When we published our comprehensive guide to hiding your online activity from the NSA, we suggested you give Microsoft (and other big tech companies) a wide berth if your goal was privacy protection. Reports on Thursday about how the company allows the government to observe user data seem to have validated that paranoia. But how it shares data isn't clear. We decided to try and figure it out.
Micah Lee, the staff technologist with the Electronic Frontier Foundation who helped us put together our initial guide, conferred with us on the technical aspects of how the company might be letting the NSA access user data. We'll note: This is speculation—but speculation from someone well-suited to speculate.
The Guardian report describes the government's ability to see user emails:
Another [NSA] newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
("Encryption" refers to the process of digitally scrambling a communication.)
What's being referred to here is probably not HTTPS encryption—encryption between the user and the email server—Lee notes. That would require accessing your email before data is sent to Microsoft. Instead, Lee suggests that the NSA probably means that it has access to emails before they are encrypted for storage on the email server.
Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats.
A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."
The way this could work is fairly straightforward. A chat goes from one user to another through the Microsoft server. The surveillance capability likely necessitates a point at which the chat is decrypted on the Microsoft server, and stored or sent to the NSA for review. The language is unclear, as ZDNet notes; "capability to dael" with encryption may not be the same as "decryption." But it's clear: the NSA feels confident it can be read.
That point at which your message could be exposed is something Lee, in our guide to protecting your privacy, warned against. "The lesson to be had here is that, if you're using a service and you really need privacy, you need to make sure that the service doesn't have access to the plain text of your messages," he told us today.
He again recommended "peer-to-peer encryption"—encryption that only the two users in a conversation can unlock. Using a tool like Off-The-Record Messaging allows you to send peer-to-peer messages over messaging systems like AOL and GChat. If it worked with Outlook's web chat—which it doesn't yet seem to—you'd encrypt a message in OTR Messaging which Microsoft would then encrypt again to ship to its server. If the NSA is given access to the message, it would see it after Microsoft's encryption is removed—meaning they'd still see your scrambled, encrypted message. They couldn't do much with that. Not until it gets to the other user (who has your secret decrypting key) could it be decoded.
In its response to The Guardian's article, Microsoft made a point of noting that "Microsoft does not provide any government with blanket or direct access to … any Microsoft product." So how could surveillance like monitoring chats work?
It depends on how you define "direct access," Lee said. The companies that work with the government, such as Microsoft, likely have tools that allow for compliance that could be in near real time. "It isn't just giving intelligence agencies accounts on their servers to log in the way employees would," Lee speculates, "but automated systems to comply with requests." For example, if a targeted user sends a chat, that chat could be sent from Microsoft's servers to an NSA-viewable server immediately. The company could argue that this doesn't constitute direct access to the product. But again, this is speculation. How the NSA monitors real-time conversations isn't clear.
Bringing us to:
The Guardian lifts up the NSA's Skype developments in particular.
One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says.
Skype is simply the video and audio version of a web chat. You speak, it's encrypted and sent to Microsoft, Microsoft sends that on to the other participant. The point of weakness is, again, Microsoft. So how does the NSA peek in? Perhaps Microsoft ships decrypted conversations for certain users to the NSA. Or perhaps the NSA is streamed a live feed of a video conversation. As the NSA's clever pun suggests, there is some heavy processing happening as the NSA is trying to observe a conversation. If the conversation came as a complete, stored file, that sort of processing power seems superfluous. It's like adding a splitter to a hose. You still get the water you were expecting, but now it can be sent somewhere else, too.
Again: This is largely speculation. How Microsoft responds to government data requests—which require warrants or directives from a court—isn't clear. But Lee has a recommendation anyway. "Maybe," he says, "it would be a good time to stop using Skype and Outlook.com."