Microsoft turned over more data than thought to NSA – report

The Guardian offered new revelations on Thursday of how much tech companies — Microsoft in particular — helped the National Security Agency in its massive data collection effort aka PRISM.
The latest disclosures outlined by the Guardian, citing NSA-leaker Edward Snowden, are that:

  • Microsoft helped the NSA circumvent encryption in order to address concerns that the agency would be unable to intercept web chats on the new portal;
  • The agency already had pre-encryption stage access to email on, including Hotmail;
  • The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;
  • Microsoft also worked with the FBI’s Data Intercept Unit to “understand” potential issues with a feature in that allows users to create email aliases;
  •  Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio;

With these disclosures we’re back through the looking-glass. Ostensibly, tech companies are not able to disclose if they’ve been asked for or furnished information under the PRISM program. I’ve reached out to Microsoft for comment and will update if it’s forthcoming.
Update: Microsoft responded with a prepared statement, outlining the principles that guide its response to government demands for customer data for law enforcement or national security purposes.

“ First … we provide customer data only in response to legal processes.  Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid.  Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate. To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive,, Skype or any Microsoft product.  Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely.  That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.”

The Guardian quoted a Microsoft statement:  “When we upgrade or update products we aren’t absolved from the need to comply with existing or future lawful demands.”
This report was updated at 1:20 p.m. PDT with a Microsoft statement.