NSA leaks hint Microsoft may have lied about Skype security

0
273

Microsoft may have misled millions of Skype users around the world by making claims last year that have since been contradicted by intelligence leaked by former NSA contractor Edward Snowden.

National Security Agency documents leaked by Snowden to the
Guardian and Washington Post last week have grabbed the attention
of Americans concerned over the NSA’s blanketing surveillance of
communications involving United States citizens. The NSA is
regularly retaining the phone records for millions of Verizon
customers, the documents revealed, and a separate program called
PRISM allegedly lets federal investigators access Internet use
information for customers of the biggest online services. One of
those documents, a slideshow examining how the NSA has access to
conversations conducted over nine major Internet services, may
have caught Silicon Valley giant Microsoft in a lie.

Ryan Gallagher of Slate noted this week that one of the slides
cited by the Washington Post was labeled a “User’s Guide for
PRISM Skype Collection,” suggesting that the NSA has in place a
method for eavesdropping on conversations conducted over the
popular Web client acquired in 2011 by Microsoft.

According to the slide, NSA agents can listen in or watch Skype
chats “when one end of the call is a conventional telephone
and for any combination of ‘audio, video, chat, and file
transfers’ when Skype users connect by computer alone
.”

This piece of information is significant for a number of
reasons
,” wrote Gallagher, but the most crucial perhaps is
how it compares to Microsoft’s remarks last year. As RT wrote in
2012, Microsoft was awarded a patent that summer that provides
for “legal intercept” technology that allows for agents to
silently copy communication transmitted via the communication
session
” without asking for user authorization.

At the time, Gallagher was one of the most critical reporters
examining the patent, and grilled Microsoft relentlessly to see
if this meant that a program previously considered
highly-encrypted and tough to crack could provide a backdoor to
government agents at the drop of a hat. However, Skype Corporate
VP of Product Engineering & Operations Mike Gillet also
explained to ExtremeTech.com that the company was making changes
in its infrastructure, but that they were being done to
improve the Skype user experience.”

Skype rejected the charge in a comment issued to the website
Extremetech, saying the restructure was an upgrade and had
nothing to do with surveillance
,” Gallagher wrote at the
time, “But when I repeatedly questioned the company on
Wednesday whether it could currently facilitate wiretap requests,
a clear answer was not forthcoming. Citing ‘company policy,’
Skype PR man Chaim Haas wouldn’t confirm or deny, telling me only
that the chat service ‘co-operates with law enforcement agencies
as much as is legally and technically possible
.’”

This week, Gallagher revisited the issue and explained how
Microsoft’s explanation last year is now under fire thanks to NSA
leak. Gallagher recalled that Microsoft was driven to releasing a
transparency report last year, in which a significant chunk was
set aside solely for details on settling requests for Skype data
made by law enforcement.

The report devoted an entire section to Skype and claimed
that in 2012, it hadn’t handed any communications content over to
authorities anywhere in the world. Microsoft also said in notes
accompanying the transparency report that calls made between
Skype-Skype users were encrypted peer-to-peer, implying that they
did not pass through Microsoft’s central servers and could not be
eavesdropped on – except maybe if the government deployed a spy
Trojan on a targeted computer to bypass encryption
,”
Gallagher wrote.

Now enter the “User’s Guide for PRISM Skype Collection” slide,
and the story is much different. “That the NSA claims to be
able to grab all Skype users’ communications also calls into
question the credibility of Microsoft’s transparency report –
particularly the claim that in 2012 it did not once hand over the
content of any user communications
,” Gallagher wrote.
Moreover, according to a leaked NSA slide published by the
Post, Skype first became part of the NSA’s PRISM program in
February 2011 – three months before Microsoft purchased the
service from U.S. private equity firms Silver Lake and Andreessen
Horowitz.”

In a statement emailed from Microsoft to Slate, the company said
it “went as far as it was legally able in documenting
disclosures in its Law Enforcement Requests Report
” and that
there should be greater transparency on national security
requests and Microsoft would like the government to take steps to
allow companies to do that
.”

Microsoft’s statement came the same week that one of their
largest competitors, Google, pleaded with the government to let
them provide more details in their regular transparency reports
published online. In a letter sent to US Attorney General Eric
Holder and Federal Bureau of Investigation Director Robert
Mueller on Tuesday, Google asked the Obama administration to
allow it to share more information.

Google’s numbers would clearly show that our compliance with
these requests falls far short of the claims being made
,”
said David Drummond, Google’s chief legal officer. “Google has
nothing to hide
.”

During testimony made Thursday morning before Congress, Mueller
said the NSA leaks attributed to Snowden “have caused
significant harm to our nation and to our safety
” and that
the FBI and Justice Department will take “all necessary steps
to hold the person responsible
.” Meanwhile, US Reps. John
Conyers (D-Michigan) and Justin Amash (R-Michigan) plan to
propose legislation this week that would require that the
government provides “specific and articulable facts
before it requests phone records of US citizens.

This article originally appeared on: RT