bjoernvold.com

Microsoft has officially responded to the revelation of Prism surveillance. The fact that they feel the need to do this would indicate that they are uncomfortable with the situation. But given the secrecy in the matter - it is very limited what they can say and probably very limited what people will believe. Microsofts references to their principles are almost irrelevant, because they do not matter when the government instructs them.

In response to an article in the Guardian on July 11, Microsoft issued the following statement:

“We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues.

First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes. Second, our compliance team examines all demands very closely, and we reject them if we believe they aren’t valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate. To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product.

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.”

While concerns about national security and criminal activity may justify the exceptional and narrowly-tailored use of surveillance programs, surveillance without adequate safeguards to protect the right to privacy actually risk impacting negatively on the enjoyment of human rights and fundamental freedoms

“When we are legally obligated to comply with [government] demands, we pull the specified content from our servers where it sits in an unencrypted state, and then we provide it to the government agency.”