Survivalist News Network

Suspicious of NSA spying, Microsoft moves to encrypt Internet traffic – report

Microsoft is moving to encrypt its Internet traffic based on assumptions the National Security Agency has broken into its internal global communications systems as it did with Google and Yahoo, according to sources familiar with the plans.

Microsoft’s suspicions that the NSA is intercepting traffic  within its private networks were heightened in October, when it  was reported such intrusions have happened to Google and Yahoo,  which have similar global infrastructures. Sources close to  Microsoft’s deliberations told The Washington Post top executives  at the company are to meet this week to decide what encryption  initiatives will take place.

The Post reports two previously unreleased slides obtained via  former NSA contractor Edward Snowden suggest the company is  rightly concerned.

The slides on the operations on Google and Yahoo networks also  reference Microsoft’s Hotmail and Windows Live Messenger. Another  NSA email mentions Microsoft Passport, a web service no longer  offered by Microsoft, as another potential target of the  surveillance program called MUSCULAR.

Microsoft officials said they don’t have independent verification  such surveillance of their internal data centers is occurring,  though the company’s general counsel Brad Smith said Tuesday that  such revelations would be “very disturbing” and a  violation of constitutional rights.

Encryption efforts of such a scale would put Microsoft in the  same league as Google, Yahoo, Facebook and other tech giants that have reinforced security defenses  amid the cascade of secret NSA programs coming to light – some  the companies have legally participated in with the NSA.

Experts tell The Post such investments in encryption will hamper  surveillance – by governments, private companies and hackers  alike – for years. These technology efforts may even supersede  congressional policy efforts, currently underway, as the most  tangible outcome of steady revelations of NSA surveillance since  early June, when the Guardian and The Washington Post ran the  first stories supplied with classified documents given to them by  Snowden.

“That’s a pretty big change in the way these companies have  operated,” said Matthew Green, a Johns Hopkins University  cryptography expert. “And it’s a big engineering effort.”

The NSA said Tuesday in a statement about Microsoft that the  agency’s “focus is on targeting the communications of valid  foreign intelligence targets, not on collecting and exploiting a  class of communications or services that would sweep up  communications that are not of bona fide foreign intelligence  interest to the U.S. government.”

One anonymous US official said Tuesday that collection can be  done at various points and does not have to happen on a company’s  private fiber-optic links.

A 2009 email from an NSA senior manager of NSA’s MUSCULAR program  specifies that a targeting tool known as “MONKEY PUZZLE”   can search only across a listed “realm,” including Google,  Yahoo and Microsoft’s Passport service. What service the fourth  realm, “emailAddr,” represents is not clear.  “NSA  could send us whatever realms they like right now, but the  targeting just won’t go anywhere unless it’s of one of the above  4 realms,” the email said.

The MUSCULAR program involves a process in which the NSA and  Britain’s GCHQ intercept communications overseas, where lax  restrictions and oversight allow the agencies access to  intelligence with ease.

“NSA documents about the effort refer directly to ‘full take,’  ‘bulk access’ and ‘high volume’ operations on Yahoo and Google  networks,” The Post reported. “Such large-scale collection  of Internet content would be illegal in the United States, but  the operations take place overseas, where the NSA is allowed to  presume that anyone using a foreign data link is a  foreigner.”

To do as much, the NSA and GCHQ rely on capturing information  being sent between company data centers around the globe,  intercepting those bits and bytes in transit by tapping in as  information is moved from the “Public Internet” to the  private “clouds” operated by the likes of Google and  Yahoo. Those cloud systems involve the linking of international  data centers, each processing and containing huge troves of user  information for potentially millions of customers.

Intelligence officers who can sneak through the cracks when  information is decrypted — or never encrypted in the first place   — can then see the information sent in real time as take “a  retrospective look at target activity,” according to  documents seen by The Post.

“Because digital communications and cloud storage do not  usually adhere to national boundaries, MUSCULAR and a previously  disclosed NSA operation to collect Internet address books have  amassed content and metadata on a previously unknown scale from  US citizens and residents,” The Post reported.

Microsoft general counsel Brad Smith hinted at the company’s  encryption efforts at a shareholders meeting recently. “We’re  focused on engineering improvements that will further strengthen  security,” he said, “including strengthening security  against snooping by governments.”

While company officials do not have definitive proof of the data  interception, the company has held high-level meetings to discuss  the possibility that encryption efforts “across the full range  of consumer and business services.” Big decisions will be  made this week at company headquarters in Redmond, WA, anonymous  sources familiar with Microsoft’s planning told The Post.

Of NSA documents mentioning Microsoft services, Smith said in a  statement: “These allegations are very disturbing. If they are  true these actions amount to hacking and seizure of private data  and in our view are a breach of the protection guaranteed by the  Fourth Amendment to the Constitution.”

Upon news of MUSCULAR’s intrusions, Google’s general counsel  David Drummond said he was “outraged.” The company  announced new encryption efforts at data centers worldwide in  September.

Yahoo announced its own encryption initiatives last week.

These major tech companies have called on limits to NSA’s  surveillance powers, especially those used without oversight from  the Foreign Intelligence Surveillance Act court.

NSA documents from Snowden do not outline how the NSA would  access Microsoft’s data, though it is possible some or all of it  happens on the public internet and not via private links to data  centers. Some MUSCULAR documents do, though, discuss targeting  Microsoft online services. Microsoft’s Hotmail has been one of  several email services shown to have been targeted by NSA  surveillance.

Privacy advocates meanwhile have criticized Microsoft in the past  for being slow to adopt encryption technology.

“Microsoft is not yet in a situation where we really call them  praiseworthy,” said Peter Eckersley, director of technology  projects at the Electronic Frontier Foundation. “Microsoft has  no excuse for not being a leader in encryption and security  systems, and yet we often see them lagging behind the  industry.”

Documents released by Snowden have indicated Microsoft has   worked with US officials in the past to  circumvent some encryption on the company’s services.


(Visited 14 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.