Pages

Thursday, December 12, 2013

M$FT: USG Is Akin To Cyber Criminal Organization

The blowback in the wake of Snowden's revelation continues:
While Microsoft's recent move to encrypt user data made the most headlines, the reasoning underlying its new data protection strategies classify the US government in the same category as a cyber-criminal group.

Brad Smith, Microsoft's EVP of Legal and Corporate Affairs, labeled the American government as an "advanced persistent threat" in a December 4 post on The Official Microsoft Blog. The term advanced persistent threat (APT) refers to an attacker, usually an organized group of malicious attackers, that should be considered harmful and dangerous — and an overall method of attack that plays a "long game."

Smith wrote in Protecting customer data from government snooping:
(...) Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data.

In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.

If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.

While the writing is cautiously couched in terms of "some governments" it's crystal clear that Microsoft's "advanced persistent threat" is referring to the ongoing revelations of US government surveillance activities (in leaks by Edward Snowden), and the concerns of Microsoft's American customers.
Given that the US government is arguably Microsoft's #1 customer, I'm not certain if this episode of biting-the-hand-that-feeds-you will go over well. Of course, that's not to say that this is not just a PR stunt to assuage customers while still allowing government intelligence agencies an inside track into user's data.  So in essence, Microsoft could be pulling a Pakistan here, in that it is lambasting the USG on one hand so as to shore up its customer base, while quietly quasi-cooperating because they can't fight the power on the other.

8 comments:

vultureofcritique said...

Your analysis is very insightful.

I suspect that many of the folks at Google who are saying "Forget the NSA" or less polite f-words are similarly making a big show for the benefit of the public, because they know that the NSA can bribe the key Google execs and the engineers are powerless.

newrebeluniv said...

It seems pretty obvious that the Census is no longer needed. The various government computer snooping agencies have more than enough information to have an accurate count of every living American citizen and their home addresses, updated daily.

They also have easily available the names and home addresses of every illegal alien. To believe otherwise is to pretend you are still living in the 1980's. So, failure to perform even basic law enforcement on those criminals is an act of policy, not inability.

They also have plenty of cross reference information easily available to check voting records and clearly identify everyone who voted twice in the last election, or who voted without proper eligibility. These are trivial matters given the amount of data storage and processing power that the US federal government has, plus their known linkages to state and local data sources.

chris said...

What a lot of you guys forget is that Microsoft is multinational. They do not sell to the US gummint: they have to compete with local, linux based companies (think SuSE and Redhat and Canonical, who own Ubuntu) who will provide the kind of commericial support Microsoft sells corporations to governments.

These companies used to have to use an ethical argument (there is a cost differentiation, but it relates more to Unixen being easier to administrate because they were written by people who are admins than Microsoft stuff) but that does not really cut it.

"Keeping the NSA's claws off our data" does.

Microsoft and Google and Apple know this. Kicking the US government is good business practice: there is more money to be made outside the USA than in it.

Elusive Wapiti said...

@ Vulture,

I don't think bribery is even required, rather just the force of law.

Just ask secure mail services like LabaBit and SilentCircle, who were served with national security warrants to grant the NSA backdoor access to user emails...or else.

So these guys have been shutting down rather than violate their own business models, leaving the rest who must quiet their user base whilst still quietly complying with Patriot Act-backed counter-intel agencies.

Elusive Wapiti said...

@ PH,

You touch on an important point, in that deportation of illegal aliens is only a political problem.

We (US) did it before, and Saudi Arabia is showing us all that it can be done again, quite easily.

Illegal aliens are here to stay because our pols and their corporatist/liberalist friends want them to remain.

As you say, if our government wanted to find these guys, it could do so, trivially.

And vote fraud? Puh-leeze. If we really cared about voting integrity, confirmation of the identity of voters would even be a question. We'd rather let dead people or felons or the flotsam that SEIU goons drag into the polls vote 2, 3, 5 times rather than ensuring that "one man, one vote" actually happens.

As before, we just lack the political will.

Elusive Wapiti said...

@ Chris,

Yes, the principle of "know your audience" clearly applies.

We can expect to see more of this sort of stuff--poking the USA in the eye--as our relative power decreases and there's money and market share to be made by doing so.

Eric said...

Wapiti:
It's amazing to me (though it probably shouldn't be)that the NSA revelations are causing firestorms abroad---but practically nothing here. When I hear some pundits (e.g. Alex Jones) talking about how the 'elites are speeding up because they fear the American people waking up' I almost shudder.

If anything, the elites are speeding up because they know they won't meet with the slightest resistance from the Ameroboob. That's one reason why I think they haven't---and probably won't on the foreseeable future---start cracking down on dissent. Why bother when 3/4 of the population is too far gone to resist anyway?

As a side note, the MSM won't report it, but the Snowden revelations are the REAL reason behind the diplomatic problems with Saudi Arabia right now. Somehow the Saudi Royal Family wasn't happy with being spied and having the information passed to Islamic regimes hostile to them!

Elusive Wapiti said...

Yeah, I've been a bit dismayed as well, that notionally far more totalitarian European regimes and their media outlets have been very critical of USG spying on other countries, but nary a peep on this end.

No one likes being spied upon by one's "friends". We didn't like it when Israel did/does it to us, no surprise that the House of Saud doesn't either.

I am enjoying the backlash however. It's like all of the sudden the world has been awoken to the Leviathan, and they're taking steps to make their comms less vulnerable to interception, such as hosting on non-US servers, using landlines or satcom, or even laying new undersea cables.

The only way this stops is for the American sheeple to say "stop" and to fear a farwaway al Qaeda less than the for-your-own-good busybodies next door.