While Microsoft's recent move to encrypt user data made the most headlines, the reasoning underlying its new data protection strategies classify the US government in the same category as a cyber-criminal group.Given that the US government is arguably Microsoft's #1 customer, I'm not certain if this episode of biting-the-hand-that-feeds-you will go over well. Of course, that's not to say that this is not just a PR stunt to assuage customers while still allowing government intelligence agencies an inside track into user's data. So in essence, Microsoft could be pulling a Pakistan here, in that it is lambasting the USG on one hand so as to shore up its customer base, while quietly quasi-cooperating because they can't fight the power on the other.
Brad Smith, Microsoft's EVP of Legal and Corporate Affairs, labeled the American government as an "advanced persistent threat" in a December 4 post on The Official Microsoft Blog. The term advanced persistent threat (APT) refers to an attacker, usually an organized group of malicious attackers, that should be considered harmful and dangerous — and an overall method of attack that plays a "long game."
Smith wrote in Protecting customer data from government snooping:
(...) Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data.
In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.
If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.
While the writing is cautiously couched in terms of "some governments" it's crystal clear that Microsoft's "advanced persistent threat" is referring to the ongoing revelations of US government surveillance activities (in leaks by Edward Snowden), and the concerns of Microsoft's American customers.
Thursday, December 12, 2013
M$FT: USG Is Akin To Cyber Criminal Organization
The blowback in the wake of Snowden's revelation continues: