A year ago today the true extent of the US National Security Agency (NSA) surveillance came to light after former NSA contractor, Edward Snowden leaked secret government documents to The Guardian and The New York Times.
Microsoft’s general counsel and EVP of legal & corporate affairs Brad Smith said a lot has changed since the revelations but the US government needs to address important unfinished business.
On June 6 last year Guardian journalist Glenn Greenwald first reported the NSA collecting telephone records of millions of Verizon customers under a top secret court order granting the US government unlimited authority to obtain communications data over a three month period.
Snowden named himself as the source of the intelligence leaks three days after the scandal went public.
In a Microsoft company blog post Smith said with the invention of mobile devices and cloud services technology has never been more powerful or personal.
“People have real questions and concerns about how their data is protected,” Smith said.
“These concerns have real implications for cloud adoption. After all, people won’t use technology they don’t trust.”
Smith said there needs to be a better balance between privacy and national security to restore trust, he stated five things the US government still needs to do:
- Recognize that US search warrants end at US borders.
“We’re concerned about governmental attempts to use search warrants to force companies to turn over the contents of non-US customer communications that are stored exclusively outside of the US,” Smith said.
Microsoft recently went to court to challenge a US government search warrant seeking content held in its data center in Dublin, Ireland.
- End bulk data collection
In March president Obama proposed an end to the NSA’s bulk collection of all US phone data.
Smith said Microsoft never received an order from the NSA relating to bulk collection of Internet data .
- Reform the Foreign Intelligence Security (FISA) Court
In the blog post Smith said there needs to be increased transparency of the FISA Court’s proceedings and rulings, and to introduce the adversarial process that is the hallmark of a fair judicial system.
The FISA Court is a US federal court established and autorized under the Foreign Intelligence Secuity Act of 1978 to oversee requests for surveillance warrants against suspected foreign intelligance agents.
- Commit not to hack data centers of cables
The Washington Post broke the news last October that the NSA had hacked systems outside of the US to access data held by Yahoo! and Google.
In April Yahoo chief information security officer Alex Stamos announced the company had fully encrypted traffic moving between its data centers.
Snowden’s information indicates that the NSA can gain direct access to communications infrastructure in different parts of the world.
One of the biggest allegations to come out of the Snowden leaks is that the NSA had been tapping into backbone fiber operated by companies like Level 3, Verizon, BT or Vodafone.
Electronic Frontier Foundation’s senior staff technologist Seth Schoen said one way to do it would be to gain “access to the physical cables that … connect the facilities.” It could be done on land or under sea.
“The NSA has been tapping undersea communication cables since at least the 1970s, and it would not be hard to send somebody down a manhole to plug a wiretapping device into a cable on shore,” Schoen said.
- Continue to increase transparency
After the true scale of the NSA surveillance became clear companies including Apple, Facebook, Google, Microsoft and Twitter among many others signed a letter urging the US government to provide greater transparency around national security related requests by the US government.
At the beginning of the year Microsoft won the right to publish data detailing the number of national security related demands that it received.
“While we continue to press the government for reforms, we’ve also taken actions ourselves as a company, as well as with others in the industry,” Smith said.
“This includes expanding our use of encryption across our services, increasing the transparency of our code and strengthening legal protections for customers. The advance of technology makes these issues even more important.”