One year on from the first news reports concerning the NSA's collection of phone and Internet records, showing the true scale of its surveillance activity, and the revelation that it hacked systems outside the U.S. to access data held by Yahoo! and Google, Microsoft is calling on the U.S. government to commit not to target data centers anymore.
Brad Smith, General Counsel & Executive Vice President of Legal & Corporate Affairs at Microsoft, said the United States government needs to tackle the technology trust deficit that it has created. Questions have been raised around the world about how safe data is when it is stored by U.S.-based firms, like Microsoft and Google.
Smith outlined five things the U.S. government needs to do to recover from the damage done in the past year. The five items can be cut down to three issues; the legal framework in which these surveillance programs are carried out, the actual physical collection of data and the level of transparency the government commits to.
Legal - U.S. search warrants & the FISA Court
The first thing Smith asserts is the U.S. government's need to recognize that U.S. search warrants end at U.S. borders. Recently, Microsoft has gone to court to challenge a search warrant seeking content that is actually held by Microsoft's data center in the Republic of Ireland.
"We're convinced that the law and the U.S. Constitution are on our side, and we are committed to pursuing this case as far and as long as needed," Smith commented on that particular case. He also pointed out that the U.S. would never tolerate foreign governments serving search warrants seeking Americans' data held within American borders without going through the established U.S. legal system.
Smith also insists that the FISA court system needs to be reformed, because the transparency of its proceedings and rulings is inadequate and it lacks the adversarial process that is the "hallmark of a fair judicial system."
"There remains a fundamental truth about legal disputes: a judge who hears only one side of a case is less likely to render a just result."
Data collection - Bulk collection practices and data center hacking
Smith noted that President Obama has already expressed a desire to end the bulk collection of data of telephone records, and says Microsoft has never received an order related to bulk collection of Internet data. Nevertheless, leaked NSA documents show that other firms, such as Verizon, did receive orders for the bulk collection of data.
Microsoft's position is that the USA Freedom Act needs to be strengthened to more specifically target orders for the bulk collection of data in the future.
The targeting of data centers is one thing that clearly affects Microsoft, which has data centers located all over the world. As previously mentioned, Microsoft has had to go to court to fight a search warrant for data stored in Ireland, but search warrants are not the only means by which agencies like the NSA can pull information from data centers.
Leaked documents showed that the NSA targeted data centers located outside the United States in order to access data held by Yahoo! and Google. Links between data centers also turned out to be target, prompting Google and Yahoo! to add more security measures to the communication between its data centers.
Microsoft has done similar things, expanding encryption across its services to make data safer in transit but Smith feels the onus is on the United States government to commit not to carry out these practices in the future.
"Shouldn't a government that prosecutes foreigners who hack into U.S. companies stop its own employees from hacking into such businesses?," he asks. "Why must we continue to wait for an assurance on this issue?"
Transparency - what is revealed about data requests
Early on after the Snowden leaks were being reported on, major tech firms started to press the U.S. government for the legal permission to publish information about the volume and nature of data requests they receive. This pressure yielded some results and tech firms were allowed to divulge the volume of data requests.
While it was a move in the right direction, it still fell short. Firms were only allowed to disclose the total number of data requests, but not give details on where they came from. That means they could not say how many were national security related, and how many were related to law enforcement investigations (missing persons etc.).
Microsoft has maintained that there is room for more detail without putting national security at risk.
Beyond what the U.S. government can do, Smith argues that an international response is what is needed to restore global trust in technology, especially with the growth of the cloud and big data services continuing. Microsoft advocates the creation of International legal frameworks that will strike a positive balance between privacy and the need to provide security.
"It was 225 years ago this Sunday that James Madison stood up in the first Congress and proposed the Bill of Rights, including what became the Fourth Amendment to our Constitution. He built on English law and colonial experience to preserve for future generations the right of people to be secure from unreasonable government searches. But by definition it is up to our own generation to preserve this fundamental constitutional protection"
Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft
Written by: James Delahunty @ 4 Jun 2014 23:53
