Microsoft Denies Participation In PRISM Data-Gathering Scheme

Yesterday was an unusually troubling day for online privacy. Microsoft clarified the potentially problematic privacy settings for the Kinect video and audio sensor that must be plugged into the Xbox One for it to operate. And yet according to a stunning, unrelated report, Microsoft has also been offering up its users' data to the NSA and the FBI since 2007. Today, it has denied participation in just such a program.

Microsoft's statement, sent to Kotaku by a Microsoft spokesperson:

"We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”

Yesterday, both the Washington Post and The Guardian released documents indicating that since 2007 the National Security Agency and the FBI have been engaging in a massive, secret data-mining operation called PRISM.

PRISM's goal has been to monitor for potentially dangerous activity, focusing on foreign communications, and to track individuals and connections to individuals through their online interactions. They've done so with the consent of a bunch of the biggest American Internet companies, although the program ostensibly tracked data only from non-Americans.

According to both reports, Xbox One-maker Microsoft was first to agree to go along with the program. The other companies listed in the report, in order of their sign-on date, are Yahoo!, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple.

If Microsoft were involved with a program like PRISM, it would cast the company's repeated assurances about user privacy in a different light. The Xbox One, after all, comes packaged with a mandatory Kinect camera that surveys your room and can record your physical information, voice, and more. As we reported in May and was confirmed yesterday by Microsoft, it's possible to turn the camera off, but you'll need to leave it plugged in to use the Xbox One. And of course, as Microsoft says, "Some apps and games may require Kinect functionality to operate, so you’ll need to turn it back on for these experiences." Microsoft's network goes far beyond the Xbox One. They own Skype, Outlook and Windows.

But now, Microsoft denies involvement in this type of program. There's some wiggle-room in their statement, mostly hinging on how one decides to define "voluntary." Then again, Apple, Yahoo!, Google, Dropbox and Facebook have given more unequivocal denials to other outlets. Apple, for example, told CNBC it had never even heard of PRISM. Google told The Next Web the same thing: It hadn't heard of PRISM.

But after the Post and Guardian reports went up, Director of National Intelligence James Clapper confirmed the existence of PRISM, saying that "Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats."

What to make of all this? It's difficult to say at this point. Government agencies subpoenaing companies for user-data is nothing new, though the alleged scope and scale of PRISM is possibly unprecedented. It's likely that more information will come to light in the near future. And at the very least, this is probably cause to pay close attention to what information you let your Kinect transmit.

[Washington Post, The Guardian]


Comments

    Are they not all denying being in PRISM? Why are you just focusing on Microsoft?

    Had no idea this was going on, does it affect aussies at all?

      "Australians are likely to have been caught up in the NSA surveillance program, said Jon Lawrence, spokesman for online lobby group Electronic Frontiers Australia. He said it was likely Australians' private data was caught up because many Australians had signed up for online accounts on US-based servers."

        Thats not good enough, we have laws against this sorta stuff

          Laws that seem to mean precisely Sweet F*** All to American law enforcement and surveillance industries

          I'm pretty sure if the information is on US servers it will be under US legal jurisdiction.

          It would be interesting to know how they are using that information, whether they have an automated flagging system or if it's being used solely to investigate existing suspects.

            That and foreign spy agencies routinely spy on citizens for other countries it's pretty much their job to do that. There's no warrant process for the CIA to start surveillance on someone in the middle east, I can't imagine them caring any more or less about all the other foreign nationals caught up in the mix.

    Of course they're not gathering data, MS are angels. They wouldn't do anything to hurt us, they can have my money cause I'm an idiot.

    They just don't fucking get it do they? It's too late, they have lost trust. Once that happens you will be fighting for people to not immediately assume you are the grubbiest piece of shit on the market.

    As far as I'm concerned MS and all the other majors can fellate a dead horse.

    If you buy a Xbone just expect you are handing everything over, because in reality, you are, the NSA, CIA etc will just access it even if they aren't allowed.

    Last edited 08/06/13 3:20 pm

    Are Microsoft sending data to the US government? Probably. So's Google. In fact they probably all do. They're going to deny it, but that's natural - it's natural to deny you've done something wrong when someone has caught you doing something wrong.

    That the NSA are gathering public data, I have no doubt. However, how useful is that data? They are collecting millions upon millions upon millions of messages every single DAY. They can't possibly store all of that forever - even the NSA doesn't have infinite storage space. And how are they going to search through all that information? Even if you flagged for certain words like "bomb" or "anthrax", you're going to turn up, at the very least, millions of harmless messages. And although terrorists are stupid, they're not so stupid as to openly talk about their plans - they'd talk in code.

    So this doesn't seem to be very useful at finding terrorists, but it does seem to be awfully useful for the US Government to mine data about people they want to search but can't get a warrant. Of course, that's wrong - the government shouldn't be able to search without a warrant - that's the entire point of the warrant system, to constrain the government. This new PRISM system they have allows them to go over the head of the Judiciary and allow the Executive branch to essentially search for whatever they want.

    It's not that useful against terrorists, because the terrorists have largely given up electronic communication. Bin Laden refused to allow anything that could potentially give off any signal near him (he still used computers, but he did not allow any internet access near him). Terrorist messengers use hand-written notes these days, it's all well known. So this PRISM system won't really fight against terrorists.... but rather, it is probably being used for any purpose the FBI and the NSA wants.

    This isn't the first time the US government has done something like this. Remember the RICO laws? No? Well, in the 60s, the US government passed some laws that allowed the police to have special powers to combat Racketeering. These laws were the RICO laws. If you go to Wikipedia and the US government's Justice Department Website, you'll find that the RICO laws have been hugely expanded - they don't just cover racketeering - arson, bribery, theft (of any kind), dealing with obscene matter, copyright infringement, and even suspected child abuse are technically "patterns of racketeering" and allow the Government to use the RICO laws to drastically expand their powers of investigation. The RICO laws have resulted in some good arrests, but they've been expanded to the point where the government can use them to do almost anything.

    I'm not saying that the US is as bad as China or Iran - but it is heading there. The US is not the land of the free, it is the land of the relatively free - free by some standards, but not very free by the traditional standards their own Founding Fathers stated in their constitution.

    There is still hope, if the public reacts strongly enough.... but I somehow doubt they will.

    Wow if this report is accurate then George Orwell was correct and it has started.

    My conspiracy senses are tingling.... This could be really interesting and cool!

    But really does this matter. Yea they are gathering intel. The old saying of 'information is power' so why wouldn't governments and organisations want all the info they can swallow plus more. But how does this affect me. How does the government getting the data on my online gaming, carsales searches, porn searches, varies wikipedia sprees, and emails regarding eb games and other online sales really affect my life. They aren't going to kick in my door or arrest my for any of these. They want to arrest criminals and terrorist. They have no concern about my internet activities. So am I outraged? No, I'll just keep on doing what I do cause its not illegal, therefore I have no worries.

      That is a horrible way to look at it. Your rights have been violated and you think that since it doesn't affect you right now you shouldn't be concerned. That is the mindset that allows governments to become tyrannical. Go study some history it will do you some good.

    You'll note they do not actually deny giving user data to them for the purposes of this program. They simply state that if they are in fact doing so it is under a legally binding order. Those exist, especially in the US. And a "specific identifier" can be classed as any account originating from a non-US source.

    What Microsoft need to be careful about, and why they are probably being so cagey about (as are the other companies) is that in certain countries, privacy laws vary from the US, and as they operate in those countries they can be found criminally liable if they violate those laws. Hence, obtuse wording.

    "We have never heard of PRISM" - probably technically true. They may simply have received a binding order from a government agency to hand over certain information on receiving it or to provide access to certain information on request.

    "We provide customer data only when we receive a legally binding order or subpoena to do so" - Again, technically true. But certain government agencies can readily issue or obtain legally binding orders to that effect, Homeland Security and the NSA being two of them.

    Long story short, the rumours are probably valid. But the actions involved are also probably legal within the US, and the companies participating in these actions would certainly never outright admit the rumours were true due to the incredibly poor publicity such an admission would bring, let alone the legal ramifications in certain cases, and as such there isn't jack all anyone else can do about it. It's the price we pay for living in a globally connected world.

    Can't wait for the Xbox 1984! The new telescreen technology is gonna be awesome!

    The secret to PRISM is in the name. The name is both an acronym and a descriptive noun. It's a beam splitter. The details have on the net since about 2007 (An AT&T tech from memory). They split the optic signal into two using (basically) a prism and half the beam goes to whoever (large telephone exchanges, large Internet companies etc) and the other half goes to the NSA. The companies concerned don't know (officially) what is going on with it but they don't need to. The NSA gets the data anyway.

    Let's all sing together the death knell of America as the Good Guys. So who else is out there? Seeing as the UK and the Canadian governments are trying SO HARD to turn their countries into police states too, that wittles down my personal list quite a bit. Norway? Sweeden? New Zealand? Let's put all the fundamental internet infrastructure in Norway (or one of the other Scandinavian countries). They're the most technologically advanced nations in the world anyway, or so I hear.

    Fuck it, they can take what they want. Once this information gathering shit becomes too over bearing I am going to kill myself anyway. May sound extreme now. Sure it wont over the next few years though.

    Just leaving here that I will not be surprised when it is finally revealed that in exchange for their "cooperation" in gathering all this data, those corporations got tasty behaviour analytics for their marketing strategies.

    Prism is basically going to bring law and

    order to the internet. Microsoft don't want

    people to pirate there crap and are definitely

    in bed with the prism program, as they will

    have the power to find the source domestic or

    globally of people breaking drm policy.

    The xbox one is in essence a prism box with

    drm as it collects and records data on its

    users and stores the info on the prism cloud.

    And now with game developers like EA having

    developed smart AI timeshift technology that

    can analyse human behaviours and recreate ai

    players for game immersion in conjunction with

    kinnect weight,height, voice,they will

    basically have a full blown digital profile of

    you online.

    As we now aware prism can decrypt and have the

    capabilities of having access to this data

    without Microsofts or your knowledge.

    Microsoft will mainly use the data to

    customise advertising and digital content

    based on your profile to mainly make trillion

    more dollars profit by knowing you better then

    you know yourself.

    What needs to happen is the Australian

    Government needs to make Microsoft put a sticker on

    the box stating it is a surveillance data

    retention device to allow people to have clear

    understanding what they are purchasing and

    bringing into there homes. Australian law now

    has to recognize that other Governments

    outside of Australia, do have the ability to

    spy on you or your personal info while online or

    offline and could be breaking Australian

    states and territory privacy laws.

    We are not a one world order yet so Microsoft

    and other Governments should be made to

    recognise other countries rules of law when

    users profile data can be kept, analysed and

    stored offshore . What my concern are if your

    data profile and views of today at the age of

    15 could have a major implication on your life at

    the age of 40 in a different geo-political

    climate.

Join the discussion!