Yesterday was an unusually troubling day for online privacy. Microsoft clarified the potentially problematic privacy settings for the Kinect video and audio sensor that must be plugged into the Xbox One for it to operate. And yet according to a stunning, unrelated report, Microsoft has also been offering up its users’ data to the NSA and the FBI since 2007. Today, it has denied participation in just such a program.
Microsoft’s statement, sent to Kotaku by a Microsoft spokesperson:
“We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.”
Yesterday, both the Washington Post and The Guardian released documents indicating that since 2007 the National Security Agency and the FBI have been engaging in a massive, secret data-mining operation called PRISM.
PRISM’s goal has been to monitor for potentially dangerous activity, focusing on foreign communications, and to track individuals and connections to individuals through their online interactions. They’ve done so with the consent of a bunch of the biggest American Internet companies, although the program ostensibly tracked data only from non-Americans.
According to both reports, Xbox One-maker Microsoft was first to agree to go along with the program. The other companies listed in the report, in order of their sign-on date, are Yahoo!, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple.
If Microsoft were involved with a program like PRISM, it would cast the company’s repeated assurances about user privacy in a different light. The Xbox One, after all, comes packaged with a mandatory Kinect camera that surveys your room and can record your physical information, voice, and more. As we reported in May and was confirmed yesterday by Microsoft, it’s possible to turn the camera off, but you’ll need to leave it plugged in to use the Xbox One. And of course, as Microsoft says, “Some apps and games may require Kinect functionality to operate, so you’ll need to turn it back on for these experiences.” Microsoft’s network goes far beyond the Xbox One. They own Skype, Outlook and Windows.
But now, Microsoft denies involvement in this type of program. There’s some wiggle-room in their statement, mostly hinging on how one decides to define “voluntary.” Then again, Apple, Yahoo!, Google, Dropbox and Facebook have given more unequivocal denials to other outlets. Apple, for example, told CNBC it had never even heard of PRISM. Google told The Next Web the same thing: It hadn’t heard of PRISM.
But after the Post and Guardian reports went up, Director of National Intelligence James Clapper confirmed the existence of PRISM, saying that “Information collected under this program is among the most important and valuable intelligence information we collect, and is used to protect our nation from a wide variety of threats.”
What to make of all this? It’s difficult to say at this point. Government agencies subpoenaing companies for user-data is nothing new, though the alleged scope and scale of PRISM is possibly unprecedented. It’s likely that more information will come to light in the near future. And at the very least, this is probably cause to pay close attention to what information you let your Kinect transmit.
Comments
20 responses to “Microsoft Denies Participation In PRISM Data-Gathering Scheme”
Are they not all denying being in PRISM? Why are you just focusing on Microsoft?
Had no idea this was going on, does it affect aussies at all?
“Australians are likely to have been caught up in the NSA surveillance program, said Jon Lawrence, spokesman for online lobby group Electronic Frontiers Australia. He said it was likely Australians’ private data was caught up because many Australians had signed up for online accounts on US-based servers.”
Thats not good enough, we have laws against this sorta stuff
Laws that seem to mean precisely Sweet F*** All to American law enforcement and surveillance industries
I’m pretty sure if the information is on US servers it will be under US legal jurisdiction.
It would be interesting to know how they are using that information, whether they have an automated flagging system or if it’s being used solely to investigate existing suspects.
That and foreign spy agencies routinely spy on citizens for other countries it’s pretty much their job to do that. There’s no warrant process for the CIA to start surveillance on someone in the middle east, I can’t imagine them caring any more or less about all the other foreign nationals caught up in the mix.
Of course they’re not gathering data, MS are angels. They wouldn’t do anything to hurt us, they can have my money cause I’m an idiot.
You got an absolute lol out of me for that one!
They just don’t fucking get it do they? It’s too late, they have lost trust. Once that happens you will be fighting for people to not immediately assume you are the grubbiest piece of shit on the market.
As far as I’m concerned MS and all the other majors can fellate a dead horse.
If you buy a Xbone just expect you are handing everything over, because in reality, you are, the NSA, CIA etc will just access it even if they aren’t allowed.
Are Microsoft sending data to the US government? Probably. So’s Google. In fact they probably all do. They’re going to deny it, but that’s natural – it’s natural to deny you’ve done something wrong when someone has caught you doing something wrong.
That the NSA are gathering public data, I have no doubt. However, how useful is that data? They are collecting millions upon millions upon millions of messages every single DAY. They can’t possibly store all of that forever – even the NSA doesn’t have infinite storage space. And how are they going to search through all that information? Even if you flagged for certain words like “bomb” or “anthrax”, you’re going to turn up, at the very least, millions of harmless messages. And although terrorists are stupid, they’re not so stupid as to openly talk about their plans – they’d talk in code.
So this doesn’t seem to be very useful at finding terrorists, but it does seem to be awfully useful for the US Government to mine data about people they want to search but can’t get a warrant. Of course, that’s wrong – the government shouldn’t be able to search without a warrant – that’s the entire point of the warrant system, to constrain the government. This new PRISM system they have allows them to go over the head of the Judiciary and allow the Executive branch to essentially search for whatever they want.
It’s not that useful against terrorists, because the terrorists have largely given up electronic communication. Bin Laden refused to allow anything that could potentially give off any signal near him (he still used computers, but he did not allow any internet access near him). Terrorist messengers use hand-written notes these days, it’s all well known. So this PRISM system won’t really fight against terrorists…. but rather, it is probably being used for any purpose the FBI and the NSA wants.
This isn’t the first time the US government has done something like this. Remember the RICO laws? No? Well, in the 60s, the US government passed some laws that allowed the police to have special powers to combat Racketeering. These laws were the RICO laws. If you go to Wikipedia and the US government’s Justice Department Website, you’ll find that the RICO laws have been hugely expanded – they don’t just cover racketeering – arson, bribery, theft (of any kind), dealing with obscene matter, copyright infringement, and even suspected child abuse are technically “patterns of racketeering” and allow the Government to use the RICO laws to drastically expand their powers of investigation. The RICO laws have resulted in some good arrests, but they’ve been expanded to the point where the government can use them to do almost anything.
I’m not saying that the US is as bad as China or Iran – but it is heading there. The US is not the land of the free, it is the land of the relatively free – free by some standards, but not very free by the traditional standards their own Founding Fathers stated in their constitution.
There is still hope, if the public reacts strongly enough…. but I somehow doubt they will.
Wow if this report is accurate then George Orwell was correct and it has started.
My conspiracy senses are tingling…. This could be really interesting and cool!
But really does this matter. Yea they are gathering intel. The old saying of ‘information is power’ so why wouldn’t governments and organisations want all the info they can swallow plus more. But how does this affect me. How does the government getting the data on my online gaming, carsales searches, porn searches, varies wikipedia sprees, and emails regarding eb games and other online sales really affect my life. They aren’t going to kick in my door or arrest my for any of these. They want to arrest criminals and terrorist. They have no concern about my internet activities. So am I outraged? No, I’ll just keep on doing what I do cause its not illegal, therefore I have no worries.
That is a horrible way to look at it. Your rights have been violated and you think that since it doesn’t affect you right now you shouldn’t be concerned. That is the mindset that allows governments to become tyrannical. Go study some history it will do you some good.
You’ll note they do not actually deny giving user data to them for the purposes of this program. They simply state that if they are in fact doing so it is under a legally binding order. Those exist, especially in the US. And a “specific identifier” can be classed as any account originating from a non-US source.
What Microsoft need to be careful about, and why they are probably being so cagey about (as are the other companies) is that in certain countries, privacy laws vary from the US, and as they operate in those countries they can be found criminally liable if they violate those laws. Hence, obtuse wording.
“We have never heard of PRISM” – probably technically true. They may simply have received a binding order from a government agency to hand over certain information on receiving it or to provide access to certain information on request.
“We provide customer data only when we receive a legally binding order or subpoena to do so” – Again, technically true. But certain government agencies can readily issue or obtain legally binding orders to that effect, Homeland Security and the NSA being two of them.
Long story short, the rumours are probably valid. But the actions involved are also probably legal within the US, and the companies participating in these actions would certainly never outright admit the rumours were true due to the incredibly poor publicity such an admission would bring, let alone the legal ramifications in certain cases, and as such there isn’t jack all anyone else can do about it. It’s the price we pay for living in a globally connected world.
Can’t wait for the Xbox 1984! The new telescreen technology is gonna be awesome!
The secret to PRISM is in the name. The name is both an acronym and a descriptive noun. It’s a beam splitter. The details have on the net since about 2007 (An AT&T tech from memory). They split the optic signal into two using (basically) a prism and half the beam goes to whoever (large telephone exchanges, large Internet companies etc) and the other half goes to the NSA. The companies concerned don’t know (officially) what is going on with it but they don’t need to. The NSA gets the data anyway.
Let’s all sing together the death knell of America as the Good Guys. So who else is out there? Seeing as the UK and the Canadian governments are trying SO HARD to turn their countries into police states too, that wittles down my personal list quite a bit. Norway? Sweeden? New Zealand? Let’s put all the fundamental internet infrastructure in Norway (or one of the other Scandinavian countries). They’re the most technologically advanced nations in the world anyway, or so I hear.
Fuck it, they can take what they want. Once this information gathering shit becomes too over bearing I am going to kill myself anyway. May sound extreme now. Sure it wont over the next few years though.
Just leaving here that I will not be surprised when it is finally revealed that in exchange for their “cooperation” in gathering all this data, those corporations got tasty behaviour analytics for their marketing strategies.
Prism is basically going to bring law and
order to the internet. Microsoft don’t want
people to pirate there crap and are definitely
in bed with the prism program, as they will
have the power to find the source domestic or
globally of people breaking drm policy.
The xbox one is in essence a prism box with
drm as it collects and records data on its
users and stores the info on the prism cloud.
And now with game developers like EA having
developed smart AI timeshift technology that
can analyse human behaviours and recreate ai
players for game immersion in conjunction with
kinnect weight,height, voice,they will
basically have a full blown digital profile of
you online.
As we now aware prism can decrypt and have the
capabilities of having access to this data
without Microsofts or your knowledge.
Microsoft will mainly use the data to
customise advertising and digital content
based on your profile to mainly make trillion
more dollars profit by knowing you better then
you know yourself.
What needs to happen is the Australian
Government needs to make Microsoft put a sticker on
the box stating it is a surveillance data
retention device to allow people to have clear
understanding what they are purchasing and
bringing into there homes. Australian law now
has to recognize that other Governments
outside of Australia, do have the ability to
spy on you or your personal info while online or
offline and could be breaking Australian
states and territory privacy laws.
We are not a one world order yet so Microsoft
and other Governments should be made to
recognise other countries rules of law when
users profile data can be kept, analysed and
stored offshore . What my concern are if your
data profile and views of today at the age of
15 could have a major implication on your life at
the age of 40 in a different geo-political
climate.