Irreal

In my The Good Guys and Bad post, I had harsh words for Microsoft’s collaboration with the NSA and FBI. I still find their actions over the top and inexcusable but there is another side to the story. Declan McCullagh over at CNET explains how the government forces Internet companies to cooperate on surveillance.

The big threat is that the government will install their own equipment on the company’s network if they don’t get cooperation. No one wants that, of course, so they provide the targeted account details using internal mechanisms. Companies that resisted have consistently lost in court.

This, however, does not exonerate these companies, at least not completely. Companies are only required to provide what they can provide. If they don’t keep logs for longer than required for engineering purposes, they can’t tell the government when someone was logged on. If they keep user data encrypted on their servers in such a way that only the user can decrypt it, they can’t give it to the government. None of this is impossible. We can’t expect Google, for instance, to do this because their business model is all about mining their users’ data but other companies can and do.

If you want to keep your business your business you should seek out these companies. I’ve been accumulating a list of such services for my own use and will blog about them occasionally. Realistically, if you become a target of the NSA or FBI¹, they are probably going to get your data but most of us aren’t and won’t be such targets so we can take steps to avoid having our data vacuumed up wholesale. This will also prevent companies like Google and Facebook from building a profile of our Net activities—a profile that itself could easily become a target of government interest.

There’s a tiny ISP in Utah, USA. It has a sole proprietor and very limited resources. Still, it does what few others are willing or able to do. For the last 15 years, Xmission has refused to honor any request for user data unless it is accompainied by a court-issued warrant.

In those 15 years, it has only once provided data and that was when it was presented with a warrant from FISA. For owner Pete Ashdown it’s simple: if you don’t have a court-issued warrant, the request is unconstitutional and he’s not going to honor it. He has maintained that stance even in the face of a local law passed a few years ago that law enforcement could request data without a warrant. Ashdown says it’s easy to get a warrant and if you don’t get one you don’t get the data. The fact that he has only once acquiesced shows how easy it is to resist government extra-legal snooping if you have the courage and will.

Then there’s Microsoft¹. A huge company with practically unlimited resources and substantial political clout. Unlike Xmission, they are only too happy to sell out their customers and then lie about it. Think that’s hyperbolic? Think I’m just Microsoft bashing? See for yourself².

How can a company that provides the NSA with a backdoor to the Outlook encryption function before it’s even released be said to be looking out for their customers? How can a company that worked with the NSA to provide them easier access (through the Prism program) to their SkyDrive cloud service be said to respect their customer’s privacy? How can a company that, at the same time, provides the NSA with the audio and visual content of Skype calls and claims that “Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content” be said to be being honest with their customers?

If all that seems shocking, you’ve seen nothing yet. Go read the article. Microsoft’s whoring for the NSA is disgusting beyond words. They say, of course, that they have to obey the law, which is fair enough, but the thing is, there is no law requiring vendors to build in back doors for government snooping. We know this because the FBI has been whining for years about their sources going dark and asking Congress to pass laws requiring such back doors.

If you think it’s only about national security, think again. As the article makes clear, the NSA shares this data with the FBI and the CIA. They call it “a team sport.” Read, if you can stomach it, the effusive praise for Microsoft’s cooperation from the FBI and NSA.

This affects us all. If you’re an American, your fellow Americans are conspiring to spy on you. If you’re not an American, you don’t have even the presumption of rights so your situation is worse. If, after reading the Guardian story linked above you’re still using Microsoft products, you have only yourself to blame for the inevitable loss of privacy.

Editorial Note: In the aftermath of the NSA revelations, I’ve been writing more and more posts on privacy and ways to help secure it. From this post on I will use the tag “Privacy” to mark these.

AT&T, my wireless carrier, has joined other large communication companies in deciding that our data really belongs to them and that they are going to sell it to advertisers. It’s OK, they say, because everyone is doing it. There’s the usual “no personal identification will be given to advertisers; we just want to give you better ads” nonsense. This is basically what Google is doing but this time we’re paying the carriers and they still feel free to appropriate our data and sell it. Really, it’s despicable.

Anyone with a clue already knows that cell phones—especially smart phones—are tracking devices but that doesn’t mean that our carriers should get to sell that information to anyone willing to buy it. Ideally, it would be illegal to collect and store this information (except maybe for engineering purposes and then only with identifying information removed). Of course, the usual 3-letter agencies would run screaming to Congress about the Four Horsemen of the Infocalypse so that probably isn’t in our immediate future.

Fortunately, at least for AT&T, you can opt out of this program as this Forbes article explains. I urge everyone to take the time to do this. If we don’t push back—now and hard—it will only get worse.