Luxembourgeois data protection watchdog probes Microsoft in Skype PRISM complaint Microsoft is co-operating with regulators in Skype’s home country of Luxembourg over its possible participation in the NSA’s PRISM program, a spokesperson has confirmed. A Redmond spokesperson told The Register Microsoft is “happy to answer any questions” that Luxembourg's Commission nationale de protection des données (CNPD …
"Key to Snowden's revelations was the snippet that PRISM operated with the active help of major technology companies."
I think active help is a little generous, to me that implies that these companies had some say in the matter. "Active cooperation with a gun to the head and promises of a long prison sentence if they didn't comply" seems more accurate in this case.
So answer everything honestly and face jail time in the US. Fail to answer honestly and face issues with the EU.
My bet they send someone without full knowledge of what's being intercepted plausible deniability and all that. Just don't expect an honest answer either way.
Still surprised at the lack of backlash against US orgs over this. Betting their are some nervous cloud providers that side of the Atlantic though.
That's because they are situated on a brownfield area next to something that can only be described as a sound-generating venue
Hi,
Is it workable for Europe to enforce a piece of legislation that basically sets out that if a user specifies that they are located in Europe along with IP address checks etc. then their personal data can only be stored/ backed up on a database located in Europe. I guess it would be hard to implement and enforce..
I guess in an ideal world we could do with some Europe centric services.
Jonny
Piece of p*** to enforce. Break the law and the eu levies unlimited fines, seizes all Google and Microsoft assets in europe, bans them from operating in europe, prosecutes anyone who advertises with them etc etc
All those nice new blanket "anti-terrorist" laws they introduced to deal with file-sharing sites might come in useful
Lets recap, lest we get a history re-write:
http://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data
"Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007....It was followed by ...Skype and AOL in 2011"
The PRISM document is recent (post Skype purchase by Microsoft):
"The document is recent, dating to April 2013."
On this slide it shows PRISM obtains data from Skype:
http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2013/6/6/1370554726437/PRISM-slide-crop-001.jpg
On the right the data that can be obtained from PRISM. Voip, chat etc.
Chess was the next revelation:
http://www.nytimes.com/2013/06/20/technology/silicon-valley-and-spy-agency-bound-by-strengthening-web.html?_r=1&
"Skype, the Internet-based calling service, began its own secret program, Project Chess, to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials, according to people briefed on the program..."
It's difficult to get a truthful answer out of people. For example, we know BULLRUN has a database of private keys available for attacks. We know that a judge authorized the FBI to grab Lavabits SSL keys. It seems likely those SSL keys go into BULLRUN database since NSA handles these intercepts. But the Judge only authorized a limited grab-and-filter on the promise that the rest would be thrown away. So any other use under Bullrun would violate his order. Yet as long as they keep it secret, how would the judge know? How would Lavabit know?
How many of those Bullrun keys were obtained in the same way, and violate other secret court orders?
http://www.theguardian.com/world/interactive/2013/sep/05/nsa-project-bullrun-classification-guide
(Bullrun, page 6 also mentions Skype.)
Let's recap, the Guardian initially said that Google, Facebook, Microsoft, etc, gave access to the NSA. Then they slyly changed their story to merely saying the NSA had direct access to their servers after all the companies named stated they did not give access to the NSA or even heard of PRISM.
The Guardian has also changed their interpretation of what PRISM even is with every counter story from other outlets.
I'd take anything the Guardian says with a large pinch of salt because it doesn't seem that they even know what they are reporting on.
Or to unrecap. A US general who believes he is the last line of defence between homeland, mon and apple pie is given the technical means to spy on all those potential terrorists.
He chooses to give up this power because it just wouldn't be cricket to potentially also spy on some innocent citizens along with the godless fundamentalist commie muslim hoards waiting to overthrow the USA
It seems we're reaching a point where including the companies in any talks like this would be redundant.
You simply write the NSA and ask what said company would be told to say, if they were asked these questions.
(No it hopefully isn't that bad, but we can't seriously trust anything a US company says it does or does not do, since they can simply have a order on them to say this or that)
Indeed, given the US law on this, what is the point in asking? Those who know are bound, on pain of imprisonment, to lie in order to cover any NSA requests.
Long term, this is going to do the USA-based business no good at all, and if the USA gov is able to act and see sense, then they will allow at least honest answers about the number and general nature of the FISA requests.
Sure, it won't deal with all issues, but then such questions about scale and privacy have half a chance of being answered honestly to EU countries, etc, and that may just help the USA to rebuild some measure of trust.
Not just the USA. If I were ARM, BAe, BP - I would be asking the government if GCHQ spied on me and passed information to the NSA knowing that it would be handed over to Intel, Lockheed Martin and Exxon.
I don't think the NSA funds as many tory MPs as British industry does.
Short version is that nothing of any real consequence will come of any of it.
I would very much like to see these countries get serious with this and treat it in the same way they would (and the US does) with, say, China.
That is protect your own citizens and treat it as espionage and charge any citizen complicit in it with treason.
The strongest possible message has to be sent, but it just won't happen.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
