back to article Microsoft: NSA security fallout 'getting worse' ... 'not blowing over'

Microsoft's top lawyer says the fallout of the NSA spying scandal is "getting worse," and carries grim implications for US tech companies. In a speech at the GigaOm Structure conference in San Francisco on Thursday, Microsoft general counsel Brad Smith warned attendees that unless the US political establishment figures out how …


This topic is closed for new posts.


  1. Mark 85 Silver badge


    Does this revelation really surprise anyone? Other than maybe Congress Critters and the like?

    1. Don Jefe

      Re: Duh!!!

      It surprises me. Mostly that anyone would believe it. Mr. Smith is mixing the facts here for the sole purpose of partially explaining away declines in some of their consumer products. It doesn't take a financial genius to see where he's pulling his numbers from.

      What doesn't surprise me though is how cheap it was to make everybody happy after all this. The Brazilians upped their US tech spend, the Chinese and IBM got everything sorted and an extra 18 month extension on the rest of the packages that replaced the deals they called off and renegotiated. The Germans have been a touch bitchy, but there's nothing new there. They'll cave too. Just like everybody else already did.

      The time to fix any of this passed by half a year ago. I think everybody sold out, far, far too cheap. The proles can be as outraged as they like, they aren't not going to buy the stuff, well, maybe not as much from MS, but nothing else has changed a bit.

      1. streaky Silver badge

        Re: Duh!!!

        "for the sole purpose of partially explaining away declines in some of their consumer products"

        Except for this: we're not really talking about consumer products - yes Windows desktop is a thing for Microsoft but it's actually doing well commercially, and that data from other companies supports the argument.

      2. Chairo

        Re: Duh!!!

        @ Don Jefe,

        There are short term repercussions that are probably not very bad, mostly due to no available alternatives, but in the long run there will certainly also be other effects.

        The problem is not so much, that the people are afraid of US spying. I suppose most understand very well, that the direct impact on themselves or their company is rather low.

        The problem is that there are enough people outside that thought of the US as a friend and now feel disgusted and betrayed. Usually people tend to forget bad experience rather quickly, but being betrayed by a supposed friend is something that causes a trauma that doesn't go away just like that.

        The US government's reaction was pretty much the worst thing they could do. Obama's assurance that they only spy on non-US citizens, so everything is fine, was not exactly helping. The perception outside of the US is, that the US government doesn't give a damn. Ten years ago, the US were seen as a superpower and source of stability for the world. Now they are seen as a sinking ship. The ageing bully that hasn't yet understood, that his time is over. China sure is doing everything to strengthen that picture and the US seems not to notice it.

        Oh, btw. this is also plays into the terrorists hands. They don't plant bombs to kill all westerners. They do it to fight our liberal, and open society, that they hate from the bottom of their hearts. The NSA's actions might have saved some people from terrorist attacks, but by doing what they did, they helped the terrorists agenda nicely along. Certainly far more than any successful attack could have.

        You want to tell me, that all this will not have any consequences? Really?

        1. Don Jefe

          Re: Duh!!!

          Yes. There have been very little in the way of consequences. Like I said, some individuals are mad, and rightfully so, but the actual impact on business and international relations has been negligible. Everybody sold out.

          For Christ's sake, Brazil was the first to fold. All that bitching and moaning, then their new data protection laws are being implemented and overseen by US companies. As I said above, the Chinese deals were better than before. Don't get me wrong, the Germans took their silver too, but want you to know that they wholeheartedly disapprove, mostly, enough to walk back their tough talk and increase imports from the US. One of our portfolio companies does 90%+ of their work in Europe and they grew nearly 200% last year, even though every single thing they do gets sent through the US before it comes back home.

          There's no point in blaming me for this. They're your leaders and they sold you out for, effectively, nothing. The whole entire mess is one of the more disgusting things our country has done and, at the end of the day, nobody who mattered gave one single shit. Nothing changed, and arguably, it all got worse. Now you've got the UK just straight up bragging about how they too are looking into every bit of Internet traffic they can get hold of.

          This was sorted many months ago and your just deluding yourselves if you think anything changed. It should have changed, but all it took was a little more of the same party favors political types like to give out and the problem went away. If you've got a problem with that bitching at me won't help. You need to get your leadership sorted and get people in office with the stones to say no. Your leaders, your problem and anything that isn't you lot moving them out of office is an absolute waste of time and dangerously distracting.

          1. Chairo

            Re: Duh!!!

            Sorry, if you feel I'm bitching at you, or blaming you. Not at all. I really enjoy reading your comments. They are one of the reasons I read El Reg.

            I completely agree about the short term concequences. There are very few, indeed. Right now politicians have a lot of unemployed and unhappy workers to worry about, overreach of the security agency of a foreign power is certainly not on top of the agenda. Espeshially if said foreign power is the only one between you and your big and agressive neighbor (like China or Russia).

            Companies might think twice, about their IT profile, but in the long term the bean counters will always win.

            As for the long term consequences, however I am quite sure there will be effects. A good brand image is nothing you easily repair. And countries are in many ways very similar to brands.

            The NSA activities have damaged the US brand. Inhowfar this will have consequences, is open. It is certainly not a good thing.

            Additionaly their activities pushed along the terrorist's agenda and helped them de-stabilizing our society. That is arguably the worst thing they could have done. Funny, that hardly anyone seems to mention this.

            1. Anonymous Coward
              Anonymous Coward

              Re: Duh!!!

              In October of 2011 I spoke to my barber. He was ranting on about how we needed to invade this country and that country and root out those terrorists. I told him then that such action is exactly what the enemy wants us to do. He didn't get it. He probably still doesn't get it.

              When this is widely understood, and I pray we are at a turning point, we may be able to restore our society and make some true progress toward peace and security with dignity.

        2. apjanes

          Re: Duh!!!

          "The ageing bully that hasn't yet understood, that his time is over."

          Absolutely. In addition to NSA shenanigans draconian laws such as FATCA ( and the excessive penalties the US are willing to use to force other countries to comply show that the US doesn't give two hoots about anyone but itself, including it's so called allies.

          1. Anonymous Coward
            Anonymous Coward

            Re: Duh!!!

            What puzzles me is that despite all this hi-tech spying the US and its allies still seem to be taken aback each time another Saudi protege appears to wreak mayhem.

        3. WalterAlter

          Re: Duh!!!

          What we desperately need to understand is that there is a tier of customers for NSA data and analysis that remains off the books in the black ops shadowlands. We need to ask why the NSA needs to collect virtually everything rather than just terrorist linked stuff.

          1. Crowd control. Attitude demographics are key to floating various policy programs. The crypto fascist financial oligarchy wants to know what the public will tolerate in the way of overt surveillance/police state attributes, financial fleecing via austerity measures and targets for black ops - financial destruction, assassination, etc.

          2. Helping out our guys. Our mega corporations benefit from industrial sabotage, market analysis, data on competitors' plans and internal structure, money flow and political trend data.

          Halliburton, Bechtel, Utah Construction Co., GM etc. are all the actual primary customers for NSA data. Our military and govt. agencies take the crumbs.

        4. Anonymous Coward
          Anonymous Coward

          Re: Duh!!!

          @Chairo -

          "You want to tell me, that all this will not have any consequences? Really?"

          Correct because the only issue the USA has is a temporary PR problem.

          Every nation does the exact same thing. You can tell the public don't give two craps because they still use Facebook, Skype, G+ etc; themselves nothing more than privacy intrusion networks.

          The total observation networks are here to stay - get used to it.

    2. Anon5000

      Re: Duh!!!

      Amazing that they thought it would just 'blow over'. It's not just a issue with their products that has not been fixed or won't be fixed in the near future, their reputation is shredded and their customers don't trust their data with them. That won't blow over even if there are claims they have fixed the US government problem through law, as we don't trust that will actually change anything.

      1. big_D Silver badge

        Re: Duh!!!

        Salesforce, AWS, Google Cloud, they are all equally affected.

        If the current action with Microsoft trying to protect the customer data in Ireland against the US Feds fails, then it will pretty much mean it is illegal to use any cloud business with ties to the USA.

    3. Anonymous Coward
      Anonymous Coward

      Re: Duh!!!

      actually I think it has largely blown over; it certainly doesn't seem to have affected google or amazon, but this is microsoft, who have been doing nothing but losing market share for the past decade, and blaming that on a 3rd party is pretty convenient.

      1. Anonymous Coward
        Anonymous Coward

        Re: Duh!!!

        I think you need to check your stats.

        The ones where MS is having record quarters. And the ones where MS is now number 2 in cloud - behind AWS (but catching) and ahead of the others.

    4. Stevie Silver badge

      Re: Does this revelation really surprise anyone?

      I am not permitted under the current legal strictures from admitting that I hold an opinion one way or the other.

    5. agricola

      Re: Duh!!!

      "Reader--Imagine yourself to be a blithering idiot.

      Now imagine yourself to be a member of Congress.

      But I repeat myself."

      --Mark Twain.

  2. brooxta

    Cloud security

    When it comes to security in the cloud or in closed source products I am reminded of the Henry Ford quote about his cars, "Any customer can have a car painted any colour that he wants so long as it is black." The modern IT equivalent appears to be, "You can have any kind of information security you like so long as it is crap."

    1. malle-herbert Silver badge

      Re: "You can have any kind of information security you like so long as it is crap."

      Well no... You CAN have good security AND privacy, just not with any

      American cloud providers...

      1. Anonymous Coward
        Anonymous Coward

        Re: "You can have any kind of information security you like so long as it is crap."

        Or most European cloud providers either - seeing as most will be compromised by their own security agencies who are happily cooperating with the NSA

      2. Chika

        Re: "You can have any kind of information security you like so long as it is crap."

        The problem with the idea that you can have good security and privacy within any provider in any country is that we only really know about some of the providers and their agendas.

        Yes, Merka has been found out and in a very big way, and a few other countries have also been fingered but it all comes down to the fact that you never know for sure what is going on with any given cloud in any given country because it isn't your machine.

        Until a way is found to make absolutely sure that both security and privacy can be maintained and groups like the NSA can be pinned down, use clouds at your own risk.

    2. NoneSuch

      Re: Cloud security

      "Military intelligence"

      "Business ethics"

      "Empathic politician"

      "Cloud security"

      1. Mitoo Bobsworth
        Thumb Up

        Re: Cloud security

        @ NoneSuch

        Excellent list of Oxymorons - have an upvote.

      2. charlie-charlie-tango-alpha

        Re: Cloud security

        Well, I had to make it 50.......

      3. BlartVersenwaldIII

        Re: Cloud security

        > "Cloud security"

        Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

        The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.

        And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.

        My main concern isn't with the security of The Cloud, but rather with getting my team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

        1. Gannon (J.) Dick

          Re: Cloud security

          I'll drink excessively to that.

        2. Fatman Silver badge

          Re: Cloud security

          Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

          (emphasis mine)

          As I read that, I am caught in a quandary,

          1) Are you an IDIOT?

          2) Did you forget your <sarcasm> tag?

          I certainly hope it is not #1.

    3. Spearchucker Jones

      Re: Cloud security

      Cloud security is only an issue when you rely on the cloud provider's security. A solid Needham–Schroeder protocol implementation with decent security primitives and HSMs can get you client-side encryption without affecting performance. The cloud service should be a zero-knowledge service, in that it traffics in and holds encrypted data, but hasn't the keys to decrypt it. If you do your job properly this will work with both structured and unstructured data.

      I guess it means admitting that we're responsible for the security of our data, and not the cloud provider. That's something I don't see often.

      1. Steve Gill

        Re: Cloud security

        This would work nicely for simple storage, but what about SaaS where the service has to have full access to the data to work?

        The SaaS suppliers are the ones most likely to be hit the hardest by this as the US gov is effectively making them illegal for European companies, at least, to use.

      2. Anonymous Coward
        Anonymous Coward

        Re: Cloud security

        Or, for the layman, something like Spider Oak.

      3. apjanes

        Re: Cloud security

        Encrypting may work for today, but isn't the NSA storing encrypted data as well in order to decrypt it when computing power makes it easy enough to be worth while?

    4. Anonymous Coward
      Anonymous Coward

      Re: Cloud security

      To be fair, Ford started off making the Model T in different colours. But when it got very popular and Ford had other models, the Model T only came in black to reduce the entry cost still further. Ford wasn't stupid. Even his "history is bunk" remark is misunderstood; he was saying that history books contained many falsehoods, which is true.

      I mention this only because an information security monoculture is a bad idea, and nobody in their right minds would want it (I do not think that some of the spooks are in their right minds). But that does imply that actors outside the US must supply competitive alternatives. So long as BlackBerry remains Canadian, so long as Huawei is building infrastructure, the US can't enforce a monoculture. I note that a Russian company has now developed a chip-and-PIN system independent of Mastercard/Visa. Snowden may actually have done quite a lot to make the world a more secure place.

  3. Crazy Operations Guy

    "..ordered by a secret court to hand over data and not tell anyone about it."

    That is the real issue here. A lot of damage can be repaired by immediately dismantling the FISC and charging everyone involved in it with treason (I don't think there is even a word of the Constitution that the concept of a 'Secret Court' doesn't violate).

    Hell, they could at least allow companies to reveal the contents of the request after the fact.

    1. Anonymous Coward
      Anonymous Coward

      Re: "..ordered by a secret court to hand over data and not tell anyone about it."

      That will happen the day after America allows its citizens to be prosecuted for war crimes...

    2. a_yank_lurker Silver badge

      Re: "..ordered by a secret court to hand over data and not tell anyone about it."

      After the conviction, execution not by lethal injection but by at a minimum burning at the stake.

      1. Anonymous Coward
        Anonymous Coward

        Re: "..ordered by a secret court to hand over data and not tell anyone about it."

        ...given recent reports, burning at the stake was probably more humane.

  4. Gray

    Entirely too simple?

    "We have tightened the rules. Our agencies respect the new rules. Trust US."

    Ayup. Trust regained. As simple as that.

  5. David 45


    Well - what did they expect? Seems the most logical outcome to me!

  6. Charles Manning


    It seems that whenever an industry hits the skids they are always out to blame some external factor.

    The reality though is that events do not happen in a vaccuum. There are other trends happening too.

    When the US economy declined in 2001/2 it was blamed on 9/11, but the trend was clearly there before this.

    Microsoft has'nt done anything interesting for a decade or so - they've been too successful and too arrogant for too long and have lost their way.

    Even without the NSA stuff, the US tech industry was already sliding. Gone are the days when everything happened via Silicon Valley. We now have most of the world's cell phones routers etc running on Asian designed chippery with UK-designed ARM cores inside with no involvement of Silicon Valley.

    Sure, the advance of worldwide adoption of Chinese products was being thwarted by US-led xenophobic FUD. The NSA bunfight squashed that.

    So the trend has always been there, the NSA nonsense is just making it happen a bit faster.

    1. Nick Kew Silver badge

      Re: Really?

      Exactly. MS has been predominantly a cash cow for a long time. Cash cows decline over time, and that can upset those who had overlooked their bovine attributes. No wonder they look for scapegoats.

      Which is not to say it's total ****. One element in a mix.

      Downbeat story about Oracle today too. In the same boat?

      On the other hand, contrast today's Reg story about another US tech company:

      1. moiety

        Re: Really?

        I can't think of a single good move MS have made recently...I doubt if the NSA stuff has helped; but they should be looking in a mirror first.

        I had a look at signing up to XBox Live recently, with the idea of giving this multiplayer stuff a go. They wanted me to take out an XBox live subscription (sacrificing TWO email addresses in order to do so); they then wanted more money to allow multiplayer; and would only accept payment types that were registered to a credit card. You maybe get to take the piss financially OR harvest my data if it's something I want badly enough; but you certainly don't get both.

        XBox One - wall-to-wall fuckup of historical proportions

        Windows not being well received.

        And so on.

  7. LDS Silver badge

    Stay away from US products...

    ... buy Chinese ones...

    1. lambda_beta

      Re: Stay away from US products...

      But wait .... 99% of US products are Chinese!

      1. PeeKay

        Re: Stay away from US products...

        Could this be why the US proclaimed Chinese companies were into espionage - so that their 'toolkits' found in Chinese built US hardware are plausibly denied?

  8. rob miller

    pot kettle black

    "I just think that one of the fundamental prerequisites for being in the cloud business is you must offer services that people trust,"

    because corporations are so much more trustworthy than governments.

  9. Euripides Pants Silver badge

    And this guy is a lawyer?!

    "a double-digit decline in people's trust in American tech companies... has put trust at risk,"

    With amazing reasoning skills like that, I hope he's not allowed to eat with a fork.

  10. Anonymous Coward
    Anonymous Coward

    A key problem is this...

    Even if your CloudFog is hosted outside the US, i.e. within the EU. There is a risk the Five-Eyes beginning with the UK will intercept the data anyway and send it back to the US forthwith. The UK is America's bitch, the Gulf wars confirm that and their Defence and Spying interests are mutually aligned!

    I don't see a solution to this short of unplugging from the cloud entirely...As a company owner I now keep all my data offline. I use different machines and different parts of the network when needing to access the net. I have no choice, at one end I'm fighting Crypto-locker / Code Spaces vectors, at the other its our state overlords... In the middle its Symantec with products that only work some of the time! ...What's one to do...?

    Just like the banking crisis reset the world economy, the security / privacy outbreaks have reset the net IMHO. I think we are headed back to a 1990's model, namely, sensitive data stays offline, no exceptions....The Code Spaces story yesterday was terrifying. I'm sure they thought their backups were ring-fenced, but assumption is the mother of all fuckups!

    1. Yet Another Anonymous coward Silver badge

      Re: A key problem is this...

      Now try doing that if you are a european company with development teams in 5 different countries.

    2. Scroticus Canis Silver badge

      Re: A key problem is this... - "The Code Spaces story yesterday was terrifying"

      Think you might just have solved the Cloud Spaces recovery problem. If they ask really nicely maybe the NSA will give them a copy of their slurped systems and data back from the NSA's on-line archives.

      Who knew the NSA might have some real benefit to the masses?

      1. Anonymous Coward
        Anonymous Coward

        "Who knew the NSA might have some real benefit to the masses?"

        That's a good one!


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019