Microsoft’s U.S. law enforcement and national security requests for last half of 2012 - Microsoft on the Issues. Posted by John FrankVice President & Deputy General Counsel, Microsoft This afternoon we are publishing additional information about the volume of law enforcement and national security orders served on Microsoft. For the first time, we are permitted to include the total volume of national security orders, which may include FISA orders, in this reporting.
We are still not permitted to confirm whether we have received any FISA orders, but if we were to have received any they would now be included in our aggregate volumes. Earlier this week, along with others in the industry, we called for greater transparency about the volume and scope of the national security orders, including FISA orders, which require the disclosure of some customer content.
We believe this would help the community understand and debate these important issues. Since then, we have worked with the FBI and U.S. We appreciate the effort by U.S. government today to allow us to report more information. Microsoft May Add Eavesdropping To Skype. The U.S. Patent and Trademark Office published a Microsoft patent application that reaches back to December 2009 and describes “recording agents” to legally intercept VoIP phone calls.
The “ Legal Intercept ” patent application is one of Microsoft’s more elaborate and detailed patent papers, which is comprehensive enough to make you think twice about the use of VoIP audio and video communications. The document provides Microsoft’s idea about the nature, positioning and feature set of recording agents that silently record the communication between two or more parties. The patent was filed well before Microsoft’s acquisition of Skype and there is no reason to believe that the patent was filed with Skype as a Microsoft property in mind. However, the patent mentions Skype explicitly as an example application for this technology and Microsoft may now have to answer questions in which way this patent applies to its new Skype entity and if the technology will become part of Skype. Microsoft admits Patriot Act can access EU-based cloud data.
Editor's note: This article was first published in June 2011. This ultimately sparked a transatlantic dispute over the sovereignity of data, and ignited a change in European data protection and privacy law. In June 2013, the NSA's domestic and international surveillance program was uncovered. The article you are now reading showed back in 2011 that the Patriot Act's reach is not limited to the U.S., and can affect EU citizens and those around the world. University law researchers also confirmed this was the case. LONDON, U.K. — At the Office 365 launch, Microsoft U.K.' After a year of researching the Patriot Act's breadth and ability to access data held within protected EU boundaries, Microsoft was the first cloud provider to openly admit it.
The question put forward: Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances — even under a request by the Patriot Act? Related: Skype's ominous link checking: facts and speculation. 17 May 2013, 16:13 By Jürgen Schmidt Our discovery that URLs sent through Skype are then visited by Microsoft has caused quite a stir. A little more information has now emerged and leads to even more questions. Early this week, The H reported on how heise Security had discovered that links sent in private Skype chat sessions were being visited by a Microsoft system shortly afterwards.
They found that only HTTPS URLs were accessed, and that Microsoft used all the transmitted information – including any session or user IDs that are often contained in HTTPS URLs. Pages were accessed via HEAD requests, which means that only administrative information was retrieved, but no page content. The facts of the report as published were confirmed by several independent experts .
There have been speculations that the issue is caused by a security feature that is part of Microsoft's SmartScreen Filter . The next question is: how does Microsoft intend to rate a page without knowing its content? Skype with care – Microsoft is reading everything you write. Anyone who uses Skype has consented to the company reading everything they write. The H 's associates in Germany at heise Security have now discovered that the Microsoft subsidiary does in fact make use of this privilege in practice. Shortly after sending HTTPS URLs over the instant messaging service, those URLs receive an unannounced visit from Microsoft HQ in Redmond. A reader informed heise Security that he had observed some unusual network traffic following a Skype instant messaging conversation. The server indicated a potential replay attack. 65.52.100.214 - - [30/Apr/2013:19:28:32 +0200] "HEAD /... The access is coming from systems which clearly belong to Microsoft. In response to an enquiry from heise Security, Skype referred them to a passage from its data protection policy : "Skype may use automated scanning within Instant Messages and SMS to (a) identify suspected spam and/or (b) identify URLs that have been previously flagged as spam, fraud, or phishing links.
" ( djwm ) [cryptography] skype backdoor confirmation. Using the Microsoft Geolocalization API to retrace where a Windows laptop has been | From Information to Intelligence. EDIT (Tuesday 2nd August) Microsoft Statement is available from here EDIT (Sunday 31th July) The flaw is fixed: I had a phone call with some people from Microsoft yesterday (yes on a Saturday) and they told me they fixed the problem. I will update this post with their response as soon as it is out. The demo code does not work anymore. In our upcoming BlackHat talk, we will show you how the WiFi data stored by Windows can be used to geolocate where your computer has been. How can you retrace where a computer has been? While analyzing what computer-specific data is recorded by Windows, we found out that for each access point a computer is connected to, Windows records its MAC address and the last time of connection. Since last year, using the Google geolocation API to locate routers via their MAC address has been a pretty hot topic.
Why things are never easy When I started writing the OWADE’s geolocation module, I thought it would be as easy as querying Google like I did last year. Microsoft shutters Wi-Fi data over privacy. Microsoft has ceased publishing the estimated locations of millions of laptops, mobile phones and other devices with Wi-Fi connections around the world, after an article on Friday from ZDNet Australia 's sister site CNET highlighted privacy concerns. The decision to rework Live.com's geolocation service comes after scrutiny of the way that Microsoft made available its database, assembled by both Windows Phone 7 phones and what the company calls "managed driving" by Street View-like vehicles that record Wi-Fi signals accessible from public roads.
Every Wi-Fi device has a unique ID, sometimes called a MAC address, that cannot normally be changed. Live.com's database, which published the precise geographical locations of Wi-Fi devices, was working normally last Friday. By Saturday morning, Elie Bursztein , a postdoctoral researcher at the Stanford Security Laboratory, who had analysed the Live.com service, noticed that access had been restricted. June: July: April: Via CNET. Microsoft's Web map exposes phone, PC locations | Privacy Inc. Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and makes them available on the Web without taking the privacy precautions that competitors have, CNET has learned. The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets. Unlike Google and Skyhook Wireless, which have compiled similar lists of these unique Wi-Fi addresses, Microsoft has not taken any measures to curb access to its database.
Google tightened controls last month in response to a June 15 CNET article , and Skyhook uses a limited form of geolocation to protect privacy. Bursztein recommended that Microsoft adopt some of the same limits that its competitors already have. "I think what Google does is the smart thing to do," he said. "It's a pretty good solution. " Updated 11:05 a.m. How the new ‘Protecting Children’ bill puts you at risk. Last Thursday the U.S. House of Representatives' judiciary committee passed a bill that makes the online activity of every American available to police and attorneys upon request under the guise of protecting children from pornography.
Note: Update with citizen petitions on page 2. The Republican-majority sponsored bill is called the Protecting Children From Internet Pornographers Act of 2011. It has nothing to do with pornography, and was opposed by over 30 civil liberties and consumer advocacy organizations, as well as one brave indie ISP that is urging its customers to do everything they can to protest the invasion of privacy. "Protecting Children" forces ISPs to retain customer names, addresses, phone numbers, credit card numbers, bank account numbers, and dynamic IP addresses. It's like having your wallet plus the web sites you visit tracked and handed over on request.
(I have to wonder if ISPs can sell this data, too.) This has nothing to do with porn. Small ISPs Are Ringing The Alarm. Microsoft May Add Eavesdropping To Skype.