Microsoft let NSA bypass encryption on mail, chats and cloud storage, says Guardian

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
By Suzanne Choney
New disclosures shared by Edward Snowden focus on Microsoft.The Guardian, via Reuters, file

Microsoft worked with the National Security Agency and the FBI to provide the agencies with the encryption workarounds they needed for access to Skype video calls, Outlook Web chats and email, and information stored on Microsoft's cloud-based SkyDrive, according to new information shared by NSA leaker Edward Snowden with the Guardian newspaper.

In the latest round of disclosures about data-gathering practices of law enforcement in a program known as "Prism," Microsoft "has collaborated closely with U.S. intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian," the newspaper reported Thursday.

The new files "provided by Edward Snowden illustrate the scale of cooperation between Silicon Valley and the intelligence agencies over the last three years," the Guardian said.

Microsoft, in a statement to NBC News, did not address the encryption workaround specifically, but said, "We only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

"To be clear, Microsoft does not provide any government with blanket or direct access to SkyDrive,, Skype or any Microsoft product."

The company said when it upgrades or updates products, "legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues."

ACLU principal technologist Chris Soghoian told NBC News that the new revelations show that "time and time again, companies that specifically advertise their services as privacy protecting have been forced to circumvent those privacy protections to enable the government to spy on their customers."

Microsoft isn't the only technology company believed to be cooperating with the government to share data, but it is the first to have more details revealed since the initial disclosures last month by Snowden.

At that time, he said that Microsoft and other technology companies like Google, Facebook, Apple, Yahoo and AOL were allowing the FBI and NSA to look at Americans' video, audio, photos, emails and other data files under what is known as the Prism program. Most of the companies, including Microsoft, have since requested government permission to share the information requests that have been made to them.

According to the information shared by Snowden with the Guardian, Microsoft "helped the NSA to circumvent its encryption to address concerns that the agency would be able to intercept Web chats on the new portal."

Microsoft completed the transfer of its 300 million Hotmail users to, a more modern webmail experience, in May. The NSA "already had pre-encryption stage access to email on, including Hotmail," the Guardian said.

The Redmond, Wash.-based company "also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in that allows users to create email aliases," the newspaper said.

Video-chat service Skype "worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio," the Guardian said.

There have been concerns since Microsoft bought Skype in 2011 about what data the Redmond company is sharing with law enforcement. Last January, dozens of organizations, including the Electronic Frontier Foundation and Digital Rights Foundation, sent an open letter to Microsoft asking how, when and why the popular video chatting program complies with government requests for information.

In March, Microsoft published a transparency report about Skype, and other of its services.

"Microsoft and Skype received a total of 75,378 law enforcement requests," the company said in the report. "Those requests potentially impacted 137,424 accounts. While it is not possible to directly compare the number of requests to the number of users affected, it is likely that less than 0.02 percent of active users were affected."

The Guardian reports that Microsoft also worked with the FBI this year "to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide."

In its statement Thursday, Microsoft said it has "clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues."

The company takes its "commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes." Microsoft's compliance team "examines all demands very closely, and we reject them if we believe they aren't valid."

Snowden, 30, has worked with the Guardian since last month to share information he learned in his time as an NSA contractor about data-gathering practices of the NSA, one of the country's most secretive agencies.

He is now believed to be staying in the transit zone of Moscow’s Sheremetyevo Airport, as he decides where he can go for asylum and where he can avoid being extradited to the United States. Federal prosecutors have charged Snowden with three counts of espionage.