Friday, 24 January 2014

PRISM: Microsoft pledges to defend customer data from NSA snoops

Microsoft logo
Microsoft is considering radically reforming its information-handling and management systems in a bid to protect its customers from the National Security Agency's (NSA) PRISM snooping.
General counsel for Microsoft Brad Smith confirmed that the company is considering letting non-US customers opt to have their data only pass through and be stored in non-US data centres, during an interview with the Financial Times (FT).
Smith said the move would help allay European businesses' ongoing concerns about links with US-based technology companies. "People should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides," Smith told the FT.
It is currently unclear whether Microsoft is actually in the process of implementing the measures outlined by Smith, or how businesses could make requests to only have their data stored locally. At the time of publishing Microsoft had not responded to V3's request for comment.
It is also unclear if the measure would actually fully protect businesses from US intelligence agencies. Currently US law states that law enforcement and counter terrorism units are entitled to demand that businesses based in America hand over their data, irrespective of where it is stored if it is a matter of national security.
The NSA repeatedly used the powers during its PRISM operations, which saw it siphon vast amounts of web user data from numerous technology companies including Microsoft, Apple, Google, Yahoo, Twitter and Facebook.
The public backlash against the US government and NSA led president Barack Obama to announce a wave of reforms last Friday, regarding how and what data intelligence agencies can collect. However, many commentators remain unconvinced that the reforms will do enough to fully calm European firms' concerns.
Smith told the FT that to properly protect businesses and citizens from intelligence agencies, new international legislation is required. The current "Mutual Legal Assistance Treaty" mechanism used by the US and EU is outdated and "needs to be modernised or replaced", Smith said.
He added: "If you want to ensure that one government doesn't seek  to reach data in another country, the best way to do it is [with] an international agreement between those two countries. Secure a promise by each government that it will act only pursuant to due process and along the way improve the due process."
Microsoft is one of many companies to consider rethinking how data running on its network is carried and stored. Deutsche Telekom hinted in October that it was planning to rework its system to only route German customer data through local data centres.

No comments:

Post a Comment