A User's Guide to Downplaying Your Role in Government Surveillance

Please know that it is equally frustrating to me, as it is to you, that I cannot provide more detail on the value these programs provide and the strict limitations placed on how this information is used.

Government lawyers have yet to respond to the petition we filed in court on June 19, seeking permission to publish the volume of national security requests we have received. We hope the Attorney General can step in to change this situation.

Until that happens, we want to share as much information as we currently can.

Not only has Congress been briefed on these programs, but laws passed and enacted since 9/11 specifically authorize them. The surveillance programs are authorized by the Foreign Intelligence Surveillance Act (FISA), which itself was enacted by Congress in 1978 to establish the legal structure to carry out these programs, but also to prevent government abuses, such as surveillance of Americans without approval from the federal courts. The Act authorizes the government to gather communications and other information for foreign intelligence purposes.

First, while we did discuss legal compliance requirements with the government as reported last week, in none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption. Second, these discussions were instead about how Microsoft would meet its continuing obligation to comply with the law by providing specific information in response to lawful government orders.

First, I understand your concerns and want to point out that by law, the government cannot listen to an American's telephone calls or read their emails without a court warrant issued upon a showing of probable cause.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."

We continue to enhance and evolve the Skype offerings and have made a number of improvements to the technical back-end for Skype, such as the 2012 move to in-house hosting of “supernodes” and the migration of much Skype IM traffic to servers in our data centers. These changes were not made to facilitate greater government access to audio, video, messaging or other customer data. ... Even in these circumstances Microsoft remains committed to responding only to valid legal demands for specific user account information. We will not provide governments with direct or unfettered access to customer data or encryption keys.

These surveillance programs have proven to be very effective in identifying terrorists, their activities, and those associated with terrorist plots, and in allowing the Intelligence Community and the Federal Bureau of Investigation to prevent numerous terrorist attacks. More information on this should be forthcoming.

Cutting through the technical details, all of the information in the recent leaked government documents adds up to two things. First, while we did discuss legal compliance requirements with the government as reported last week, in none of these discussions did Microsoft provide or agree to provide any government with direct access to user content or the ability to break our encryption. Second, these discussions were instead about how Microsoft would meet its continuing obligation to comply with the law by providing specific information in response to lawful government orders.