A Sanctimonious Microsoft

In what is one of the longest blog posts I have ever seen from anyone, Brad Smith, Chief Legal Counsel for Microsoft, claims victory for the “people’s privacy rights” when they store information in a cloud.  As I said in my previous post, the whole issue of privacy is about Microsoft’s vision of what privacy for users of clouds is about.  It has nothing to do with privacy in a more general sense, and I doubt that Microsoft will be doing anything to warn its customers that any government has requested data on one of its accounts.  That is what makes this a sanctimonious argument.

Smith’s lengthy blog is about something I have some sympathy for - secrecy orders that are overly long and last forever.  I’m sure there are enough people in the FBI who agree.  It is too easy to make long lists of things you are searching for and ask for secrecy with the company that gets the National Security Letter.  It is partly laziness on the part of agents who want everything and can’t really justify having it.  A National Security Letter gives them cover to explore and they get protection from the providers of information.  There were several public reports about abuses of NSLs, so this would not be a surprise to very many people in Justice.  The fact that Justice is now “tightening up” their policies has very little to do with Microsoft per se.  It has been a long time coming and should have been done in the previous Administration.

But, for me to believe that Microsoft is at all concerned about the privacy of its users and really wants to notify them of attempts by any government to access information on one of its users, is a bit of a stretch.  Microsoft points to the number of NSLs it gets ( it is a compromise to allow them to do that since the NSLs are classified) but the NSLs are only the tip of the iceberg in a global company.  While they quibble about the ones in the US, they give the Chinese access to their own people’s data, and probably the Russians too.  Who knows how many counties in the world do exactly the same things when it comes to data stored on one of their citizens?

Vodafone published a long country-by-country list of which ones asked for data access all the time, part of the time, or with warrants.  It was astonishing to read.  Vodafone was not the only company affected by these govnement policies, but they were the only one that published them.  The rest of the service providers do not want us to know that the equivalent of NSLs are being presented to service providers all over the world, every day.  Many countries bypass that step altogether and get access to the data directly with no oversight at all. Should we wonder if Microsoft warns its users that is happening?  We probably don’t have to wonder about that one.

So, now tell me that when a country requests data on a Microsoft user that Microsoft is going to tell that user that the request has been made.   Surely, Microsoft does not just want this policy of theirs to apply in the US and nowhere else?  That would be hypocracy for a company so committed to “peoples’ rights”.   I suggest you look for another reason for Microsoft’s position.   This one is not very plausible.