Tech giants finally grow a spine and resist NSA spying

Microsoft, privacy advocate — who’d have thunk it? The new regime in Redmond is taking up the cudgels, challenging the right of federal prosecutors to make it hand over a customer’s email that’s stored abroad. What’s more, Verizon — never known as a customer-friendly outfit — is on the same side, filing a brief in support of Microsoft’s legal claim, and other telcos are following suit.

Verizon’s action occurred Tuesday, and Microsoft’s was disclosed Monday. But they’re hardly the first shifts in corporate actions related to privacy we’ve seen in the year since former National Security Agency contractor Edward Snowden stole, then disclosed thousands of classified documents related to the NSA’s Orwellian campaign of spying.

[ Also on InfoWorld: What Edward Snowden taught us about privacy. | Cut to the key news for technology development and IT management with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]

Major U.S. companies have begun to publish so-called transparency reports that detail (to the extent the law permits) requests by governments to hand over user data, a move only Google had made in the past. That trend is even spreading abroad. Vodafone, the world’s second-largest carrier behind China Mobile, last week released a report outlining the scope of government surveillance into private phone communications in the 29 countries where it operates.

Am I surprised? Not entirely. Revelations that the U.S. government has built backdoors into systems sold overseas by Cisco and other companies have already taken a bite out of corporate profits. Whether the CEOs of Microsoft and Verizon really care about privacy is irrelevant. They care about sales, so they need to convince customers that their data is secure. Companies with operations abroad, particularly in privacy-sensitive Europe, know that many of their users are outraged as well.

There is a widespread sense in the United States that the government has gone too far and tech companies have done little (maybe nothing) to push back. As a result, even companies that don’t have to worry about losing foreign sales are becoming more transparent and are boosting encryption in an effort to regain the trust of their users.

It’s Microsoft versus the feds

Last December, a federal magistrate granted a search warrant that would have forced Microsoft to surrender a customer’s emails that were stored in a Dublin data center. The warrant was issued in connection with a criminal investigation, but few details of the alleged crime or the identity of the owner of the emails are known.

Microsoft fought the warrant but lost and is now appealing in federal district court. Turning over that email, Microsoft said in the court filing released this week, “would violate international law and treaties, and reduce the privacy protection of everyone on the planet.” That’s strong stuff, particularly coming from a company like Microsoft.

The case has implications for domestic privacy as well, says Hanni Fakhoury, a staff attorney for the Electronic Frontier Foundation. “The magistrate [in effect] rewrote the law,” and that weakens Fourth Amendment protections here in the United States, he tells me. The EFF will file its own brief tomorrow and other large telecommunications companies will follow suit, he says, although he declines to name them.

In a separate case last year, Microsoft received a National Security Letter — the NSA’s version of a subpoena — requesting “basic subscriber information” regarding an “enterprise” customer. What’s more, the letter contained a gag order to prevent the company from telling the customer it had turned over its data.

Microsoft challenged the gag order, saying it was a violation of the First Amendment. The government backed down.

Meanwhile, the software giant is encrypting many of its products, including Hotmail and Outlook, and encryption for Office 365 is coming, the company said at its TechEd conference last month. By 2015, it will use 2,048-bit encryption, a stronger protection level that would take a government far longer to crack.

The company’s general counsel, Brad Smith, last week issued a call for widespread checks on data collection by the government, saying, “The U.S. government needs to address important unfinished business to reduce the technology trust deficit it has created,” he wrote in a blog post.

Who has your back? Some surprising tech giants do

Which tech companies can you trust when it comes to protecting your privacy from government intrusion? Not Snapchat, not Amazon.com, and not Comcast, according to the EFF’s fourth annual “Who Has Your Back” report, released last month. The fact that these companies made the “bad guys” list isn’t much of a shock.

What is surprising is that Facebook and Google, often maligned for playing very fast and loose with personal data, come off looking very good. Those two companies (along with Apple, Credo Mobile, Dropbox, Microsoft, Sonic.net, Twitter, and Yahoo) received a perfect six stars in the report that gauges how hard companies fight to protect users’ privacy from government data requests. In 2013, only Sonic.net made the six-star list.

The change has been dramatic. Not too long ago, Google was one of the very few — maybe the only — major tech company that routinely issued a transparency report detailing requests by the government for user data. “The sunlight brought about by a year’s worth of Snowden leaks appears to have prompted dozens of companies to improve their policies when it comes to giving user data to the government,” says EFF Activism Director Rainey Reitman.

That’s a lot of progress, even if many still vacuum up your personal data to help sell ads. It doesn’t matter much whether Silicon Valley’s newfound backbone in resisting government spying is motivated by principles or is simply a matter of protecting the bottom line. It’s very good news. What a pleasure to write about tech companies doing the right thing — for a change.

I welcome your comments, tips, and suggestions. Post them here (Add a comment) so that all our readers can share them, or reach me at bill@billsnyder.biz. Follow me on Twitter at BSnyderSF.

This article, “Tech giants finally grow a spine and resist NSA spying,” was originally published by InfoWorld.com. Read more of Bill Snyder’s Tech’s Bottom Line blog and follow the latest technology business developments at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.