A former privacy policy guru for Microsoft said he no longer trusts Microsoft or its software; he added that Microsoft’s corporate strategy is to grind down your privacy expectations.
“Your privacy is very important to us,” Microsoft is fond of saying. But if a former Microsoft Privacy Chief no longer trusts Microsoft, should you?
“I don’t trust Microsoft now,” stated Caspar Bowden. Although you’ve heard people say that before, the difference is that, from 2002 to 2011, Bowden was the man in charge of Microsoft’s privacy policy for 40 countries. The United States was not one of those countries, and Bowden said he did not know about the PRISM data-sharing program.
Bowden’s statements were made during a conference about privacy and surveillance that was held in Lausanne, Switzerland, and reported on by the Guardian. At one point, Bowden’s presentation slide showed a “NSA surveillance octopus” to help illustrate the evils of surveillance in the U.S. cloud; but this was not a PowerPoint presentation. He was using LibreOffice 3.6 because he doesn’t trust Microsoft software at all anymore. In fact, he said he only uses open source software so he can examine the underlying code.
An attendee pointed out that free software has been subverted too, but Bowden called open source software “the least worst” and the best option to use if you are trying to avoid surveillance. Another privacy tip…the privacy pro also does not carry a personal tracker on him, meaning Bowden gave up on carrying a mobile phone two years ago.
No privacy in the cloud: zero, zippy, none
According to Bowden, “In about 2009 the whole industry turned on a dime and turned to cloud computing – massively parallel computation sold as a commodity at a distance.” He said, “Cloud computing leaves you no privacy protection.” However, “cloud computing is too useful to be disinvented. Unlike Echelon, though, which was only interception, potentially all EU data is at risk. FISA (Foreign Intelligence Surveillance Act) can grab data after it’s stored, and decrypted.”
Bowden authored a paper about “the U.S. National Security Agency (NSA) surveillance programs (PRISM) and Foreign Intelligence Surveillance Act (FISA) activities and their impact on EU citizens’ fundamental rights.” While it mostly dissects how “surveillance activities by the U.S. authorities are conducted without taking into account the rights of non-U.S. citizens and residents,” it also looks at some “serious limitations to the Fourth Amendment for U.S. citizens.”
“The thoughts prompted in the mind of the public by the revelations of Edward Snowden cannot be unthought. We are already living in a different society in consequence,” Bowden wrote [pdf]. He again pointed out the dangers to privacy in cloud computing. “The scope of FAA creates a power of mass-surveillance specifically targeted at the data of non-U.S. persons located outside the U.S., including data processed by ‘Cloud computing’, which eludes EU Data Protection regulation.”
Data can only be processed whilst decrypted, and thus any Cloud processor can be secretly ordered under FISA 702 to hand over a key, or the information itself in its decrypted state. Encryption is futile to defend against NSA accessing data processed by US Clouds (but still useful against external adversaries such as criminal hackers). Using the Cloud as a remote disk-drive does not provide the competitiveness and scalability benefits of Cloud as a computation engine. There is no technical solution to the problem.
He concluded that there is an “absence of any cognizable privacy rights for ‘non-U.S. persons’ under FISA.”
Microsoft’s strategy: Grind down people’s privacy expectations
It was Bowden’s position over privacy policies for Microsoft that makes his point of view important. This man, a privacy expert, no longer trusts Microsoft as a company, nor its software.Microsoft ‘your privacy is our priority’ Yet Microsoft (and most all other companies) love to publicize the quote, “Your privacy is very important to us.” But does Microsoft really care about your privacy?
During an interview with Bowden, the London School of Economics and Political Science (LSE) asked, “Do you think the general public understands how much privacy they have in the digital world?”
Bowden replied, “There’s been a grinding down of people’s privacy expectations in a systematic way as part of the corporate strategy, which I saw in Microsoft.”
Regarding the Guardian’s report that Bowden does not trust the Redmond giant, Microsoft sent this PR-damage control statement to CNET:
“We believe greater transparency on the part of governments – including the U.S. government – would help the community understand the facts and better debate these important issues. That’s why we’ve taken a number of steps to try and secure permission, including filing legal action with the U.S. government.”
About that transparency…LSE asked Bowden, “What’s your view on the transparency policies of tech-companies?”
Bowden replied, “It is purely public relations strategy – corporate propaganda aimed at the public sphere – and due to the existence of secret mass-surveillance laws will never be truly transparent.”
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com