September 7, 2013
Microsoft, Yahoo, and Google expressed unease Friday about the National Security Agency’s ability to bypass online security systems that protect the privacy of internet users.
Yahoo said in a statement that if such an effort by the NSA and its British counterpart GCHQ to compromise encryption privacy protections used online exists, “it offers substantial potential for abuse.” Microsoft and Google also both signaled concern and an unawareness of the intelligence agencies’ encryption-thwarting methods.
The New York Times, the Guardian, and ProPublica published Thursday information obtained from Edward Snowden outlining how the agencies have circumvented  the encryption methods used to secure emails, chats, and essentially most internet traffic that was previously thought to be protected. In addition, a GCHQ team has worked to infiltrate encrypted traffic on the “big four” service providers: Google, Yahoo, Microsoft’s Hotmail (now known as Outlook), and Facebook.
“We are unaware of and do not participate in such an effort,” a Yahoo spokesman said Friday. “Yahoo zealously defends our users’ privacy and responds to government requests for data only after considering every applicable objection and in accordance with the law.”
A Microsoft spokesperson said, “We have significant concerns about the allegations of government activity reported yesterday and will be pressing the government for an explanation.”
Microsoft and Google are currently teaming up on a lawsuit  against the US government for the right to reveal more information about official requests for customer data by American intelligence. The companies are set to file legal briefs in the case on Monday.
As for the encryption revelations, a spokesman for Google said, “The security of our users’ data is a top priority. We do not provide any government, including the US government, with access to our systems. As for recent reports that the US government has found ways to circumvent our security systems, we have no evidence of any such thing ever occurring. We provide user data to governments only in accordance with the law.”
Google is ramping up its efforts to encrypt all information passing through its system, The Washington Post reported late Friday. The effort was started last year but was accelerated in June when it was revealed via Snowden’s leaks that Google and other companies are legally compelled to share data with the NSA through its PRISM program.
Google did not comment on how much the initiative will cost, nor did they offer clues as to the scope of the project or what exact technology will be used. The effort is expected to be completed soon, months ahead of schedule.
The Post said that other companies – including Microsoft, Apple, and Facebook – are now using more encryption for some of their services, at varying levels of sophistication.
On Friday, Yahoo shared  its first transparency report with the public, citing what it could about government requests made to the company.
“Our legal department demands that government data requests be made through lawful means and for lawful purposes,” Ron Bell, Yahoo’s general counsel, wrote Friday. “We regularly push back against improper requests for user data, including fighting requests that are unclear, improper, overbroad or unlawful. In addition, we mounted a two-year legal challenge to the 2008 amendments to the Foreign Intelligence Surveillance Act and recently won a motion requiring the US government to consider further declassifying court documents from that case.”
Reacting to the encryption stories, the office of the director of national intelligence (ODNI) said Friday that it should “hardly be surprising that our intelligence agencies seek ways to counteract our adversaries’ use of encryption.”
The ODNI, which heads US intelligence-gathering efforts, said in a statement “the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news,” but went on to warn that the revelations may cause harm to national security.
“The stories published yesterday, however, reveal specific and classified details about how we conduct this critical intelligence activity,” ODNI said. “Anything that yesterday’s disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.”