Recently, I came across a conspiracy theory that Microsoft is spying on us using the Malicious Software Removal Tool (MSRT). This theory has no doubt been given new impetus by Microsoft's (unrelated) training police forces in computer forensics, which seems like a bad idea to me. But I have to wonder; does the fault lie with Microsoft, or is it just a result of our shrinking liberties?Microsoft has been very open about the goals of MSRT. Recall that before MSRT existed, Microsoft came under fire for not doing anything about malware. So the company did something to answer that criticism. Microsoft has written papers about MSRT and provides ongoing information about MSRT detections. Many other companies that track malware make their stats available as well.

When Google, Yahoo, and Microsoft came under fire by U.S. politicians for being too cozy with Chinese authorities, there appeared to be no hint of irony in the accusation. After all, American telecommunications companies have probably been even cozier with federal authorities in providing wiretaps without court orders. Now those companies are seeking retroactive immunity from prosecution for those acts they've yet to admit they committed.

However, I do think that the telecoms are the exception, not the rule. It actually seems to be easy for the feds to issue a National Security Letter so they don't need a lot of cooperation. The "beauty" of the letter is that it includes a gag order to prevent the target company from even saying the information has been requested. The Internet Archive fought an NSL and won, but that is the exception rather than the rule. Otherwise we'd hear about more victories.

Let's go back to Microsoft paranoia. When I asked a Microsoft spokesperson about the company's policies on disclosing information, I received this statement:

Microsoft does not provide personal information to law enforcement or government agencies without proper legal authority. Microsoft responds to government requests for such information when presented with the appropriate court order, national security letter, or subpoena.

If you ask any major company in the United States the same question, you are going to get basically the same answer. They can only protect your privacy as much as the government allows them to do it. Do you expect someone inside Microsoft, Yahoo, Google, or Apple to defy the government and go to jail in order to protect your information?

It comes down to this: Whatever you do and wherever you go on the Internet, you are leaving trails of data that are being recorded. Most companies treat that data as valuable, protect it from misuse, and make sure it follows their privacy policies. Yet no matter what the privacy policy of a company says, they have to surrender whatever data they have when the feds come-a-calling. If that makes you uncomfortable, blame the government and not Microsoft.