Comments
Microsoft Privacy Case: What's At Stake?
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
mokuri
50%
50%
mokuri,
User Rank: Strategist
8/4/2014 | 6:23:40 PM
Re: News or Editorial?
Thanks for your thoughtful response, Michael. You make many fair points that prove I was too quick to pass judgment. FWIW, you definitely sound "old school" -- and I mean that in a positive way -- when it comes to objective journalism.

Regarding tech company losses over the NSA (oh very well) scandal, I'll continue to wait for the numbers. Years spent working in Investor Relations for a F100 telecom operator taught me that companies can fabricate all manner of devices to explain a down quarter, half or year -- "seasonal variations," "an unexpectedly rough winter," and now, I suppose, "foreign distrust of U.S. companies" involved, even if tangentially, in NSA spying. There were occasions in IR when I'd have loved having a readymade excuse like that.

Returning to the core issue of the Silicon Valley vs. NSA flap, as well as the current Microsoft lawsuit, there are three ironies that appear to have escaped notice -- though if you've written on these items and I missed the coverage, I apologize in advance:
  • Tech companies themselves are among the biggest collectors of customers' personal data, which they either sell to others for advertising purposes, or massage with real time predictive analytics solutions to determine which individuals will churn, which will remain loyal, how to boost customer lifetime value via tailored offers -- and which channels are most likely to succeed in upselling the customer. If the NSA exceeded its limits, it at least had an understandable motive: saving lives. Post 9-11, the marching order to the U.S. intelligence community was to do whatever it took to prevent such a tragedy ever happening again. One unfortunate result: massive collection of metadata under Section 215 of the Patriot Act. Congress is at work on "NSA reform." But however that goes, tech companies will continue to get off scott free for gathering our personal data. Their goal: profits.
  • Tech leaders including Cisco, Alcatel-Lucent, Ericsson, Juniper and others all manufacture lawful intercept hardware, available in-country or for export, that is used by law enforcement and intelligence agenies, including in some countries with despotic regimes. It's a competitive and lucrative market, i.e., tech companies profit here, too. Any doubts and I'll make be happy to provide the make and model of LI devices manufactured by the aforementioned quartet.
  • Much has been made of the assertion that NSA programs such as PRISM have produced little in the way of results. Nothing has been made of the fact that, to date, no one has discovered evidence of harm done to a single individual. Notwithstanding ethereal arguments about the potential risks to "privacy," if NSA's programs are a crime they would appear to be victimless.

 
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
8/4/2014 | 5:03:43 PM
Re: News or Editorial?
Thanks for reading, and for the constructive criticism. A few thoughts:

"'NSA Scandal.' Presumably you're referring to the greatest breach of national security in U.S. history?" Sure, you can call it that, if you want. Frankly, I think at this point that the "is all the surveillance justified" argument is well-trod ground. But I'll concede I could have referenced the rationale voiced by the NSA and other agencies, even if it's implicit. Nevertheless, I think "scandal" is appropriate. Even if you think the NSA's programs are necessary, was it not scandalous that a contract employee could single-handedly execute "the greatest breach of national security in U.S. history?" The word "scandal" can apply to both government overreach, or the incompetence with which it communicated top-secret information to people less trustworthy than their bosses supposed. Take your pick.

"If the numbers don't exist, let's drop this argument." That stat isn't beyond reproach, but it wasn't really presented like it was. The paragraph states that even though analysts were predicting huge revenue losses, many cloud companies have nevertheless achieved great momentum (while also continuing to refute some allegations). If there's any subtext there, it's that privacy concerns haven't stopped Microsoft, Google, Amazon et al from raking in the cash. The question is whether they'd be raking in more cash if the Snowden leaks hadn't occurred. The tech companies certainly say so. I received this statement today, for instance, from Carson Sweet, CEO of CloudPassage: "As we've worked with EU-based enterprises on cloud security, we've seen a marked drag in public cloud IaaS adoption as the result of privacy concerns. Most of our international customers lean toward private cloud adoption as a result, and many are waiting for non-US-based cloud providers before adoption public cloud IaaS." As your comment indicates, the tech companies aren't necessarily disinterested, so you can take their position with a grain of salt, but it's one thing to be skeptical, and another to say the concerns aren't worth discussing. The empirical, irrefutable numbers you seem to want might not exist yet, but I don't think you can just "drop" the concern. 

Russia and China: The economic and political complexities among China, Russia and the United States are significant; my reference to "political theater" was meant to allude to sanctions and all the rest while maintaining a tight scope on this specific case-- but perhaps I chose too flippant a term. But even if those factors are significant, so are the governments' efforts to ditch Microsoft products. These efforts arguably use privacy concerns as an excuse to promote local agendas, so there's still some more political murkiness there. But I'll let you convince Microsoft CFO Amy Hood that, "The idea of shedding a tear over lost sales to either nation is laughable." I'll also let you convince the majority of Microsoft investors.

To be clear, I'm not debating your ethical stance here. But it's impractical to assume Microsoft will simply shrug and say, "Whatever, we don't care, China and Russia are run by people we don't like, so good riddance." Microsoft execs have repeatedly cited China as an essential growth market, and though the IT decisions of its government don't dictate the rhythms of the country's larger market, Microsoft doesn't find this topic "laughable."

 
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
8/4/2014 | 4:29:01 PM
Re: Encryption will save us all!!!
@daniel,

Well, it depends. Users can be different than companies. Per the Stored Communications Act, a lot of the justification for companies having to turn over information derives from the fact that customers willingly gave their information to the company in the first place. Transmitting one's data to a third party, at least in some contexts, is legally tantamount to waving your expectation that privacy over that data will be respect. It might sound insane, but it's what the courts are working with, until we have clearer and more modern legal language.

But an individual user who holds the keys hasn't transmitted those keys to a third party, which muddles things, at least regarding the SCA. Westmoreland also told me that your right against self-incrimination could help you to withstand government requests for encryption keys.
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
8/4/2014 | 4:22:50 PM
Re: The Enforcement Issue
I doubt the U.S. would physically violate another country's sovereignty over something like an email, but I imagine the government could impose all kinds of financial penalties, and potentially charge Microsoft employees in some way.
Michael Endler
50%
50%
Michael Endler,
User Rank: Author
8/4/2014 | 4:20:03 PM
Re: Is the subject of the investigation a US resident?
The customer in question is not publicly identified, nor is his country of origin. The data that tech companies are allowed to share regarding government requests is far, far from complete, but suffice to say, the government doesn't just ask about U.S. citizens. The impression I got talking to the people cited in this article is that the final legal rationale will be quite important. For example, even if the case does involve a U.S. citizen (which again, isn't clear), the ruling could still leave open the door for international searches. And if the case involves a foreign citizen, then the issue is academic. It's not like there's been a shortage of bizarre justifications coming out of the judiciary lately, though the courts have been kind of unpredictable regarding privacy and warrants--e.g. the Supreme Court's recent cell phone ruling increased privacy protections. Judges use smartphones, and judges use email too, after all. 


As for whether the U.S. "allows" Russia or Iran to behave similarly-- that's the potential concern, that U.S. will set a precedent for far-reaching searches of electronic data, and that other countries will base their policies similarly.
TerryB
50%
50%
TerryB,
User Rank: Ninja
8/4/2014 | 1:13:40 PM
Re: The dog ate it
Ha! I never have heard what email system IRS uses, it was probably Exchange. So you are right, data may not actually be there when they go get it anyway.
FreonPSandoz
50%
50%
FreonPSandoz,
User Rank: Apprentice
8/3/2014 | 11:42:20 PM
Is the subject of the investigation a US resident?
"He also worried the ruling indicates that 'storing data with a company in the U.S. essentially turns you into a U.S. citizen.'" Is that true? I had been assuming that US prosecutors were investigating a US resident in this case. The article doesn't say anything about the residency or citizenship of the investigation subject. It is totally unacceptable for a US police agency or prosecutors to a pursue a foreign resident in such a manner. Does the US allow Russia and Iran to investigate US citizens in this manner? Of course not.
FreonPSandoz
50%
50%
FreonPSandoz,
User Rank: Apprentice
8/3/2014 | 11:29:43 PM
Re: The Enforcement Issue
No, the court would probably hold Microsoft in contempt and levy a fine for each day that Microsoft refuses to comply.
asksqn
100%
0%
asksqn,
User Rank: Ninja
8/3/2014 | 7:07:43 PM
The dog ate it
MS could always pull a Lois Lerner - the dog not only ate its email but also crashed its hard drives -six times in six years.

 
JeremiahJ242
100%
0%
JeremiahJ242,
User Rank: Apprentice
8/3/2014 | 6:09:16 AM
The Enforcement Issue
One point I haven't seen brought up yet is enforcement. If Microsoft refuses to hand over the information, does the justice department plan to invade Ireland and violate long held international treaties? I think not. Laws are only as strong as the enforcement that follows them.
Page 1 / 2   >   >>


IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Oct. 20, 2014
Energy and weather agencies are busting long-held barriers to analyzing big data. Can the feds now get other government agencies into the movement?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.