The Syrian Electronic Army unearthed documents alleging that Microsoft is another candidate in the series of tech companies collaborating with the U.S. government to obtain users’ personal information. The hacker group, best known for hijacking western media companies’ social media accounts, may not seem like the most credible of sources given its political objectives, but a series of coinciding events, coupled with Microsoft declining to comment, proves otherwise.
The documents were explicitly handed to TheDailyDo t, where they were analyzed by a team of lawyers and technologists to confirm their validly before the any information was published. What we then see is a series of emails and invoices between Microsoft’s Global Criminal Compliance team and the FBI’s Digital Intercept Technology Unit (DITU) highlighting how much the company earns per year in its transactions with the FBI.
The dollar value
In one example, Microsoft emailed DITU a PDF invoice for a total for $145,100 at $100 per data request in December 2012, and $352,200 at a rate of $200 per request in August 2013. The most recent transaction occurred in November 2013, totally $281,000.
What is DITU?
The Digital Intercept Technology Unit is likened by law enforcement and technology officials as the FBI’s foreign policy equivalent of the NSA. The low-profile unit is actually mentioned as an aside in one of the documents leaked by former NSA contractor, Edward Snowden, portraying its connection to the data-gathering efforts of the PRISM program that grants the NSA access to the communication records of nine major American tech companies, including Microsoft.
Evidence of truth
Absolutely verifying the documents present by the SEA is impossible without confirmation from Microsoft itself, but TheDailyDot’ s staff attorney Nate Cardozo states there are multiple clues promoting its legitimacy. “I don’t see any indication that they’re not real,” he declares, “if I was going to fake something like this, I would try to fake it up a lot more sensational than this.” Cardozo is arguing that if the SEA truly wanted to smear Microsoft, it would use a bit more hyperbole.
Secondly, it’s known fact that the SEA attacked Microsoft with a phishing attack twice before leaking the documents. After hijacking the company’s twitter account in the second, an SEA representative commented to The Verge , “we are making some distraction for Microsoft employees so we can success in our main mission,” presumably alluding contemporary document leak.
Thirdly, Microsoft posted on their blog two weeks following the hack, admitting “[We] have learned that there was unauthorized access to certain employee email accounts, and information contained in those accounts could be disclosed. It appears that documents associated with law enforcement inquiries were stolen.” This entire finagle should come as no surprise, given the New York Times previously confirmed that the CIA pays AT&T more than $10 million a year.
This is all legal
The casual nature of these business transactions illustrates a familiarity of repetition, a seemingly “been there, done that” attitude. But don’t fool yourself for a moment thinking that Microsoft has done anything illegal. According to the U.S. Code of Law, clause 18 U.S. Code § 2518 which outlines the procedures for interception of wire, oral or electronic communications, companies are within their right to demand compensation disclosing customer data to government agencies. These emails between Microsoft and FBI’s DTIU serve only draw attention to how frequently this occurs.
Via DailyDot
Learn more about Electronic Products Magazine