Government Surveillance: With the Damage Comes Promise

All rights reserved by RSA Conference
All rights reserved by RSA Conference

“We do not put backdoors in our products and services. That’s just economic suicide”, Charney said during his RSA Conference keynote address. It was a point that he reiterated with me when we sat down the day after the speech, as we dissected several angles of the government surveillance controversy.

Microsoft has done its part to remain as transparent as possible when it comes to government information requests, periodically publishing reports on demands for data from law enforcement and global governments. I asked Charney to explain the internal thought process at Microsoft when such a request comes through. “It’s a fascinating dilemma, but citizens have the same privacy vs. safety conflict as well – governments and people want both”, he tells me, adding that “the same problem exists for industry.”

The Microsoft corporate VP explains that the debate over privacy and security “will take years” before the correct balance is struck. “We decided to listen to our customers, so we have made the decision to encrypt everything, everywhere”, he says, highlighting Microsoft’s recent move to expand encryption across its service offerings. And with this decision, Charney asserts, his company has made access to its customer data far more difficult for government actors without a proper legal order.

“We have always been principled in our approach”, he reiterates. “So we don’t need to worry about Snowden’s disclosures. “We don’t do offense”, Charney continues, noting that Microsoft could not stand by and support one customer at the expense of attacking another. “We don’t do back doors”, he reaffirms. “If you put back doors in your products, then you will end up having no customers.”

I ask Charney, point blank, have Edward Snowden’s disclosures about government surveillance hurt technology and internet-based companies? His response is quick, yet even-handed.

“It has damaged us, yes. But also no.” Charney then explains: “The problem with Snowden’s statements around PRISM is that they weren’t true. The government got this data, not from our servers, but from the telecommunications pipes. But there is still a fair amount of suspicion about these surveillance programs”. He’s also quick to point out that although criticism is primarily focused on the US government, the NSA and other government agencies are far from the only contestants in the communications surveillance game. “The US”, Charney maintains, “doesn’t have the entire market on intelligence gathering.”

What Microsoft does do, however, is comply with the laws and regulations in the areas where it operates. Charney insists that his company does not readily hand over customer data without proper legal due process. One move he champions is allowing companies to report on National Security Letters issued by the US government, as a means to bolster privacy and regain the trust of customers and the general public. Charney admits, “The government has a unique job to do, in that they are both the protector and exploiter of the internet.”

But the Microsoft corporate VP does take issue with the value and legal issues surrounding bulk data collection, explaining that the government “are seizing the haystack and looking for the needle”. The former prosecutor then goes deeper into his legal explanation, asking hypothetically: “If seizing the hay in the home is not acceptable, then why would it be acceptable to do so on the internet?”

Then our conversation steers back to transparency. If there is a ‘sliver bullet’ to the privacy vs. security balance, it’s obvious from Charney’s opinions that transparency is the key. This includes efforts on the part of the government, the technology industry, and certainly the company that issues his pay check. To counteract the surveillance state, he notes it’s imperative for the tech industry to continue advancing security technology, and highlights Microsoft’s own efforts in the area. This includes the expected opening of regional transparency centers, the first of which is expected to open in Brussels by the end of this year.

Despite the damage to reputation, and the PR kerfuffle, Charney remains optimistic about the future of the technology industry despite the shadow cast by the government surveillance controversy. I close by asking him what tech and internet companies can do to regain public and customer trust, regardless of the veracity contained in Edward Snowden’s charges of complicity. “These things will ultimately prove good for security”, he responds. “When we have bad incidents, there is a reaction, and that reaction gets us past the inertia stage.”

What’s hot on Infosecurity Magazine?