I give Microsoft some credit for fighting the government over access to its customers’ accounts. This battle is not over, but suffice it to say the government will always win and get what it wants in an era of ever-increasing terrorism.
Microsoft, according to reports, has received 2,600 secrecy orders for data from the Microsoft cloud, which comes with a gag order, though that number could be bogus. (The number 2,600 in itself is suspect since it refers to 2600 Hz, the unused line signaling frequency for long distance POTS calls and 2600 Magazine the Hackers Quarterly. The number may be a nod to someone or a group of some sort. End of digression.)
Also calling these “secrecy letters” is usually a reference to the ludicrous patent secrecy letters that impedes American inventiveness. Read this and weep. It’s more likely that National Security Letters (NSL) are involved. Here is an excellent rundown of that device.
A Threat to the Cloud Business
Whatever the case, and whichever form of government demand mechanism is used, it has to be a pain in the butt for Microsoft whether it gets 10 or 10,000 of these requests and demands. It rightly sees all of them as a threat—to its cloud business in particular.
I’m seeing more lost sales to American companies. If I am concerned about my trade secrets, internal memos, strategy sessions, and internal proprietary tricks, I might not want to use Microsoft cloud products. This is a trade issue in a global economy. I might prefer a Swedish cloud service. Better still, use no cloud service at all and keep it all in-house. I assume the Swedes have long since been compromised.
There are plenty of IT pros who can secure a system and keep it that way.
At least Microsoft continues to fight the good fight. I congratulate them.
Data Leaks Everywhere
Unless you secure everything you will go on the Internet to move some things around. That means there are still other ways for the government to get the data even in-house.
That material is all discoverable by capturing the ISP streams. Your protection is extended with various virtual private networks but these systems leak when people email outside the umbrella of the VPN.
Assume that whatever you do on email will be forwarded or cut-and-pasted and get into the wild, somehow. That is exactly what happened to the DNC (Democratic National Committee) with 20,000 emails sent to Wikileaks. While various pundits are trying to blame Russian hackers, it is more likely an inside job by a disgruntled employee.
Security experts will tell you: the biggest threat is the insider who has full or even partial access. Today a 128GB thumb drive on a keychain plugged into a USB 3.0 port can suck down scads of documents in seconds. Ed Snowden epitomizes this serious problem. It can never be controlled.
While it is possible to limit USB and other access with specially built machines, nobody wants the inconvenience of hand-made secure computers with no ports. So everything is up for grabs.
Learn Good Email Practices
This should be taught in school. After you write an email, read it and ask yourself: “Do you want the whole world to read this document?” Then ask “How damaging would it be if they did?” It’s the answer to the second question that is important.
As for the cloud, Microsoft, and the government, this is a losing battle insofar as privacy is concerned. You can debate it all you want, but there is no evidence that anyone is going to back off on government snooping. What is the response to the fact that the snooping regarding terrorists has failed to prevent numerous attacks? More snooping needed, of course. The perfect argument.
It’s hopeless. My advice is bring IT back in-house. You won’t regret it. Then establish rules for composing email and stick to them.