Two years before Snowden in 2011, Microsoft’s then Chief Privacy Officer Caspar Bowden tried to warn his company that any cloud computing solutions sold to foreign governments would mean unlimited mass surveillance on their clients by the NSA. Two months later Bowden was fired from Redmond.
Speaking at the 31st Chaos Computer Congress in Hamburg Bowden said that he warned 40 Microsoft National Technical Officers, effectively ambassadors of Microsoft, about the implication of US laws on privacy. The law underpinning PRISM, the NSA-GCHQ clandestine mass surveillance programme, was the 2008 Foreign Intelligence Surveillance Act Amendment Act (FISAAA). This law is about obtaining foreign intelligence, targeting non-US persons outside of the US, which is 95% of the world’s population.
Providers must provide government facilities to accomplish this action in secret.
Bowden said that the bottom line of FISAAA means that if you are not American, you cannot trust cryptographic services, or in general, software services provided by US companies. Even if that software is cryptographically sound to begin with, if you are not an American in the US, a software update can be pushed to subvert your security.
As Yahoo’s Marissa Mayer later pointed out, any company not complying would be found in contempt of court and potentially committing an offence under the espionage act liable to 20 years imprisonment or worse.
“It doesn’t have to be about criminality or national security. It can purely mean political surveillance in the political and economic interests of the United States. There is no constitutional protection for foreigners in foreign lands and the US congress was laughing, laughing that you have privacy rights” he said.
Bowden met a wall of indifference from journalists. Nobody at the Guardian, New York Times or Washington Post showed any interest; nor from mainstream European politicians who did not understand. “Of course, it’s encrypted isn’t it?” was the general response.