New Snowden leak: Storing your data at Microsoft is negligent
In an article published today, The Guardian describes how Microsoft is actively cooperating with the NSA. According to the article, Microsoft is providing the NSA with broad access to the communications of anyone using the company's services:
- Microsoft gives the NSA access to encrypted mails on Hotmail, Live.com and Outlook.com, as well as web chat messages.
- Microsoft provides the NSA with easy access to its SkyDrive storage service, which currently has 250 million users worldwide.
- Microsoft makes it possible for the NSA to monitor audio and video calls on the Skype service which it acquired in 2011.
"This makes it clear that trusting Microsoft with your critical company data is downright negligent," says Karsten Gerloff, President of the Free Software Foundation Europe. "In both the public and the private sector, those responsible for security and data protection urgently need to take action to protect their organisations, customers and clients."
While it is difficult or impossible to entirely escape surveillance, there are ways to minimise the risk that sensitive data, such as confidential product data or patient records, is intercepted by a third party. Free Software solutions for groupware, office products and operating systems are fully auditable, and often data security a priority. End-to-end encryption with Free Software products such as GnuPG and off-the-record messaging (OTR) protects data in transit. Products providing secure audio, video and chat communications, such as Jitsi, go a long way towards replacing Skype.
"We advise companies and all other organisations that wish to protect their data to use Free Software solutions, to store data in-house wherever possible, and to cooperate only with providers whom they trust to protect their customers' data," says Gerloff. "Such providers will often use strong encryption, and minimise the amount of data they store. Using smaller providers instead of global IT companies makes it somewhat less likely that customers' data will be caught in the NSA's dragnet."
Users should actively take control of their data and communications. One way to do so is to support the developers of Free Software encryption technologies, so they can continue to provide these important products. "Now is a good time to donate to the Free Software PGP implementation GNU Privacy Guard (GnuPG)!", says Matthias Kirschner, FSFE's Head of Public Awareness.