Support NeoGAF

Poetic.Injustice · Jun 15, 2013

Last month, we had written about how the feds were certainly collecting hacks and vulnerabilities for offensive purposes, but it wasn't clear at the time that some of these exploits were coming directly from the companies themselves.

The report names one major participant: Microsoft:

Microsoft Corp. (MSFT), the worlds largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes.

Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesnt ask and cant be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.

The same report, once again, implicates the big telcos for their cushy relationship with the intelligence community -- in which the telcos willingly and voluntarily hand over massive amounts of user data. There's no oversight here, because the telcos apparently have no problem dismantling the privacy of their users.

Some U.S. telecommunications companies willingly provide intelligence agencies with access to facilities and data offshore that would require a judges order if it were done in the U.S., one of the four people said.

In these cases, no oversight is necessary under the Foreign Intelligence Surveillance Act, and companies are providing the information voluntarily.

http://www.techdirt.com/articles/20...to-us-government-before-it-patches-them.shtml

Does not bode well for Kinect, Does it?

Outtrigger888 · Jun 15, 2013

That fed, enough insight.

Einbroch · Jun 15, 2013

So Microsoft turns a blind eye to bugs and exploits in systems that it sells to foreign nations and tells only the US about said exploits?

Why does that sound so slimy and wrong?

FranXico · Jun 15, 2013

The thing is, this does not just impact the XBox brand. Windows PCs worldwide effectively have backdoors only known to the NSA.

GoofsterStud · Jun 15, 2013

US is watching you...

Freezie KO · Jun 15, 2013

FranXico said:
The thing is, this does not just impact the XBox brand. Windows PCs worldwide effectively have backdoors only known to the NSA.

Yeah, but what's the NSA going to do? Wiretap everyone's phone conversation and keep all their metadata? Sure, buddy...

TheD · Jun 15, 2013

And shit like this is why I am going to start using Linux for my everyday net usage and only switch to windows for games.

Chris M. Ferguson · Jun 15, 2013

Y'know, this console war is fun and everything, but supporting Microsoft/Skype after their long romantic relationship with the NSA is dumb. Vote with your wallets. This coming from someone who just sold their 360 last week.

TheD said:
And shit like this is why I am going to start using Linux for my everyday net usage and only switch to windows for games.

Also +1 for Linux. Our only hope for the future is open source and owning what we buy.

IrishNinja · Jun 15, 2013

obamas held up that castle crashers patch, pretty sure i heard that on alex jones

demolitio · Jun 15, 2013

So it's confirmed that the NSA now controls your Kinect?

ThoseDeafMutes · Jun 15, 2013

This is a repost from an OT thread but has actually already got more discussion than the original thread so I'll leave it open.

ThoseDeafMutes said:
For some historical context, in the 1990's there was a Bill introduced that tried to make it legally mandatory for the creators of cryptographic protocols to include back-doors into them so that the government could break these codes. The PGP protocol was released in direct response to this, although that rule never became legally binding. The protocol's creator was taken to court though, because at the time any algorithm that made use of cryptographic keys of more than 40 bits in length was considered to be a "munition", which he had exported.

King Tubby · Jun 15, 2013

demolitio said:
So it's confirmed that the NSA now controls your Kinect?

Would you trust a company that is willing to give out personal data of its users to government agencies at a whim with an always-connected, always-listening HD camera in your home?

I H8 Memes · Jun 15, 2013

demolitio said:
So it's confirmed that the NSA now controls your Kinect?

Who knows man. The Skype service will use the camera in the Kinect and the NSA damn sure collects data from Skype.

Alibubble · Jun 15, 2013

King Tubby said:
Would you trust a company that is willing to give out personal data of its users to government agencies at a whim with an always-connected, always-listening HD camera in your home?

Nope. I would not.

Chris M. Ferguson · Jun 15, 2013

IrishNinja said:
obamas held up that castle crashers patch, pretty sure i heard that on alex jones

Also, this made me laugh.

CTLance · Jun 15, 2013

Aw man, PGP, those were the times. To think they eventually printed out the source, bound it into books, exported it outside the US, then OCR'd everything back... amazing. Still a colossal waste of manpower, but a necessary one.

Sendaquill · Jun 15, 2013

Einbroch said:
So Microsoft turns a blind eye to bugs and exploits in systems that it sells to foreign nations and tells only the US about said exploits?

No, that's not what's being said:

provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix

There's no turning a blind eye to bugs.

Yagharek · Jun 15, 2013

Skyrim would be the perfect anti-terrorist spying program.

Branduil · Jun 15, 2013

ThoseDeafMutes said:
This is a repost from an OT thread but has actually already got more discussion than the original thread so I'll leave it open.

The protocol's creator was taken to court though, because at the time any algorithm that made use of cryptographic keys of more than 40 bits in length was considered to be a "munition", which he had exported.

The heck?

SummitAve · Jun 15, 2013

King Tubby said:
Would you trust a company that is willing to give out personal data of its users to government agencies at a whim with an always-connected, always-listening HD camera in your home?

Would you trust somebody that regurgitates garbage?

Bending_Unit_22 · Jun 15, 2013

Something that redounds to Microsoft's advantage in my eyes. Having the largest most important software house should benefit its nation and her allies.

Einbroch said:
So Microsoft turns a blind eye to bugs and exploits in systems that it sells to foreign nations and tells only the US about said exploits?

Why does that sound so slimy and wrong?

Yes, exactly, and it isn't (Great Britain, Canada, Australia, and Israel would learn at the same time I suspect, maybe Japan as well).

ComputerMKII · Jun 15, 2013

Fuck crony capitalism.

ThoseDeafMutes · Jun 15, 2013

Branduil said:
The heck?

http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States

Since World War II, many governments, including the U.S. and its NATO allies, have regulated the export of cryptography for national security considerations, and, as late as 1992, cryptography was on the U.S. Munitions List as an Auxiliary Military Technology.[1]

Sourcerer · Jun 15, 2013

Another reason to hope desktop Linux becomes more viable.

King Tubby · Jun 15, 2013

SummitAve said:
Would you trust somebody that regurgitates garbage?

Sorry that I'm not as willing to give Microsoft the benefit of the doubt as you are. I don't see any reason to trust them as a company, just going by the news and their actions.

Is the Kinect going to stream video of its users to the gubmint 24/7? No, probably won't stream an iota of video. It doesn't have to. It analyzes what it captures and turns it into data. How much it analyzes and records and transmits to Microsoft's cloud is a mystery. I'm not taking their word when they say they'll preserve and protect my privacy, if there's even a possibility they could do otherwise without my knowledge. I guarantee that one of the whole ideas behind the Kinect being so integral to the console is to collect such data for marketing purposes, like Facebook on steroids.

People are fond of saying that even if all of everyone's data is visible to the government or a corporation, there's so much of it that it would be impossible to even take a cursory view of. But that work will be done more and more by computers, which only get faster and more capable with time. With the trends in technology and intelligence gathering, the future is scary. Xbox One is trying to set yet another precedent in terms of what formerly private information can be collected, stored, and transmitted from consumers, and eventually analyzed to all hell once the processing power catches up with it.

FrozenCell · Jun 15, 2013

who cares all the smart kids use linux

Hermii · Jun 15, 2013

Is this really surprising to anyone?

Poetic.Injustice · Jun 15, 2013

Yagharek said:
Skyrim would be the perfect anti-terrorist spying program.

How so?

Diffense · Jun 15, 2013

Hermii said:
Is this really surprising to anyone?

Many people are naive.

RedStep · Jun 15, 2013

King Tubby said:
Xbox One is trying to set yet another precedent in terms of what formerly private information can be collected, stored, and transmitted from consumers, and eventually analyzed to all hell once the processing power catches up with it.

You realize you just made every word of that up, right? None of what you stated as fact has even been suggested, much less leaked or confirmed.

SummitAve · Jun 15, 2013

King Tubby said:
Sorry that I'm not as willing to give Microsoft the benefit of the doubt as you are. I don't see any reason to trust them as a company, just going by the news and their actions.

The US government used the power of the FISA law (Foreign Intelligence Surveillance Law) to gain access to certain kinds of information from data companies like Microsoft. They weren't just willing to hand over sensitive information like you are assuming. I don't believe you understand the color of the law or how the recent PRISM program even worked. You saw the overblown headlines (original news sources such as the Washington Post have backed off since) and other irate posters and decided to keep perpetuating nonsense because hating Microsoft is the in thing to do right now.

King Tubby said:
Would you trust a company that is willing to give out personal data of its users to government agencies at a whim with an always-connected, always-listening HD camera in your home?

I mean read that again, and tell me that there is any basis to your accusations.

Nachtmaer · Jun 15, 2013

King Tubby said:
People are fond of saying that even if all of everyone's data is visible to the government or a corporation, there's so much of it that it would be impossible to even take a cursory view of. But that work will be done more and more by computers, which only get faster and more capable with time. With the trends in technology and intelligence gathering, the future is scary. Xbox One is trying to set yet another precedent in terms of what formerly private information can be collected, stored, and transmitted from consumers, and eventually analyzed to all hell once the processing power catches up with it.

The thing that worries me is that most people will be like, "What does it matter? I have nothing hide anyway."

Garrett 2U · Jun 15, 2013

Wow Windows is huge, surprised there isn't more coverage on this?

wildfire · Jun 15, 2013

Well this validates China's push to making a desktop architecture and OS exclusive to their country.

Walshicus · Jun 15, 2013

Legit question: would Americans prefer Microsoft didn't inform your intelligence services of known-but-not-yet-patched exploits?

GoofsterStud · Jun 15, 2013

Sir Fragula said:
Legit question: would Americans prefer Microsoft didn't inform your intelligence services of known-but-not-yet-patched exploits?

Why would they care. It's not like people won't own the system. Also they aren't hiding anything and looking deceptive in the process. Most people who are dead set on getting the next Xbox will ignore this or be uninformed anyway.

Garrett 2U · Jun 15, 2013

GoofsterStud said:
Why would they care. It's not like people won't own the system. Also they aren't hiding anything and looking deceptive in the process. Most people who are dead set on getting the next Xbox will ignore this or be uninformed anyway.

Much more importantly, anyone with a Window OS should be worried about it if this is a big deal

Apparition · Jun 15, 2013

This and the proposed TPP thing are just crazy

TPP: The Biggest Global Threat to the Internet Since ACTA

U.S. Agencies Said to Swap Data With Thousands of Firms

Also....

Why ‘I Have Nothing to Hide’ Is the Wrong Way to Think About Surveillance

Surreal · Jun 15, 2013

SummitAve said:
The US government used the power of the FISA law (Foreign Intelligence Surveillance Law) to gain access to certain kinds of information from data companies like Microsoft. They weren't just willing to hand over sensitive information like you are assuming. I don't believe you understand the color of the law or how the recent PRISM program even worked. You saw the overblown headlines (original news sources such as the Washington Post have backed off since) and other irate posters and decided to keep perpetuating nonsense because hating Microsoft is the in thing to do right now.

I agree that guy is taking it a bit too far, but assuming that PRISM is the extent of the CIA's digital information gathering efforts doesn't seem realistic. They don't built stuff like this for no reason. Fact is Snowden ruined the rest of his life to tell people about PRISM and if he didn't do that, we'd never know about it. Tech giants (although surely they didn't have a choice in the matter) and the government were pretty comfortable never telling anyone about this stuff. So it begs the question, what else do we not know?

From what I can see, the government has been giving tech companies more and more protections in exchange for access to user information. So while the Kinect probably isn't streaming a 1080p video feed to some CIA headquarters, would it be so far fetched to assume that the government would be interested in what metadata the Kinect gathers for marketing purposes or otherwise?

Alx · Jun 15, 2013

Sir Fragula said:
Legit question: would Americans prefer Microsoft didn't inform your intelligence services of known-but-not-yet-patched exploits?

I think that should be the prime motivation for that : give the government enough time to patch security-sensitive infrastructures, then make the exploits public. Of course it cannot prevent the government to use it for its own benefits.
What we should know to defend that theory is :
- how much time in advance do they warn the government ?
- do they also provide the patch first, or just point to the exploits ?

King Tubby · Jun 15, 2013

RedStep said:
You realize you just made every word of that up, right? None of what you stated as fact has even been suggested, much less leaked or confirmed.

Which part? The "formerly private information can be collected, stored, and transmitted" is certainly true. It doesn't have to be suggested, leaked, or confirmed (although it has).

That Article said:
This isn't the first time Microsoft has dealt with privacy issues related to Kinect. When the first iteration of Kinect headed to the market in 2010, Microsoft's Dennis Durken suggested to investors that the peripheral might pass data to advertisers about how you look, play, and speak. "We can cater what content gets presented to you based on who you are," he said, sparking privacy concerns. (Microsoft later denied that the Kinect would use information for targeted advertising.) But even then, the first Kinect was only enabled in specific situations, and didn't have an always-on listening mode.

...

We aren't using Kinect to snoop on anybody at all. We listen for the word 'Xbox on' and then switch on the machine, but we don't transmit personal data in any way, shape or form that could be personally identifiable to you, unless you explicitly opt into that.

The implication of that being, of course, that data is being collected and transmitted. As for the second part of my statement, it's the logical conclusion.

SummitAve said:
The US government used the power of the FISA law (Foreign Intelligence Surveillance Law) to gain access to certain kinds of information from data companies like Microsoft. They weren't just willing to hand over sensitive information like you are assuming. I don't believe you understand the color of the law or how the recent PRISM program even worked. You saw the overblown headlines (original news sources such as the Washington Post have backed off since) and other irate posters and decided to keep perpetuating nonsense because hating Microsoft is the in thing to do right now.

You know, I'll concede in one respect. I don't think Microsoft was doing anything intently malicious in giving that information. They're just a company, they have to comply with the law. If the Foreign Intelligence Surveillance Court approves it, as they approved more or less indiscriminately collecting the metadata of millions of Verizon customers, then companies more or less have to comply with the request. So that changes nothing about my statement, except perhaps for the inferred tone. This is a new capacity for surveillance that Microsoft is introducing, whether willingly or not. They are making it possible.

jorma · Jun 15, 2013

Redmond, Washington-based Microsoft (MSFT) and other software or Internet security companies have been aware that this type of early alert allowed the U.S. to exploit vulnerabilities in software sold to foreign governments, according to two U.S. officials. Microsoft doesnt ask and cant be told how the government uses such tip-offs, said the officials, who asked not to be identified because the matter is confidential.

Absolutely disgusting if true, and it WILL impact government and b2b sales for MS in the long term. No foreign govenment will want to use windows, and any foreign company afraid of industrial espionage will risk using windows. Crazy shit.

itxaka · Jun 15, 2013

Im pretty sure this is false.

MS is not giving out 0-day exploits to them. They probably have a nice backdoor and give them acess to it.

0-day exploits have to be patched and backdoors don't, unless they are found.

Support NeoGAF

Microsoft Said To Give Zero Day Exploits To US Government Before It Patches Them

Member

Member

Banned

Member

Member

Banned

The Detective

Neo Member

Member

Member

Member

Member

Member

Neo Member

Neo Member

Member

Neo Member

Member

Member

Banned

Member

Banned

Member

Member

Member

Member

Member

Member

Member

Member

Banned

Member

Member

Banned

Member

Member

Member

Member

Member

Member

Member

is now taking requests

Defeatist

Similar threads