whitetop
05-07-2014, 02:57 PM
Microsoft often charges the FBI's most secretive division hundreds of thousands of dollars a month to legally view customer information, according to documents allegedly hacked by the Syrian Electronic Army.
The SEA, a hacker group loyal to Syrian President Bashar al-Assad, is best known for hijacking Western media companies' social media accounts. (These companies include the Associated Press, CNN, NPR, and even the Daily Dot.) The SEA agreed to let the Daily Dot analyze the documents with experts before the group published them in full.
The documents consist of what appear to be invoices and emails between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU), and purport to show exactly how much money Microsoft charges DITU, in terms of compliance costs, when DITU provides warrants and court orders for customers' data.
In December 2012, for instance, Microsoft emailed DITU a PDF invoice for $145,100, broken down to $100 per request for information, the documents appear to show. In August 2013, Microsoft allegedly emailed a similar invoice, this time for $352,200, at a rate of $200 per request. The latest invoice provided, from November 2013, is for $281,000.
http://cdn0.dailydot.com/uploaded/images/original/2014/3/20/aug2013email.png
http://cdn0.dailydot.com/uploaded/images/original/2014/3/20/aug2013invoice.png <- picture a bit big
None of the technologists or lawyers consulted for this story thought that Microsoft would be in the wrong to charge the FBI for compliance, especially considering it's well within the company's legal right to charge "reasonable expenses." Instead, they said, the documents are more of an indication of just how frequently the government wants information on customers. Some of the DITU invoices show hundreds of requests per month.
For ACLU Principal Technologist Christopher Soghoian, the documents reiterated his stance that charging a small fee is a positive, in part because it creates more of a record of government tracking. In 2010, Soghoian actually chided Microsoft for not charging the Drug Enforcement Agency for turning over user records when instructed to by courts, noting that companies like Google and Yahoo did.
Nate Cardozo, a staff attorney for the Electronic Frontier Foundation, agreed, and told the Daily Dot the government should be transparent about how much it pays.
"Taxpayers should absolutely know how much money is going toward this," he said.
Compared with the National Security Agency, which has seen many of its programs exposed by former systems analyst Edward Snowden, DITU has a low profile. But it runs in the same circles. Multiple law enforcement and technology industry representatives described DITU to Foreign Policy as the FBI's liaison to the U.S.'s tech companies, and the agency's equivalent to the NSA.
To that note, DITU is mentioned as a little-noticed detail from Snowden slides that detail the NSA's notorious PRISM program, which allows it to collect users' communications from nine American tech companies, including Microsoft. One slide explicitly mentions DITU's role in getting data from those companies.
Read the whole article here
http://www.dailydot.com/news/microsoft-compliance-emails-fbi-ditu/
The SEA, a hacker group loyal to Syrian President Bashar al-Assad, is best known for hijacking Western media companies' social media accounts. (These companies include the Associated Press, CNN, NPR, and even the Daily Dot.) The SEA agreed to let the Daily Dot analyze the documents with experts before the group published them in full.
The documents consist of what appear to be invoices and emails between Microsoft's Global Criminal Compliance team and the FBI's Digital Intercept Technology Unit (DITU), and purport to show exactly how much money Microsoft charges DITU, in terms of compliance costs, when DITU provides warrants and court orders for customers' data.
In December 2012, for instance, Microsoft emailed DITU a PDF invoice for $145,100, broken down to $100 per request for information, the documents appear to show. In August 2013, Microsoft allegedly emailed a similar invoice, this time for $352,200, at a rate of $200 per request. The latest invoice provided, from November 2013, is for $281,000.
http://cdn0.dailydot.com/uploaded/images/original/2014/3/20/aug2013email.png
http://cdn0.dailydot.com/uploaded/images/original/2014/3/20/aug2013invoice.png <- picture a bit big
None of the technologists or lawyers consulted for this story thought that Microsoft would be in the wrong to charge the FBI for compliance, especially considering it's well within the company's legal right to charge "reasonable expenses." Instead, they said, the documents are more of an indication of just how frequently the government wants information on customers. Some of the DITU invoices show hundreds of requests per month.
For ACLU Principal Technologist Christopher Soghoian, the documents reiterated his stance that charging a small fee is a positive, in part because it creates more of a record of government tracking. In 2010, Soghoian actually chided Microsoft for not charging the Drug Enforcement Agency for turning over user records when instructed to by courts, noting that companies like Google and Yahoo did.
Nate Cardozo, a staff attorney for the Electronic Frontier Foundation, agreed, and told the Daily Dot the government should be transparent about how much it pays.
"Taxpayers should absolutely know how much money is going toward this," he said.
Compared with the National Security Agency, which has seen many of its programs exposed by former systems analyst Edward Snowden, DITU has a low profile. But it runs in the same circles. Multiple law enforcement and technology industry representatives described DITU to Foreign Policy as the FBI's liaison to the U.S.'s tech companies, and the agency's equivalent to the NSA.
To that note, DITU is mentioned as a little-noticed detail from Snowden slides that detail the NSA's notorious PRISM program, which allows it to collect users' communications from nine American tech companies, including Microsoft. One slide explicitly mentions DITU's role in getting data from those companies.
Read the whole article here
http://www.dailydot.com/news/microsoft-compliance-emails-fbi-ditu/