Former Microsoft Privacy Chief Says He No Longer Trusts The Company

Microsoft's onetime Chief Privacy Advisor, Caspar Bowden, has come out with a vote of no-confidence in the company's long-term privacy measures and ability or interest to secure user data in the wake of the NSA's PRISM program. From 2002 - 2011, Bowden was in charge of privacy at Microsoft, and oversaw the company's efforts in that area in more than 40 countries, but claims to have been unaware of the PRISM program's existence while he worked at the company. In the two years since leaving Microsoft, Bowden has ceased carrying a cell phone and become a staunch open source user, claiming that he no longer trusts a program unless he can see the source.
"The public now has to think about the fact that anybody in public life, or person in a position of influence in government, business or bureaucracy, now is thinking about what the NSA knows about them. So how can we trust that the decisions that they make are objective and that they aren't changing the decisions that they make to protect their career? That strikes at any system of representative government."

As Bowden goes on to point out, if you aren't a US citizen, you have no protection whatsoever from PRISM.

The Foreign Angle

This is a point that has real potential consequences for any international company. The NSA claims that there are protections that keep the data of ordinary US citizens out of abusive hands, and that we should trust them with this information. Some people agree with that. Some people don't. But what no one disagrees with is the fact that foreign companies, governments, and citizens have no protections of any kind. To the contrary, some of the NSA's documentation explicitly plays up the fact that huge amounts of foreign traffic travels through the United States on a regular basis.

Much of the NSA's work is devoted to snooping on this foreign traffic to monitor and record what various groups are up to. And these groups have no protection whatsoever under US law. The bigger problem here is that due to the way the Internet routes traffic, there's no guarantee that a message from Point to Point B doesn't travel over US networks. Obviously that's not going to happen if you're sending data from one small town to another in Europe, but a message from, say, Brazil to Canada almost certainly passes through the United States. A message from South or Central America to Europe or China? Same deal.

This is a fundamental problem for nations that aren't interested in exposing their traffic to American observation, whether they're engaged in nefarious activities or not. Long term, the problem could lead to the construction of digital firewalls, in which the United States is effectively isolated behind protective nodes built by local governments to scrub and redirect traffic away from potential capture points. This is directly in opposition to the central concept of the Internet, which is a dynamic structure capable of responding to outages or damage by routing around the problem.

Traffic flows, however, can be rerouted.

It's not that Microsoft is unique, here. In fact, the situation would be simpler to solve if they were. The problem is that the access the NSA has crafted for itself applies to all companies equally. Microsoft, Yahoo, Google, Apple -- your data is as secure as the NSA decides it is, and not one jot more.

Image Credit: OpenRightsGroup - Youtube
Via:  The Guardian
Johnny3D one year ago

For a while now I've been seeing/hearing all of these allegations that the NSA is collecting all sorts of data on US citizens and using it for allegedly nefarious purposes. The thing is... I can't find a single case where data collected by the NSA has actually been used against a citizen. Am I to believe that every instance in which they have used this data they've collected has been swept under the rug and out of any public view?

Does someone happen to have an example they can point to where any of this kind of thing has actually come into play?

nightdreamer one year ago


I'll start with news about NSA employees spying on lovers. The NSA uses some acronyms such as HUMINT (human intelligence) and SIGINT (signal intelligence) to describe different means of gathering intel. There is also the unofficial acronym LOVEINT (intel on lovers) which I provide news links about below:

The Electronic Frontier Foundation has plenty more to say on the topic, which you can find at

One final thought: absolute surveillance is a tyrannical government's dream world. Now that we've built a tyrant's dream, the only thing left to create a miserable society is for the tyrant to wake up to find that dream has become reality.

c0rnh0110 one year ago


Really? The data collection program was supposed to be secret, so, obviously, uses of the data was supposed to remain secret, too.

Their system is a more technologically advanced version of the East German secret police. Look up "Stasi" in Wikipedia and you will see the sort of intimidation tactics that are the flipside of this data collection. It is all about staying in power in spite of extreme corruption and tends to create a vicious cycle of increasing surveillance/intimidation to cover progressively more heinous behavior. Eventually the population got fed up with the whole mess and had a peaceful revolution.

Caspar Bowden, however, seems smart. You should learn from his example.

ECouts one year ago

They've used Skype records to capture a few undesirables here and there.

MuhammadLal one year ago

Looking for a while now / NSA data for the U.S. citizens of all kinds of evil for the purpose of collecting and using claims all such claims heard. Problem ... The data collected by the NSA, I actually used in a civil case can not be found. Sirs, I am using the data that they collect all the instances in which the public's view of the carpet hwipsseulga going to think? Nice news ..

TerryFloyd one year ago

Johnny3D, I'm surprised you didn't hear about this one: The former CEO of Quest Communications claimed for years he was framed by the NSA on a bogus charge of insider trading just because he refused to comply with the NSA's demands to allow them to spy on his customers. He spent four and a half years in prison because he wouldn't roll over for them the way that Verizon, Sprint and AT&T did, but was prohibited from using this information in his defense because the NSA's activities were "classified." If it happened once, it has surely happened many times since, but we just haven't been made aware or it.

c0rnh0110 one year ago


Speaking of Insider Trading, I bet the NSA is rife with it. They have the relevant information, the SEC isn't policing them, and we have seen that they obviously can't regulate themselves.

Post a Comment
or Register to comment