When we published our comprehensive guide to hiding your online activity from the NSA, we suggested you give Microsoft (and other big tech companies) a wide berth if your goal was privacy protection. Reports on Thursday about how the company allows the government to observe user data seem to have validated that paranoia. But how it shares data isn't clear. We decided to try and figure it out.
Micah Lee, the staff technologist with the Electronic Frontier Foundation who helped us put together our initial guide, conferred with us on the technical aspects of how the company might be letting the NSA access user data. We'll note: This is speculation—but speculation from someone well-suited to speculate.
The Guardian report describes the government's ability to see user emails:
Another [NSA] newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."
("Encryption" refers to the process of digitally scrambling a communication.)
What's being referred to here is probably not HTTPS encryption—encryption between the user and the email server—Lee notes. That would require accessing your email before data is sent to Microsoft. Instead, Lee suggests that the NSA probably means that it has access to emails before they are encrypted for storage on the email server.