More NSA Fallout: Luxembourg Officials Reportedly Investigating Skype


Microsoft's Skype unit reportedly is under investigation by officials in Luxembourg for potentially providing U.S. intelligence officials with back-door access to the platform.

Luxembourg's privacy commission has been investigating the extent of the National Security Agency's surveillance program following Edward Snowden's release of confidential files in June that revealed some of the agency's ongoing activities. Skype could face fines by the European Union for any data it turned over to the NSA, according to a report Friday in The Guardian. The paper reported that European Union sanctions could bar Microsoft from enabling Skype to pass communication onto authorities.

Microsoft acquired the VoIP service and instant messaging client, whose headquarters are in Luxembourg, for $8.5 billion in 2011.

[Related: Cisco, McAfee, Other Firms Addressing NSA-Linked Encryption Algorithm
]

The Guardian previously reported that NSA analysts apparently were able to view Skype video calls as part of the agency's Prism program. The NSA documents provided by Snowden revealed that Microsoft may have helped the FBI and the NSA by providing investigators with a workaround into its Outlook and Hotmail data before it was encrypted by the company. The documents showed Microsoft also may have given authorities access to view user content on SkyDrive and Skype.

Security experts said the tension is growing between U.S.-based technology firms and the government over intelligence-gathering activities. Over time, requests could really be more like a demand for doing business on U.S. territory, said Cameron Camp, a U.S.-based security researcher for Bratislava, Slovakia-based antivirus vendor ESET. Employees that build software often push back, Camp said.

"Software developers have resisted putting flaws in their software because there are enough issues trying to plug and fix all the valid bugs that allow attackers to get in there and expose data on companies," Camp said. "Right now, no matter what service you're using, you have assume that there is accessibility to your messaging."

Microsoft and Skype have responded to the allegations, calling for more transparency and a discussion about the balance between privacy and security. Microsoft and other technology providers are seeking court approval to disclose more information about surveillance requests.

Last week, Microsoft issued a transparency report outlining the requests it received from law enforcement for access to its cloud-based customer data. That report indicated that it gave no Skype content to law enforcement in the first six months of 2013. Microsoft said it received more than 37,000 requests from law enforcement agencies impacting more than 66,500 accounts.

Redmond, Wash.-based Microsoft said 79 percent of requests resulted from court orders, subpoenas and warrants. Customer content from Outlook, Hotmail, Xbox Live or SkyDrive was turned over to authorities in approximately 2.2 percent of those requests, Microsoft said.

"As with the 2012 report this new data shows that across our services only a tiny fraction of accounts, less than 0.01 percent, are ever affected by law enforcement requests for customer data," Microsoft said.

Microsoft said 92 percent of the requests that resulted in the disclosure of customer content were from U.S. law enforcement agencies. The company did not provide information on National Security Letter (NSL) requests for data. Technology firms are authorized to release minimal details about those requests on an annual basis. NSL requests are kept secret and Microsoft and other providers are barred from disclosing details about them.

PUBLISHED OCT. 11, 2013