Former Microsoft privacy adviser: 'I don't trust Microsoft now'

Caspar Bowden, who authored Microsoft’s privacy policy between 2002 and 2011 for 40 countries, said this week that he distrusts his former employer and has gone so far as to ditch his mobile phone.

Bowden, who now calls himself a “privacy advocate,” told a conference this week that he was unaware that Microsoft participated in Prism, a charge that Microsoft has denied. But Bowden, as quoted in The Guardian, now says that he will only use open-source software and had ditched his phone for privacy’s sake.

“I don’t trust Microsoft now,” Bowden said. Microsoft representatives declined to comment.

Between 2002 and 2011, Bowden was in charge of the privacy policy for 40 countries in which Microsoft operated, but not the United States. His LinkedIn profile lists his former title as chief privacy advisor for the worldwide technology office at Microsoft.

“The public now has to think about the fact that anybody in public life, or person in a position of influence in government, business or bureaucracy, now is thinking about what the NSA knows about them,” Bowden said, according to the paper. “So how can we trust that the decisions that they make are objective and that they aren’t changing the decisions that they make to protect their career? That strikes at any system of representative government.”

Microsoft helped the National Security Agency crack its own encryption to give the agency access to email stored on its Outlook.com service, reports in The Guardian and elsewhere have alleged. Microsoft has denied the charges, although admitting that it will turn over emails when it says it’s “legally obligated” to do so. Microsoft received over 37,000 requests for user data during the first half of 2012, but they do not include Foreign Surveillance Intelligence Act requests by the U.S. government, which Microsoft and others are suing to disclose.

“We believe greater transparency on the part of governments – including the U.S. government—would help the community understand the facts and better debate these important issues,” a Microsoft spokesperson said in a statement. “That’s why we’ve taken a number of steps to try and secure permission, including filing legal action with the U.S. government.”

The way in which FISA is worded means that anyone living outside the United States has no legal protection from the NSA’s prying eyes, Bowden said.

Bruce Schneier, a cryptograhy expert, perhaps said it best that the foundation of trust at the center of the Internet has been irreparably damaged, possibly destroyed. “I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly,” Schneier said recently. “You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer.”

Updated at 4:41 PM PT to add the number of requests for user data that Microsoft received in 2012, as well as a statement from Microsoft.

Subscribe to the Security Watch Newsletter

Comments