Microsoft Says It Would Obey Encryption Laws

Microsoft Says It Would Obey Encryption Laws

With important countries like the United States and the United Kingdom debating whether to require technology firms to enable backdoors for their encrypted products, Microsoft has finally spoken up. Yes, the firm is against such requirements, and it recently pressured US president Barack Obama to ignore calls for such legislation. But it would also respect the laws of the countries in which it does business.

Well, some of the countries.

To be fair, Microsoft also has an increasingly proud history of taking a stand against business requirements that it finds odious or, worse, possibly illegal. It is for example currently fighting a federal court demand that it turn over information about a customer that is stored in a datacenter in Ireland.

The viability of encryption falls into the same gray area. Most would agree that encryption improves security and is a key component in getting customers to trust their personal data on mobile devices. But with governments around the world starting to rail against unbreakable encryption on devices that can and will be used by criminals, the tech industry is barreling towards a major impasse that pits the needs to law enforcement against the privacy needs of individuals.

Last week, Microsoft was one of over 140 signatories in a letter to president Obama calling on him to reject proposals that would require US companies to offer encryption back doors in mobile devices and software.

“Introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers,” the letter reads. “We urge you to reject any proposal that U.S. companies deliberately weaken the security of their products. We request that the White House instead focus on developing policies that will promote rather than undermine the wide adoption of strong encryption technology. Such policies will in turn help to promote and protect cybersecurity, economic growth, and human rights, both here and abroad.”

This week, Microsoft general counsel Brad Smith addressed recent development in the UK, where prime minister David Cameron has said he backs a proposed law that would prevent technology companies from letting consumers use unbreakable encryption. His response was a bit less strident.

“[The United Kingdom] is a big market, and it’s a country we believe has a fundamental rule of law in place,” Mr. Smith said during an appearance at a Chertoff Group even in Silicon Valley. “We still don’t like it, but you could imagine one argument that says, ‘OK, we’re going to do it’.”

It’s fair to believe that Microsoft would behave differently in major markets like the US and UK than it would elsewhere, and it’s thus possible that any future encryption backdoors would only be accessible to the governments of such countries, and then only in times of clearly-defined, court-ordered need. But as Microsoft’s co-written letter to president Obama notes, a backdoor for the good guys is a backdoor for the bad guys too. And the only viable solution, technologically, is for there to be no backdoor at all.

Regardless, Mr. Smith’s words suggest Microsoft isn’t ready to apply such standards worldwide. And in an interesting example of the type of double standard that can exist, The Wall Street Journal cites a case in which Microsoft simply refuses to acknowledge the legitimacy of a local law on international technology usage: it will not let Belgium law enforcement officials wiretap Skype calls.

“Law enforcement plays an important role in keeping communities safe but the legal process should also protect personal privacy, respect international borders and recognize technological differences,” a Microsoft representative told The Journal.

The same double standard will apply to encryption, Smith suggested, though in this case the delineation might have more to do with the source of the governmental backdoor request than with a country’s size. That is, Microsoft will behave differently in a country in which it doesn’t “have confidence fundamental rights are going to be protected.” Countries like China and Russia, despite being huge markets, would likely fall into this category.