Services run by technology firms including Luxembourg-based Skype have incorporated encryption “back doors” to US and UK electronic surveillance agencies, according to British and American news reports.

Microsoft--which owns Skype as well as running the Hotmail and Outlook.com email services--was one of major commercial software firms that included secret “exploits” which were then used by America’s NSA and Britain’s GCHQ, The Guardian, New York Times and ProPublica.org reported on September 5. The media organisations cited secret documents provided by whistleblower Edward Snowden, a former NSA contractor.

The spy programme was designed to “insert vulnerabilities into commercial encryption systems” that would allow the NSA to access a wide number of email and chat messages, banking and medical records, e-commerce transactions, and virtual private networks, which are used by organisations to exchange internal files securely, the media reports said.

The NSA was able to insert the secret bits of code as it heavily influences international encryption standards.

According to the newspapers, Microsoft cooperated with the NSA by providing confidential keys, but the New York Times noted that “in some cases, the collaboration was clearly coerced.”

Three other top ten US websites were mentioned in the press reports, which did not specify the level of awareness or cooperation provided by those internet firms.

The Guardian wrote that: “Among the specific accomplishments for 2013, the NSA expects the program to obtain access to ‘data flowing through a hub for a major communications provider’ and to a ‘major internet peer-to-peer voice and text communications system’.”

No “blanket” access, Microsoft says

A Microsoft representative in the US told Delano on Friday evening that a blog post by the company’s chief lawyer Brad Smith (photo) “is quite clear on these points”.

The representative specifically cited Smith’s comments that: “Microsoft does not provide any government with direct and unfettered access to our customer’s data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.”

“If a government wants customer data--including for national security purposes--it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information,” Smith wrote on July 16.

“We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft’s customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction--fractions of a percent--of our customers have ever been subject to a government demand related to criminal law or national security,” according to the blog post.

“Specific and classified details”

On Monday, a spokeswoman for the NSA cited a statement issued September 6 by the Office of the Director of National Intelligence, which said: “While the specifics of how our intelligence agencies carry out this cryptanalytic mission have been kept secret, the fact that NSA’s mission includes deciphering enciphered communications is not a secret, and is not news.”

The ODNI--which coordinates activities among several 17 US intelligence agencies, including the NSA, CIA and FBI--said the articles published by the three media outlets: “reveal specific and classified details about how we conduct this critical intelligence activity. Anything that [the September 5] disclosures add to the ongoing public debate is outweighed by the road map they give to our adversaries about the specific techniques we are using to try to intercept their communications in our attempts to keep America and our allies safe and to provide our leaders with the information they need to make difficult and critical national security decisions.”

GCHQ’s press office told Delano that: “in line with longstanding practice we do not comment on intelligence matters and so cannot confirm or deny any information which may be carried in The Guardian article”.