Statement of Microsoft Corporation on Customer Privacy

On June 6, media outlets including the Washington Post and Guardian began reporting allegations that the United States National Security Agency (NSA) is collecting customer communications data from major technology companies, including Microsoft. Microsoft issued the following statement about the company’s alleged involvement in these activities:

REDMOND, Wash., June 6, 2013 - We provide customer data only when we receive a legally binding order or subpoena to do so, and never on a voluntary basis. In addition we only ever comply with orders for requests about specific accounts or identifiers. If the government has a broader voluntary national security program to gather customer data we don’t participate in it.

Press Contacts
Rapid Response Team

Waggener Edstrom Worldwide
(503) 443-7070




You know how much business Microsoft would lose if what they state above turned out to be false? They would be fucked. Companies have choices and are pretty anal when it comes to security. I was at a medium size financial institution recently along with a counterpart getting grilled for a couple hours on our MPLS VPN service, TLS, should we or shouldn't we have a probe sitting on the WAN link for future troubleshooting, security around our probes, even HIPPA got brought up. I believe there is no way in hell somebody like a Google, YouTube or Microsoft would take that risk.





Intresting, or ironically enough, Here's a press release from Microsoft yesterday-


Small and midsize companies in the cloud reap security, privacy and reliability benefits
June 11, 2013
Microsoft study shows 94 percent of small and midsize companies gain security advantages — contradicting perceptions that hold others back from adoption.

REDMOND, Wash. — June 11, 2013 — A study released today reveals that, in addition to time and cost savings, small and midsize businesses (SMBs) in the U.S. that use a cloud service gain significant security, privacy and reliability advantages compared with companies that have not adopted the cloud. The study, commissioned by Microsoft Corp., shows that perceptions of the cloud held by nonusers directly contrast with the real experiences of cloud adopters.

“There’s a big gap between perception and reality when it comes to the cloud. SMBs that have adopted cloud services found security, privacy and reliability advantages to an extent they didn’t expect,” said Adrienne Hall, general manager, Trustworthy Computing, Microsoft. “The real silver lining in cloud computing is that it enables companies not only to invest more time and money into growing their business, but to better secure their data and to do so with greater degrees of service reliability as well.”

The Microsoft study, which did not qualify participants by product, service or vendor, asked SMBs that have not adopted the cloud what was holding them back:

• Sixty percent cited concerns around data security.

• Forty-five percent worried that using the cloud would result in a lack of control over their data.

• Forty-two percent doubted the reliability of the cloud.


In stark contrast, the study found that the experiences of SMBs that use cloud services contradict these concerns:

• Ninety-four percent have gained security benefits they did not have with their former on-premises technology, such as up-to-date systems, up-to-date antivirus and spam email management.

• Sixty-two percent have seen increased levels of privacy protection.

• Seventy-five percent have experienced improved service availability.


Seventy percent of SMBs in the study said that adopting a cloud service meant they could invest money and time savings into areas such as product development and innovation, demand creation, and expansion into new markets. Half of SMBs have pursued new opportunities because of the time they saved managing security.

An example of a business that has realized the security and compliance benefits of the cloud is DHCU Community Credit Union, a nonprofit financial cooperative. To meet the compliance requirements and security expectations of a financial institution, the organization recently moved to Microsoft Office 365.

Since its transition, DHCU Community Credit Union has experienced improved security and increased productivity, while enabling the organization to maintain its tradition of delivering excellent customer service.

“In the financial services industry, security and compliance are a critical table stake. Microsoft Office 365 gives us peace of mind that these things are being handled, and handled well. So much so that we’ve been able to reposition resources to reinvest in our business,” said Matt McCombs, president and chief operating officer, DHCU Community Credit Union. “Quite simply, the move to the cloud saved us money and freed up time to help us focus on what matters most — serving our members.”

In conjunction with the study, Microsoft has released an updated version of the Cloud Security Readiness Tool (CSRT). Based on the Cloud Security Alliance’s Cloud Controls Matrix, the CSRT is no-cost, interactive and easy to use. It enables organizations to assess the current state of the security of their IT environment and compare it to what they could expect if they used a cloud service. The updated release extends the range of industry standards covered by the tool to include European Network and Information Security Agency Information Assurance Framework (ENISA IAF) and British Standards Institution (BSI).

“Organizations are keen to understand how cloud adoption would compare with their existing on-premises policies, procedures and compliance, and that can be a complex task,” said John Howie, chief operating officer, Cloud Security Alliance. “In the Cloud Security Alliance, industry leaders have collaborated to develop best practice security guidance. Microsoft’s Cloud Security Readiness Tool builds on these efforts as it gives organizations a way to more easily evaluate cloud services against critical areas, as well as against compliance with key industry standards like ENISA IAF and BSI.”

About the study

The vendor-agnostic study, commissioned by Microsoft and conducted by independent research company comScore Inc., polled companies with between 25 and 499 PCs in France, Germany, the U.K. and the U.S. Cloud users were defined as companies using a subscription model service for data storage, email or calendar, online productivity, customer relationship management, database service, application hosting or management to manage and help secure computers, for enterprise resource planning, and/or compute capacity to run application code.