On the TV show ‘The West Wing’ news stories the administration wanted the public to overlook were released on ‘Friday Trash Day‘. In the real world, the US National Security Agency (NSA) has another term for the same practice. The NSA calls it ‘Christmas Eve’.
It was on the afternoon of 24 December the NSA chose to release an embarrassing report into their misuse of personal data collected on US citizens. Bloomberg News picked up the story, but few other media outlets, so the US government will be very pleased.
It has direct implications for anyone using cloud based email or file storage on Microsoft’s OneDrive or any other service. If you think cloud privacy doesn’t apply to you because you’re a US citizen or not linked to terrorists …. think again.
The heavily edited report covers over a decade until 2013 and reveals at least some misuse of the data ‘hoovered up’ by the NSA about both US citizens and people over the globe.
One example of misconduct is an NSA analyst who “searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting,”. You’d think that was a serious issue, if not a crime, but all we’re told is that the employee “has been advised to cease her activities,”. Hardly a ringing endorsement of either the controls on data use or the willingness of the NSA to punish staff who break the rules.
Another amazing example is the analyst who ordered tracking of data “on a U.S. organization in a raw traffic database” without having the authority to do so. It may have been an honest mistake, but it doesn’t show NSA’s training nor practices in a good light. NSA has admitted that their staff can access data to which they don’t have the necessary authority.
Bloomberg notes that “the publicly available documents don’t make clear how many violations occurred and how many were unlawful.” but they do confirm that “intelligence analysts sometimes have violated policy to conduct unauthorized surveillance work”
Smarter people than us will be able to go through the reports (such as they are) and parse out more shards of information.
What this means for Microsoft Office
We’re interested in the consequences for Office users who are actively encouraged by Microsoft to store their documents, worksheets and presentations on OneDrive.
Among the data collected daily by the NSA and potentially misused by the agency are the details of what do you on OneDrive, Dropbox or other services. At the very least, details of the files saved, when, from where, by whom and file name (the so-called ‘meta-data’) go the US government each day.
The ‘raw traffic database’ referred to in the report (see above) includes details of phone calls but also other communications like emails and files on cloud storage.
It doesn’t matter where the data is stored, if it’s on OneDrive .. the NSA will know about it. Same goes for OneDrive, Google Drive and almost all the other cloud services.
It’s also worth pondering how secure cloud data is from intrusion by the company storing your data. The NSA, with the full resources of the US government and law can’t properly control access to data … what can we expect from private companies with their own agenda and fewer legal safeguards? This isn’t hypothetical since Microsoft itself was caught reading private emails for their own commercial interests.
No one may even see or use your personal OneDrive details; let’s hope so. But the Christmas 2014 reports from the NSA make it clear that there’s no privacy guarantee.