55 comments

[ 3.0 ms ] story [ 107 ms ] thread
The headline is so non-descript that it makes it sound like the Microsoft executive is shrugging this off, but the testimony says otherwise:

> Tom Burt, Microsoft’s corporate vice president for customer security and trust, told members of the House Judiciary Committee that federal law enforcement in recent years has been presenting the company with between 2,400 to 3,500 secrecy orders a year, or about seven to 10 a day.

> “Most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages or other sensitive data stored in the cloud,” said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.

If these are from out of state what is to prevent them from just saying no? I'd imagine there is some interstate process that they have to follow in order to make it valid where Microsoft is headquartered.
(comment deleted)
Are National Security Letters still a thing? Are the requests the Microsoft executive mentions NSLs?
It's time for another Snowden-style leak to learn about all their new toys.
What it's time for is a change to the laws so that informing the public about what their public servants have been up to can be accomplished without fleeing the country afterwards.
What's the enforcement mechanism for these laws? Who compels who to do what?
I think that they have ultimate power and they even trump the constitution...
Only in the sense that any person has unlimited power and the ability to trump the constitution, insofar as they're not caught or not stopped if caught.
(comment deleted)
Once the security apparatuses and their methods are entrenched it's hard for them to go back.

Congress was spied on, a US presidential candidate that we know of was spied on... So imagine plain old American citizens... what can we expect?

If congress isn't willing to take back what they allowed, they aren't going to stop all by themselves. If congress tried, they'd get a lot of pushback. Just like the Armed forces would push back on a spending cut back even though the cold war ended over 30 years ago and our budget dwarfs any one else's.

But you see that same phenomenon in run of the mill operations like homelessness non-profits. Their heft and momentum keeps them going and if you wanted to dismantle them they'd put up a big fight and tell you that while homelessness has gotten worse without them it would be doubly worse even though they never made it better to begin with but their directors live well.

I think the assertion that homeless shelters never helped with homelessness merits a citation.
US military spending dropped by about half when you look at GDP between 1982 and 1999, so your statements about the Cold War ending not affecting spending is just straight up incorrect. https://www.macrotrends.net/countries/USA/united-states/mili...
NATO are supposed to spend ~2% of GDP on their militaries. We're at least 2x that. That doesn't align with peacetime spending. We should be about half the spending we do now.
> ...~2% of GDP on their militaries. We're at least 2x that.

US defense spending was 3.4% of GDP in 2019. Quite possibly it jumped in 2020 as GDP dropped, but over 4% seems unlikely. (Still, in the ballpark and good context, I think your comment added to the discussion.)

I'm not saying the US doesn't spend a lot, just the way the op characterized the budget process is factually incorrect.
Why would I care about spending as percent of GDP? The absolute spending still went up. This is like saying your rent didn’t go up because now you are making more money so you can afford it more easily. This might be true, but it still went up. Moreover, after end of Cold War, it should have went down a lot not just in percentage terms, but also in absolute ones.
Absolute military spending is a ridiculous metric because inflation is a thing. Spending by percent of GDP is much more reasonable. For example, the US spent something like $75 billion in 1943, but no one would argue were putting 10xs as much effort in the military in 2019 when we spent ~750 billion. Looking at absolute values instead of either ones adjusted for inflation or by percent of GDP is cherrypicking to support your argument and is a bad thing.
What if your GDP is little more than military dominance?
There's a nuanced point here that looking at GDP % vs inflation adjusted yields different results depending on the range. For example, from 1982-1990, military spending was up, even after adjusting for inflation. It was actually 1990-2000 where military spending actually decreased, both before and after adjusting for inflation.

Compare that to GDP % which would indicate a steady decline in spending. So now we very much do have to examine GDP here in order to look at the argument specifics if we care about 1982-1990. With that said, the cold war ended around 1991, so the military stagnation is more or less in line with the cold war ending. The context missing on the original claim is simply that spending shot right back up once American mucked up and got itself stuck in the middle east, being involved in the deaths of hundreds of thousands of people.

But hey, none of this relates to the original post at all really - that claim was not actually doing any lifting in the original argument other than to serve as a light illustration of how the military spending is never cut in a significant way, and that is generally true save a small exception from 2011-2015. The best that can happen is an effective slow cut through stagnation. And all of THAT is just to say that the government gets pushback when trying to walk back policies.

So did it ever really matter how the cold war affected spending here? What's the point of calling this super nuance out?

This is the only data point the poster had which supported their argument and it was factually incorrect, whether you look at inflation adjusted or as a percentage of GDP. Now, whether to use inflation adjusted or as a percentage of GDP is a valid argument, but doesn't change the fact the poster is wrong, and I don't think this is the forum where it really is going to get resolved.
> but doesn't change the fact the poster is wrong

Again, I think you're missing the point. The very specific, non relevant way you interpreted the claim is factually wrong.

To me, the claim read as:

> the military spending is never cut in a significant way

Which again, at an absolute level, is generally true when looking at inflation adjusted spending. Within context, absolute is relevant here though as this is about government process. The whole context makes this claim incredibly tangential to the whole point, which more or less boils down to "government has a lot of inertia".

> doesn't change the fact the poster is wrong

Again, did it ever really matter how the cold war affected spending here? What's the point of calling this super nuance out? My point is not to argue about 1990-2000 military spending and the measures of it.

I'm calling this out to say "arguing over small irrelevant details to an argument is not very productive if you care about the real topic at hand".

Are you trying to make this case because you believe that the government does not have a lot of inertia when it comes to these things? Great, then make that case instead of this rabbit hole. Or is this rabbit hole just about the non relevant fact itself?

Your missing why I'm making my comment. I'm not arguing for anything. I'm arguing against making any conclusions based on what the original poster said, because the only factual evidence they present is at the very least questionable. I'm not making a positive assertion that government inertia is not a problem, simply that the above post does not provide sufficient evidence that it is a problem.
The military budget listed there is lower than the military budget, as it does not count veteran's benefits as military budget. It does not count interest paid this year on military spending debt accumulated last year (or in any previous year) as military spending. It has to strictly limit the definition of what military spending is to get as low as the cited number.
Totally unrelated to the discussion. VA budget and the DoD budget are different line items and this is not what the OP was talking about, so does not matter in this context.
I wonder why ? Could it be because of all the spyware M/S has on Windows 10 ?

Nice for one stop shopping

I wonder why the downvotes? This is absolutely correct. I’d be interested to know how many similar requests Apple and Google get.
The subpoenas are for cloud stored data.
And where do you imagine Microsoft stores all of this telemetry they steal from the user?
Downvotes are likely by people who read the article:

> “Most shocking is just how routine secrecy orders have become when law enforcement targets an American’s email, text messages or other sensitive data stored in the cloud,” said Burt, describing the widespread clandestine surveillance as a major shift from historical norms.

So it's mostly communications data stored in the cloud. We know Apple and Google receive similar requests because they also release data:

https://www.apple.com/legal/transparency/us.html (US: 4600 devices in Jan-Jul 2021)

https://transparencyreport.google.com/user-data/overview?hl=... (US: about 60,000 in 2019)

Apple turns over customer data on over 30,000 users per year without a warrant. It's in their transparency report under FISA orders.

No probable cause is required.

Let me see... Microsoft wants me to have a Microsoft account to use a computer that I bought. They nag me every time I log in because I gave them a bogus email address.

And then you read something like this. All those abstract privacy concerns just got a bit more concrete...

And yet when they limit their new version of Windows specifically to devices that cant have rootkits installed, everyone freaks out.

...maybe they know that people are installing root kits... because they see first hand what the "good" guys are doing routinely.

> devices that cant have rootkits installed

And jail cells are just very secure apartments. There's always going to be a guard around to let you out, why is everyone freaking out?

It's not "rootkits" per se that are restricted right? It's unsigned code. Who has access to the signing keys?

It is solving the problem of unauthorised rootkits.

I see exactly zero connection between preventing rootkits and demanding that I give them my email address.
There was a story just the other day about how Microsoft has been signing rootkits. The new "security measures" don't do crap for malware and just make legitimate uses of the machine (installing software that respects your freedom) harder.
Regulatory entities: media, Congress, Judiciary, captured. Not new.
>Burt said that while Microsoft Corp. does cooperate with law enforcement on a broad range of criminal and national security investigations, it often challenges surveillance that it sees as unnecessary, resulting at times in advance notice to the account being targeted

I wonder what requests Microsoft considers too far, considering they seem to have been willing to give up politician and journalist data. I wonder of they received a request for information on Gates and if so how they replied to it.

But trust us to update your firmware over the internet anyway despite the fact that we've shipped backdoors before.
Is there a law that prevents companies from completely encrypting their data at rest? Data should only be decrypted if the person(s) have the private keys. Government entities can request the information all they want but all they will get is an encrypted dump. You will need to ask the person that owns the private keys to decrypt or just pound sand (there are laws preventing self incrimination, so private keys should fall in the same domain)
And forget your password and your data is all gone, never to be seen again.
Actually, you can do that already in M365 with Double Key Encryption [1]. The obvious trade-off though is that none of the cloud services will be able to work with your data. For example you won't be able to search or open the document inside the browser which basically renders your SaaS environment (partially) just a plain cloud storage.

DKE should not be confused with any other BYOK service, where you only manage the key, but host it on Azure so MS still has access to you private key.

I think there could be middle ground where customers could select a set of metadata that they are willing to share with the cloud provider or even better, select only the sensitive parts of the document that must be encrypted with their own key.

[1] https://docs.microsoft.com/en-us/microsoft-365/compliance/do...

At least Microsoft releases a transparency report. A lot of subprocessors, and services that everyone uses, like Fastly and Akamai, don't, so I bet LEOs just go to them instead.
“… Justice Department prosecutors obtained as part of leak investigations phone records belonging not only to journalists but also to members of Congress and their staffers.“

Eek! These illegal violations of privacy must stop now that congressman and their staffers are being surveilled too!

Who's to stop them when the watchers now have blackmail information on the entirety of the legislature and judiciary?

Have you considered for a moment that NSA and CIA have the phone numbers and location track logs of every mistress, hooker, and drug dealer used by every member of congress?

Why should the outrage only matter when someone “important” has their rights violated? Have you considered that the NSA/CIA have been monitoring Congress for longer than they have been monitoring average citizens?
(comment deleted)