Microsoft will "aggressively challenge" any government attempt to spy through Kinect

"Microsoft does not provide any government with direct and unfettered access to our customer's data."

Microsoft's been in the news a fair bit lately on the strength of its supposed collaboration with the US National Security Agency - a Guardian report alleges that the latter is able to gather user data via Skype, Outlook and Hotmail with Microsoft's consent. The company has now released a formal statement on the matter, denying much of the report and calling on the US government to allow it "to share publicly more complete information about how we handle national security requests for customer information".

Microsoft has also rejected claims that it will allow the NSA to gather data via the Xbox One's Kinect sensor, which is required for the console to run. "Absent a new law, we don't believe the government has the legal authority to compel us or any other company that makes products with cameras and microphones to start collecting voice and video data," reads a comment mailed to the Verge. "And we'd aggressively challenge in court any attempts to try and force us to do so."


Kinect's always-on status is a source of concern among those who worry that it could be turned into a surveillance device, but Microsoft insists that appropriate safeguards in place. For one thing, Kinect can be set to an "off" state, wherein it'll listen out for the activation phrase "Xbox on", and features a power light, so you'll know when it's operational. For another, the Verge reports that data is "anonymised" before being sent to Microsoft's servers, and it'll only be sent on with your explicit consent. Voice commands are converted to text before leaving the console, and biometric data is translated into numerical values.

Microsoft's policy guidelines urge that "you are in control of your personal data" - there will be "clear notifications" about how that data is used, and you can of course opt out of any potential data-sharing scheme if you choose. If that's not enough, you can also set the device to be completely unaware and unresponsive (presumably, you'll need to navigate to the console's settings using the controller in order to reenable voice commands and motion recognition).

In a Microsoft blog post, general counsel Brad Smith revealed that the firm is at loggerheads with the US government over its attempts to provide full disclosure. "Today we have asked the Attorney General of the United States to personally take action to permit Microsoft and other companies to share publicly more complete information about how we handle national security requests for customer information.

"We believe the U.S. Constitution guarantees our freedom to share more information with the public, yet the Government is stopping us. For example, Government lawyers have yet to respond to the petition we filed in court on June 19, seeking permission to publish the volume of national security requests we have received. We hope the Attorney General can step in to change this situation.

"Until that happens, we want to share as much information as we currently can," the blog continues. "There are significant inaccuracies in the interpretations of leaked government documents reported in the media last week. We have asked the Government again for permission to discuss the issues raised by these new documents, and our request was denied by government lawyers. In the meantime, we have summarized the information that we are in a position to share, in response to the allegations in the reporting."


The paragraphs that follow are specific to Outlook, Skydrive and Skype - fire up the full thing for more. I've skipped to Microsoft's concluding summary, below:

"Microsoft does not provide any government with direct and unfettered access to our customer's data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand.

"If a government wants customer data - including for national security purposes - it needs to follow applicable legal process, meaning it must serve us with a court order for content or subpoena for account information.

"We only respond to requests for specific accounts and identifiers. There is no blanket or indiscriminate access to Microsoft's customer data. The aggregate data we have been able to publish shows clearly that only a tiny fraction - fractions of a percent - of our customers have ever been subject to a government demand related to criminal law or national security.

"All of these requests are explicitly reviewed by Microsoft's compliance team, who ensure the request are valid, reject those that are not, and make sure we only provide the data specified in the order. While we are obligated to comply, we continue to manage the compliance process by keeping track of the orders received, ensuring they are valid, and disclosing only the data covered by the order."

"The world needs a more open and public discussion of these practices," Smith went on. "While the debate should focus on the practices of all governments, it should start with practices in the United States. In part, this is an obvious reflection of the most recent stories in the news. It's also a reflection of something more timeless.

"The United States has been a role model by guaranteeing a Constitutional right to free speech. We want to exercise that right. With U.S. Government lawyers stopping us from sharing more information with the public, we need the Attorney General to uphold the Constitution."