Microsoft has told an Australian Parliamentary Committee its cloud services and software contain no back doors.
The issue arose last year in a committee of Australia's Senate, which like the US body of the same name is a house of review for legislation initiated in the House of Representatives. During a November 2013 meeting of the Senate Finance and Public Administration Legislation Committee, Greens Senator Scott Ludlum asked the chief Information officer of Australia's department of parliamentary services whether Microsoft software contains back doors that would allow the USA to surveil parliamentarians' activities. The question was asked after Edward Snowden's allegations about the NSA's PRISM tool, which Senator Ludlum took at face value, and in the knowledge that Australia's Parliament uses Microsoft products on the desktop and server.
The department's CIO was unable to answer that question, but went away and did her homework.
That effort is now recorded here (PDF) and records Microsoft's response to the question of whether or not its kit includes back doors that could be exploited by US spooks. Or at least back doors Microsoft knows about.
The response starts by noting the department “... has not been provided with any specific advice that Microsoft products or any other products have been backdoored by foreign intelligence services.”
It goes on to offer this report on Microsoft's answer to questions about whether or not its kit includes backdoors:
“Microsoft has advised DPS that there is no backdoor within the Microsoft suite of products nor have they made any attempt to source information from the parliamentary network or provide information to any other entity. Microsoft has advised that they comply with all jurisdictional laws in relation to these matters”.
The CIO's response also suggests that PRISM operates on Microsoft's cloud and that the department does not store parliamentarians' data in the cloud.
The response goes on to say that Australia's Signals Directorate (ASD), the nation's signals intelligence agency, has advised of no actions that need to or could be taken to counter PRISM's possible effects on Australia's Parliament.
Microsoft would know that its response to the Department's inquiries would end up before the Senate Committee, and as the Department's officers swear an oath before appearing there's a big incentive to tell the truth. So let's assume that Microsoft has told the truth: there are no back doors in the software?
What does that mean for Snowden's allegations? Probably not an awful lot. The leaker alleged PRISM touches on cloud services, not on-premises software.
It's therefore nice to know Microsoft is willing to go on the record as saying its products are proudly back-door free, although it's hardly likely to say anything else to a colossal customer. Remember, too, that Australia is a member of the five eyes alliance that benefits from PRISM output, which may not make the ASD the best source of answers on PRISM.
Throw in the fact that the questions asked by Senator Ludlum leave lots of wriggle room. Ludlum's opener - “What can you tell the committee about the network-level security threats posed by using Microsoft software given that it has been backdoored by foreign intelligence agencies? - allow answers to focus on the “network-level” threats and ignore other issues. ®