Microsoft's Former Privacy Officer No Longer Trusts Microsoft

Microsoft's Former Privacy Officer No Longer Trusts Microsoft
Microsoft's Former Privacy Officer No Longer Trusts Microsoft

Caspar Bowden had been director of the Foundation for Information Policy Research (FIPR), an independent body that studies the relationship between information technology and society, from 1998 to 2002. In 2002 he became chief privacy officer at Microsoft. His brief covered 40 countries, but excluded the US. He left this position in 2011.

"'I don't trust Microsoft now,' he said [as reported in the Guardian], adding that he only uses open source software where he can examine the underlying code. He also said he has not carried a mobile phone for two years."

This comment has been seized upon by many other publications, including Gizmodo: "Bowden claims to have lost all trust for Microsoft in the wake of the NSA surveillance scandal, adding that he only uses open-source software himself these days — and likes to examine the code before doing so. He’s gone just a little bit mad." This was written by the journalist who used to call himself Commander Zorg.

The reality, however, is that Bowden warned the EU about the prism-effect of US-dominated cloud computing long before the Snowden leaks formally confirmed the extent of US global surveillance. In November 2012 he co-authored a report for the European Parliament titled Fighting Cyber Crime and Protecting Privacy in the Cloud

In this report he warned of "the potential for misuses and abuses by law enforcement actors and agencies." Rather presciently, the report adds, "The US context is here particularly illuminating, both in the case of the Patriot Act and in the case of the US Foreign Intelligence Surveillance Amendment Act (FISAA) of 2008. In this case, the question of the legal framework of data transfers/processing to third countries is critical."

Last month he co-authored another document designed as a briefing note for the European Parliament's LIBE committee, which is currently examining the 'Prism scandal.' This document provides an overview of what is now known about NSA surveillance against the backdrop of US national security legislation. It stresses, for example, the "lack of Fourth Amendment protection for non-US citizens, means that no privacy rights for non-Americans are recognized by the US authorities under FISA."

The report notes that US political commentary almost exclusively refers to the privacy rights of US citizens. Non-'USPERS' have no privacy rights under US law. In a separate interview with the London School of Economics Media Policy Project on 4 July (no pun intended) he noted that media myopia extends to the UK. "In the past three weeks we’ve learned of the GCHQ use of PRISM and the existence of TEMPORA, and the lack of curiosity of the British media about the mode of operation of GCHQ in particular is fascinating."

In reality, Bowden probably focused his distrust on Microsoft because he used to work for Microsoft: but it is very clear that he does not trust any large US company – and particularly those  with a cloud presence –  to be able to protect the privacy of non-US persons.

What’s Hot on Infosecurity Magazine?