RSA Conference 2014: Microsoft Does Not Put Backdoors in its Products says Charney

San Francisco, home to RSA Conference 2014
San Francisco, home to RSA Conference 2014

“We only respond to court orders that specify specific accounts”, Charney revealed, in relation to accusations that Microsoft has supplied bulk data to government departments like the NSA. “We’ve never had an order for bulk data, and we wouldn’t provide it if even if we did. We have to honour the law in the countries where we do business”, he contended.

Security, privacy and transparency are principles that Microsoft has had and abided by for years, Charney told the audience. “I’m not overly worried about what we’ve done, because we’ve been principled. I’m worried about how we’ve been represented. You have to look at the facts. And the fact is that what we have done is principled, and has to be. Keep it simple, have good principles and it works just fine.”

Microsoft do defense, not offence, Charney clarified. “We do not put backdoors in our products and services. That’s just economic suicide.”

The complicated role that the government has over the internet means that it is both protector of the internet, and also exploiter. Government has conflicting priorities, Charney explained. “For example, if they find a vulnerability in Microsoft Windows, do they tell Microsoft so they can issue a fix, or do they keep it to themselves and exploit the vulnerability?” Charney left the rhetorical question unanswered.

Users, too, have conflicting priorities, he said. “They want to be safe and protected, but they also want their privacy.”

“You can choose to encrypt things, which may make government’s life harder and criminals lives slightly easier. Or you can choose not to, which may make government’s life easier”. Whatever choices are made need to work for society, industry and the government, Charney said.

“Two years ago, I said I was optimistic, and I’m still optimistic”, Charney concluded, “because we will always rise to meet [the problems]. This is a hard problem, and we need to think about it the right way and consider what actions are appropriate.



What’s hot on Infosecurity Magazine?