Next Microsoft CEO faces rocky road in easing NSA-fueled privacy worries

When Microsoft Chief Executive Steve Ballmer steps down in the next 12 months, his successor will be left with the task of easing rising privacy concerns fueled by reports of massive Internet snooping by the U.S. National Security Agency.

Ballmer announced his plans for retirement on Friday, saying the company needed someone who would be with Microsoft long enough to see through its transition from a software maker to a "devices and services" business.

The next CEO will have to provide a much better strategy than Ballmer on moving Microsoft into the fast-growing tech markets Ballmer missed early on, including the shift in Internet advertising to search and the movement from PCs to tablets and smartphones.

On top of all that, the new top executive will have to guide the company in mistrustful overseas markets shaken by the steady stream of media reports of NSA Internet data gathering.

In the latest fallout from the NSA's terrorist-hunting, the German national weekly newspaper Die Zeit reported that experts are warning the government not to use Windows 8 or its successor because they contain a backdoor that could be exploited by the U.S. agency

Ironically, the offending technology, called Trusted Computing, is the foundation for a much higher level of security than what has existed in Windows PCs in the past.

What Microsoft has done is link the operating system to a special chip called a Trusted Platform Module. Working together, the technologies provide Microsoft a protected channel for automatic updating and monitoring for software piracy.

Specifications for the architecture come from the Trusted Computing Group, a non-profit organization whose members include the biggest names in the U.S. tech industry, including Microsoft, IBM, Cisco, Hewlett-Packard and Intel.

[Also see: Latest NSA revelations could help pending lawsuits | Groklaw shutdown shows 'chilling effect' of NSA surveillance | NSA revelations a mixed bag for private clouds | Cloud market destined to change following NSA leaks | U.S. openness, restraint could lessen fallout from NSA surveillance]

Experts advising the German Federal Office for Information Security (BSI) say the backdoor created by Microsoft's Trusted Computing implementation in Windows 8 cannot be closed and "could have the effect that Microsoft can control any computer remotely ... and thus [also] the NSA," Die Zeit reports, according to a Google translation of the report.

The wariness toward Microsoft goes beyond just Trusted Computing. In July, the British newspaper The Guardian reported that Microsoft helped the NSA in intercepting web chats on the new portal and in collecting video calls on Skype, which Microsoft purchased in 2011 for $8.5 billion.

Microsoft is only one of many U.S. Internet companies forced under federal law to cooperate with the NSA when it comes calling. Other companies reportedly working with the NSA include Google, Facebook, Yahoo and Apple.

Therefore, Ballmer's successor and the CEOs of the other companies face the same problem, which is proving to foreign customers they can be trusted while abiding by U.S. laws. "Microsoft, because it is the world's most popular desktop operating system, faces this in spades," said Frank Gillett, an analyst with Forrester Research.

Microsoft's next CEO will have to reach agreements with overseas customers that build trust, Gillett said. In addition, that person will have to establish a working relationship with each government, since foreign countries are as interested in surveillance to prevent terrorism as the NSA.

"They're going to have to brainstorm in private with the governments also to figure out where to try and draw the boundaries," Gillett said.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

Tags backdoorapplicationsMicrosoftBallmer retirementnsaNSA PRISMsteve ballmersoftwareMicrosoft Windows 8data protectionData Protection | Data Privacy

More about AppleApple.CiscoFacebookForrester ResearchGoogleHewlett-Packard AustraliaIBM AustraliaIntelMicrosoftNational Security AgencyNSASkypeYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place