Former Microsoft privacy adviser: 'I don't trust Microsoft now'

A former Microsoft privacy adviser says he was unaware that Microsoft assisted the National Security Agency.
  • Mark Hachman (PC World (US online))
  • — 30 September, 2013 23:46

Caspar Bowden, who authored Microsoft's privacy policy between 2002 and 2011 for 40 countries, said this week that he distrusts his former employer and has gone so far as to ditch his mobile phone.

Bowden, who now calls himself a "privacy advocate," told a conference this week that he was unaware that Microsoft participated in Prism, a charge that Microsoft has denied. But Bowden, as quoted in The Guardian, now says that he will only use open-source software and had ditched his phone for privacy's sake.

"I don't trust Microsoft now," Bowden said.

Between 2002 and 2011, Bowden was in charge of the privacy policy for 40 countries in which Microsoft operated, but not the United States. His LinkedIn profile lists his title as chief privacy advisor for the worldwide technology office at Microsoft.

"The public now has to think about the fact that anybody in public life, or person in a position of influence in government, business or bureaucracy, now is thinking about what the NSA knows about them," Bowden said, according to the paper. "So how can we trust that the decisions that they make are objective and that they aren't changing the decisions that they make to protect their career? That strikes at any system of representative government."

Microsoft helped the National Security Agency crack its own encryption to give the agency access to email stored on its service, reports in The Guardian and elsewhere have alleged. Microsoft has denied the charges, although admitting that it will turn over emails when it says it's "legally obligated" to do so.

The way in which the Foreign Surveillance Intelligence Act is worded means that anyone living outside the United States has no legal protection from the NSA's prying eyes, Bowden said.

Bruce Schneier, a cryptograhy expert, perhaps said it best that the foundation of trust at the center of the Internet has been irreparably damaged, possibly destroyed. "I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly," Schneier said recently. "You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer."

Tags: security, Microsoft, web services, Websites, privacy

JP Morgan to invest £150 million on boosting cyber security

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Secure, identity-based protection for your endpoints

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.