Syrian hackers claim to reveal how much FBI pays Microsoft for customer data
Syrian Electronic Army (SEA) hackers have reportedly obtained documents that reveal how much money the FBI pays Microsoft each time agents try to obtain or view an individual customer’s communication information.
The SEA, a group that has made headlines in the past for infiltrating Western media outlets that it perceives to be against Syrian President Bashar Assad, provided a trove of emails and invoices to the Daily Dot, which analyzed the documents before publishing them.
“The documents consist of what appear to be invoices and emails between Microsoft’s Global Criminal compliance team and the FBI’s Digital Intercept Technology Unit (DITU), and purport to show exactly how much money Microsoft charges DITU, in terms of compliance costs, when DITU provides warrants and court orders for customers’ data,” wrote the Daily Dot’s Kevin Collier and Fran Berman.
“In December 2012, for instance, Microsoft emailed DITU a PDF invoice for $145,100, broken down to $100 per request for information, the documents appear to show,” they went on. “In August 2013, Microsoft allegedly emailed a similar invoice, this time for $352, 200 at a rate of $200 per request. The latest invoice provided, from November 2013, is for $281,000.”
The documents make clear just how often law enforcement officials work to acquire information that individuals would likely consider private. DITU agents seem to have filed requests for information from Microsoft hundreds of times each month, finding success by preying on sympathetic relationships at the company.
From Microsoft’s perspective, though, nothing about the arrangement is out of the ordinary.
“Regarding law enforcement requests, there’s nothing unusual here,” a company spokesperson told The Verge’s Valentina Palladino. “Under US law, companies can seek reimbursement for costs associated with complying with valid legal orders for customer data. We attempt to recover some of the costs associated with such orders.”
While the public now has a basic figure showing how much taxpayer money is dedicated to surveillance, these numbers only include Microsoft – whereas the taxpayer cost for companies like Verizon, Google, and others are almost certainly in the millions as well.
The ongoing debate over security versus privacy has been making headlines since Edward Snowden leaked classified intelligence files obtained from the US National Security Agency. The initial public reaction put at least some of the blame at the feet of the major communication and data companies, though it has since been revealed that these corporations are legally required to provide information that the government requires.
Consequently, the SEA’s hack essentially makes clear how much money Microsoft charged the government for work that the company had already completed at investigators’ behest.
Similar relationships have turned sour, as US Department of Justice lawyers announced earlier this month that they had filed suit against Sprint. The attorneys claim the corporation, when issuing invoices for three years of surveillance, overcharged the government by $21 million, inflating the actual cost by 58 percent. Furthermore, the government accused Sprint of “knowingly” submitting “false claims to federal law enforcement agencies.”
