Microsoft is making it easier for employers across the world to spy on staff

9 Nov, 2021 13:37

By Kit Klarenberg, an investigative journalist exploring the role of intelligence services in shaping politics and perceptions. Follow him on Twitter @KitKlarenberg

Two quietly announced Microsoft 365 updates have huge implications for employees of many organizations – and will go a long way to preventing leaks of damaging material, even in cases of serious criminal conduct.

Microsoft 365 – formerly Microsoft Office – is depended upon by private and public sector organizations of every ilk and size. In the US alone, upwards of 730,000 businesses utilize Excel, Outlook, Teams, Word, and the like on a daily basis. Now new “insider risk management” tools are set to radically overhaul how these resources work, although the average employee may be none the wiser. 

Take for instance “increased visibility on browsers,” set to come into force in February next year. This will grant organizations intimate insight into precisely what staffers are up to on the Microsoft Edge and Google Chrome web browsers, enhancing their ability “to detect and act on browser exfiltration signals,” including “files copied to personal cloud storage, files printed to local or network devices, files transferred or copied to a network share [and] files copied to USB devices.”

Also on rt.com How Amazon, Facebook, Google and Microsoft wage a domestic War on Terror, and make billions

Further enhancing these intrusive spying capabilities, as of April 2022, Microsoft will also deploy machine-learning robots into all of its devices to monitor and report “risky” actions taken by employees, with dedicated alerts for each one detected, and daily analytics reports, with “insights and recommendations for potentially risky activities by your users.” However, this update goes even further than surveilling potentially damaging activities by staff. 

“Customers acknowledge insights related to the individual user’s behavior, character, or performance materially related to employment can be calculated by the administrator and made available to others in the organization,” a Microsoft risk management overview ominously states.

In other words, a close, unblinking eye will be trained on each and every member of an organization, with all aspects of their interaction scrutinized, to ensure they’re a model employee and team player, and gain insights on their temperament, personality, and work psychology. 

The scope for abuse of these tools is evidently massive, but regardless of the good they may achieve by preventing the theft of trade secrets or sensitive information, making the task of exposing waste, fraud, abuse, corruption, or dangers to public health and safety even more difficult is seemingly hardwired into both. 

Of course, it was via a humble USB device that Edward Snowden was able to smuggle thousands of sensitive documents out of the National Security Agency’s Hawaiian headquarters, and publicly expose shocking, highly-classified government spying secrets, including warrantless wiretapping of millions of American citizens, in violation of the Foreign Intelligence Surveillance Act and US Constitution. 

Likewise, military intelligence analyst Chelsea Manning exfiltrated over a million US Army files from classified networks using a thumb drive and other removable media storage devices, including a compact disk that she labeled a Lady Gaga CD.

It’s entirely conceivable that preventing another courageous individual from spilling such secrets ever again, by making the already difficult and dangerous work of a whistleblower all the more daunting and fraught, was the precise inspiration for these resources. After all, Microsoft became embroiled in a not insignificant scandal in 2013 precisely because of documents released by Snowden. 

Among other things, the files revealed that the company willingly collaborated with US intelligence services to allow user communications to be intercepted, actively helping the NSA to circumvent its encryption. In one file, the Agency bragged that following the firm’s 2011 purchase of Skype, it collected three times the amount of video calls made through the platform than it did previously.

Microsoft’s intimate, cozy relationship with US spying agencies and the Department of Defense extends far further. Since 9/11, it has reaped billions from selling tech solutions in all manner of areas, a dark handshake that has only grown tighter over the years – in 2019, Microsoft was awarded eight times the number of national security contracts it received in 2015. Joseph D. Rozek, who created the Department of Homeland Security, joining the company at the highest levels may to some degree influence this ever-rising windfall. 

Whatever the truth of the matter, many of these contracts rely heavily on the company’s ostensible consumer applications. For example, in March, the Pentagon awarded Microsoft a 10-year, $21.88 billion contract to construct augmented-reality headsets for US troops, backed by the firm’s Azure cloud computing services. The futuristic equipment can project holographic video-game style maps, thermal and night imaging, target-identification information, identify where a soldier’s weapon is aimed, and monitor vital statistics such as their heart rate.

Also on rt.com Microsoft launches Metaverse rival, staking out uncanny valley territory before Facebook can build its own reality

Such a vast, long-running, and lavishly funded project being entrusted to a single company speaks volumes about the faith placed in Microsoft by US military chiefs. The CIA, an agency notorious for its intense aversion to leaks, leakers, and external oversight or interference in its operations, has also clearly taken quite the shine to Bill Gates’ creation. In November 2020, Langley awarded its Commercial Cloud Enterprise contract, worth tens of billions of dollars over 15 years, to Amazon Web Services, Microsoft, Google, Oracle, and IBM. 

Under the award, each company will be able to compete for specific task orders at various classification levels for not only the CIA, but 16 other US intelligence entities. Microsoft clearly dislikes being overlooked for intelligence work – in August, the NSA awarded a contract worth $10 billion to Amazon Web Services, under which all its signals intelligence and foreign surveillance data will be collated in a single, easily searchable repository. The move was challenged by Microsoft, which was also a bidder.

Think your friends would be interested? Share this story!