Questions for microsoft azure on spying and decryption

Does microsoft give private keys uploaded to azure?

Does it give the originally encrypted pfx file (with the identified password), or the decrypted content?

Does microsoft grant nsa  access to the vm (for placement of spying tools, etc.) or changing ssl ciphersuite group policy?

Are deleted images and deleted storage blocks delivered?

Does the azure fabric enable ssl to be offloaded to the loadbalancer pool?

Let’s say a court order required elements of the above. Could microsoft comply? Is i t allowed to lie to a court (or give sealed response) to protect the nsa side capabilities?

Now the questions for microsoft cloud extend beyond that particular platform. They extend to any ISP, service provider, communications provider, or similar. And, we recall JUST how sensitive the larger firms were to being outed on using “common language” of denial. we need to follow up just “how come” the language was synced. That is, WHAT IS THE FORUM they used (and how much involvement does it have with US government entities in this case or in other cases within the scope of the forum)?

Lets see transparency at work… (or is it all just a big Google sham, or PR value)? Lets watch how they cover this one – in some mock privacy or scoping rules (that deny transparency).

So, in general the next step in the public right to understand the privacy policy meaning of such firms as Microsoft or Google should be to focus on the smaller ISP – who have been forced to give over SSL  private keys. The vendors are the weak link – in the secrecy apparatus, as are general courts (that may have to be regularly issuing sealing/secrecy orders to protect sensitive records that may transfer to new owners on such mundane events such as a bankruptcy). Here we can pry and see WHERE and HOW FAR the *control system* extends. This is FAR more interesting than the spying itself (which one should have assumed for years, given the nature of Anglo/American governments). It portends to the extent of hidden, non police liaisons within firms. It allows one to ask: is the duplicity in more programs than privacy? For example, is the critical infrastructure initiative a cover by which the controls protocols for things OTHER than preparedness are established, practiced, etc.


About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in spying. Bookmark the permalink.