Microsoft opens office for EU states to ‘review’ its source code

8 Jun 2015

Tech giant Microsoft has opened a European ‘Transparency Centre’ in Brussels, allowing governments worried about state surveillance to investigate the source code for things like Windows 8.1, 7 and Vista for back doors.

European bodies are fairly suspicious of the surveillance activities of the US spying arm the NSA, following Edward Snowden’s revelations that began more than two years ago.

The information he released showed the systematic collection of personal data from European citizens by NSA’s access into US tech companies, rendering Safe Harbour relatively useless for the EU, yet still consistently adhered to.

So now, following Apple’s similar moves in China, Microsoft is showing off how secure its systems are now, in a bid to win back the confidence of EU leaders.

Combating state surveillance

The centre is part of Microsoft’s Government Security Program (GSP), which offers the opportunity to review the source code of Microsoft products, and access information on cybersecurity threats and vulnerabilities.

“Only by increasing confidence in the digital solutions which have the potential to catalyse whole economies can Europe ensure that every citizen, business and government feels the benefits of the digital revolution,” said Matt Thomlinson, vice president of Microsoft security.

This may do little to assuage those concerned, however, given that one of the earliest revelations by Snowden concerned Prism, a project that appeared to detail how the NSA gained direct access to many major US tech firms.

Not just that, but at the time Bloomberg discussed the model used by Microsoft, saying it actually gives intelligence agencies first look at bugs, before publicly releasing a fix.

This, it could reasonably be argued, offers some amazingly effective surveillance organisations direct access to opportunities that can allow them entrances into Microsoft’s services.

Early bird catches the worm

In a lengthy piece on Microsoft’s encryption plans and use of BitLocker as a means of securing users’ information, The Intercept reported on many worries within the tech giant’s model last week.

“A great many people, particularly in information security circles […] worry that BitLocker’s advanced technology is meant to distract people from the company’s cozy relationship with the government, and that any data ‘secured’ using BitLocker could be handed over to spy agencies or law enforcement,” reads the article.

This is something that Microsoft denies, however many are understandably wary given the neverending stream of documentation highlighting the effectiveness of the NSA – and the UK version, GCHQ – and the success rate it has in accessing the information that it wants.

Microsoft's transparency centre in Brussels

Microsoft’s transparency centre in Brussels

This is actually Microsoft’s second ‘transparency’ site; it opened one in Washington last year that has “already hosted several governments”.

There are plans to expand this beyond Europe and the US, into South America and Asia. There are more than 23 countries involved in GSP, with 42 bodies represented in total.

In Europe, participants include the governments of the UK, Austria, the Czech Republic, Estonia, Finland, the Netherlands, Poland, Spain and Sweden, as well as organisations including the European Commission.

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com