Risk
6/28/2011
03:35 PM
50%
50%

Microsoft Wins Patent For Internet Spying Technology

The company has patented a method for intercepting Web-based communications so they can silently be recorded.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
Microsoft has been granted a patent for technology that acts as a wiretap of sorts for Internet communication, allowing governments or other law-enforcement authorities to record the data without detection.

Dubbed "Legal Intercept," using the technology means "data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent" that silently records the data, according to a filing with the U.S. Patent and Trademark Office.

In other words, the technology intercepts Internet communications data so it can be recorded for the purposes of reviewing it later by, presumably, government or law-enforcement officials.

"Sometimes, a government or one of its agencies may need to monitor communications between telephone users," Microsoft said in the filing, describing how a recording device can be placed at a central office to record communications over a traditional telephone network.

But with Voice over IP and other Internet-based communications, "the [conventional] model for recording communications does not work," according to Microsoft.

The company filed for the patent on Dec. 23, 2009, and patent number 20,110,153,809 for the technology was granted on June 23.

Microsoft declined to comment about if and how it plans to use the technology and if it plans to possibly sell it to the federal government, according to a spokesperson reached via email.

It's no secret the federal government is looking for better ways to legally intercept Internet communications, and that it feels hampered by the inadequate ways to do so at the moment.

FBI officials have complained at length about the "going dark" problem, which refers to their inability to intercept electronic communications in a timely and efficient fashion even when they have a warrant to do so.

Part of the problem is that companies that have access to the communications don't have the capability to access it and get it in the hands of officials quickly and efficiently.

It's unclear whether the technology Microsoft patented will help alleviate this problem, but as described in the patent fling, it certainly should make it easier to record Internet-based communications delivered via a variety of means--including Voice over Internet Protocol, smartphones, PCs, set-top boxes, and Internet-based gaming devices such as Microsoft's own Xbox.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4632
Published: 2015-01-31
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 does not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certifica...

CVE-2014-7287
Published: 2015-01-31
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.

CVE-2014-7288
Published: 2015-01-31
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.

CVE-2014-8266
Published: 2015-01-31
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.

CVE-2014-8267
Published: 2015-01-31
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.