Risk
6/28/2011
03:35 PM
50%
50%

Microsoft Wins Patent For Internet Spying Technology

The company has patented a method for intercepting Web-based communications so they can silently be recorded.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
Microsoft has been granted a patent for technology that acts as a wiretap of sorts for Internet communication, allowing governments or other law-enforcement authorities to record the data without detection.

Dubbed "Legal Intercept," using the technology means "data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent" that silently records the data, according to a filing with the U.S. Patent and Trademark Office.

In other words, the technology intercepts Internet communications data so it can be recorded for the purposes of reviewing it later by, presumably, government or law-enforcement officials.

"Sometimes, a government or one of its agencies may need to monitor communications between telephone users," Microsoft said in the filing, describing how a recording device can be placed at a central office to record communications over a traditional telephone network.

But with Voice over IP and other Internet-based communications, "the [conventional] model for recording communications does not work," according to Microsoft.

The company filed for the patent on Dec. 23, 2009, and patent number 20,110,153,809 for the technology was granted on June 23.

Microsoft declined to comment about if and how it plans to use the technology and if it plans to possibly sell it to the federal government, according to a spokesperson reached via email.

It's no secret the federal government is looking for better ways to legally intercept Internet communications, and that it feels hampered by the inadequate ways to do so at the moment.

FBI officials have complained at length about the "going dark" problem, which refers to their inability to intercept electronic communications in a timely and efficient fashion even when they have a warrant to do so.

Part of the problem is that companies that have access to the communications don't have the capability to access it and get it in the hands of officials quickly and efficiently.

It's unclear whether the technology Microsoft patented will help alleviate this problem, but as described in the patent fling, it certainly should make it easier to record Internet-based communications delivered via a variety of means--including Voice over Internet Protocol, smartphones, PCs, set-top boxes, and Internet-based gaming devices such as Microsoft's own Xbox.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?