Yesterday we reported that Microsoft will warn users of 'state-sponsored' attacks on their accounts. Sounds great, but does it actually mean anything? Is it a useful service by the tech giant, or just PR bluster?
Considering the covert nature of spying and digital attacks, coupled with legislation around the world, it seems likely that the announcement is little more than meaningless hot air. In the UK, for instance, the planned snooper's charter would make it illegal for companies to alert users to hacking and surveillance by British agencies.
While this means that it would still be possible for Microsoft (and the likes of Yahoo who announced something similar) to let users know that their accounts are being spied on, it's not a luxury that can be extended to everyone. Should the UK, or another country's government, decide to monitor accounts of Microsoft customers in the US, Microsoft could let them know about it. Likewise, if the US, Russia, or another government other than the UK one decided to spy on users in the UK, Microsoft would be able to issue alerts.
But should the UK government spy on users in the UK, Microsoft would not be able to issue a warning without the risk of facing prosecution. Of course, there is nothing to stop other foreign governments from introducing similar restrictions, ultimately meaning that companies have the choice between complying with the rules or quitting operations in that country.
As noted by TechSpot, the Investigatory Powers Bill (AKA the snooper's charter) includes the proviso that it:
...will ensure that a communication service provider does not notify the subject of an investigation that a request has been made for their data unless expressly permitted to do so.
In short, Microsoft is promising to let users know about state-sponsored spying on their accounts, but only if said state permits this information to be shared. It's an empty gesture.
Photo credit: Imilian / Shutterstock