Microsoft is allegedly handing over zero day exploits - digital threats which use previously unknown computer system vulnerabilities to compromise a network - to the U.S. government for use before the company patches the vulnerabilities.
Microsoft, of course, isn't the only tech firm to do this.
In a Bloomberg report by Michael Riley, thousands of tech, finance and manufacturing firms are allegedly working closely with U.S. security agencies, ranging from the National Security Agency and Federal Bureau of Investigation to the Central Intelligence Agency and the Department of Defense, to gather data and vulnerabilities which could be used by U.S. cyberwarfare units against potential adversaries.
Microsoft spokesman Frank Shaw told Bloomberg that these releases are done cooperatively with many agencies, giving the U.S. government an early start on risk assessment for previously unknown bugs.
Riley's other sources say these Internet and telecom companies don't share their customers' private communication, though some companies do share data and information which is stored in facilities offshore. If true, this would negate the need for a judge's order in order to acquire information which would otherwise require a warrant.
In return for providing such information, these companies receive unique benefits, like access to classified information on cyber attacks on their companies and other classified information. These companies are, allegedly, also given help to infiltrate and spy on competitors. Company executives are also given guaranteed immunity from any civil actions as a result of sharing data and information.
These details of U.S. and corporate cooperation on cybersurveillance could be immensely damaging to the U.S. tech industry. As Forbes notes, if customers can't trust U.S. tech firms - from router makers to cloud storage companies - to keep their information safe and confidential, then customers may have a massive crisis confidence, and opt to find more trustworthy companies overseas.
And this news doesn't help the U.S. in negotiations with China over alleged state-sponsored hacking units. President Barack Obama went to the public in February in order to shame apparent Chinese-sponsored hackers from attacking U.S. companies and government agencies. China rebuffed this claim, saying the U.S. government is responsible for far worse hacking operations, pointing towards the joint U.S.-Israel virus Stuxnet as an example.
It appears the Communist nation was just handed a few more examples.
