Authored by Brad Smith, President, Microsoft and co-authored by Carol Ann Browne, Senior Director, External Relations and Executive Communications, the book tells the story of a tech sector trying to come to terms with forces that are bigger than any one company or even the entire industry.
The book seeks to tell a story not just about trends and ideas, but about people, decisions, and actions to address a rapidly changing world.
EXCERPT: On October 30, the Washington Post published a story that set the industry’s hair on fire: “NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say.” The story was coauthored by Bart Gellman, a journalist I had known and respected since he wrote for the Daily Princetonian at Princeton University, where we were undergraduates together.
His article said that the NSA, with the help of the British government, was surreptitiously tapping into undersea fiberoptic cables to copy data from Yahoo and Google networks. While we could not verify whether the NSA was targeting our cables, some of Snowden’s documents also referred to our consumer email and messaging services. That made us suspect we had been tapped as well.
To this day, the US and British governments have not spoken publicly to deny hacking into data cables. The tech sector responded with a combination of astonishment and anger. At one level, the story provided a missing link in our understanding of the Snowden documents. It suggested that the NSA had much more of our data than we had lawfully provided through national security orders and search warrants. If this was true, the government in effect was conducting a search and seizure of people’s private information on a massive scale.
The Washington Post story indicated that the NSA, in collaboration with its British counterpart, was pulling data from the cables used by American technology companies, potentially without judicial review or oversight. We worried that this was happening where cables intersected in the United Kingdom. As lawyers across the industry compared notes, we theorized that the NSA persuaded itself that by working with or relying upon the British government and acting outside US borders, it was not subject to the Fourth Amendment to the US Constitution and its requirement that the NSA search and seize information only pursuant to due process and court orders.
The reaction at Microsoft and across the industry was swift. In the weeks that followed, we and other companies announced that we would implement strong encryption for all the data we moved between our data centers on fiberoptic cables, as well as for data stored on servers in our data centers themselves. It was a fundamental step in protecting customers, because it meant that even if a government siphoned up customer data by tapping into a cable, it would almost certainly be unable to unlock and read what it had obtained. These types of encryption advances were easier said than done. They would involve large computational workloads for our data centers and require substantial engineering work.
Some of our engineering leaders were less than enthusiastic. Their concerns were understandable. Software development inherently involves choices between features, given the finite availability of engineering resources that can be applied on a feasible timeline. This encryption work required them to delay the development of other product features that customers were asking us to add. After some animated discussion, CEO Steve Ballmer and our senior leadership team made the decision to press forward quickly on the encryption front.