Microsoft CEO Satya Nadella clarified his views on backdoors in a Monday meeting with reporters in New York (via The Verge). Though the 52-year-old gave mixed messages about co-operating with law enforcement, he espoused the need for a balance between privacy and safety.
“I do think backdoors are a terrible idea, that is not the way to go about this,” he said. “We've always said we care about these two things: privacy and public safety. We need some legal and technical solution in our democracy to have both of those be priorities.”
The statement follows requests for Apple to help unlock iPhone's associated with a December 6 shooting at the Pensacola naval air station. While Apple made efforts to aid in the general case, Barr said the company provided no “substantive assistance” to unlock the phones”.
This is the second time Microsoft has supported Apple's fight against backdoors, the first in 2016. The reasoning is simple. Build in a backdoor or bypass for one person, and it's available to all. By giving the FBI a way around its iPhone encryption, Apple risks it using it for mass surveillance or outside attackers discovering and exploiting the flaw.
A Soft Stance on Data Handover
However, though Nadella took a stance on backdoors, he didn't rule out handing over data entirely.
“We can't take hard positions on all sides… [but if they're] asking me for a backdoor, I'll say no.” Nadella continued, “My hope is that in our democracy these are the things that arrive at legislative solutions.”
Notably, Edward Snowden's 2013 leaks revealed that Microsoft was part of the NSA's PRISM program, which is alleged to tie in data from millions of citizens on an automatic basis. NSA documents suggest this included Hotmail and Skype, with information like VoIP, photos, email, and file transfers.
In response, Microsoft said it only provides customer data when it receives a legally binding order and not on a mass surveillance scale. A lot has changed since then, the company taking the US government to court for its request for data hosted in Ireland.
In 2018, president Brad Smith called for international laws to protect users from governments accessing their data. The company's stance is that a user should have rights such as notice and the ability to challenge, while the public should have transparency and there should be prior judicial authorization.
This is likely the kind of thing Nadella is referring to when he talks about legislative solutions. Still, with privacy and the methods used for ‘public safety' so at odds with each other, it's difficult to see a future where both can be priorities.