With all the lapses in cyber security that have happened in the recent times, one would assume that top companies would be even more careful about the subject. But it seems Microsoft didn’t think much about the bank details of its Indian customers as it routinely shared them with the US intelligence agencies, according to a report by DNA Money.
As a result, Reserve Bank of India (RBI) in its Risk Assessment Report has raised an issue of concern regarding the sharing of the data of people with accounts in banks that switch its systems to Microsoft Office 365 cloud-based email service with US Intelligence Services. The banks in question were reportedly aware of this lapse in security, but didn’t share this piece of information with its customers.
In the report RBI stated, “All the mailboxes had been migrated to office 365 Microsoft cloud environment. It was gathered from the Microsoft transparency hub that Microsoft is bound to share customers’ data under US Foreign Intelligence Surveillance Act (FISA) and US national security letters as and when required by the US authorities.”
Microsoft spokesperson on its part told DNA Money, “No government has direct access to any of our users’ data. Data privacy is a top priority for us. We never provide customer data unless we receive a legally valid warrant, order or subpoena about specific accounts or individual identifiers that we have reviewed and considered legally appropriate and consistent with the rule of law and our Microsoft principles.”
That being said Microsoft’s Transparency hub clearly states that the company is required to share any customer data under the US Foreign Intelligence Surveillance Act (FISA) and US national security letters, under orders from government agencies.
According to reports by RBI, Microsoft divulged information 3,036 times after 4,000 requests from US authorities regarding information about Indian customers in the US. Microsoft has deals in place with banks about sharing data which can be further shared under direct orders from the Indian government or any Indian court. There are Supreme Court guidelines about not sharing user data with third parties or taking it out of the country. But IT companies often use loopholes to do just that.
Re-disseminated by The Asian Banker from bgr.in