Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

Microsoft Wins Patent For Internet Spying Technology

The company has patented a method for intercepting Web-based communications so they can silently be recorded.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
Microsoft has been granted a patent for technology that acts as a wiretap of sorts for Internet communication, allowing governments or other law-enforcement authorities to record the data without detection.

Dubbed "Legal Intercept," using the technology means "data associated with a request to establish a communication is modified to cause the communication to be established via a path that includes a recording agent" that silently records the data, according to a filing with the U.S. Patent and Trademark Office.

In other words, the technology intercepts Internet communications data so it can be recorded for the purposes of reviewing it later by, presumably, government or law-enforcement officials.

"Sometimes, a government or one of its agencies may need to monitor communications between telephone users," Microsoft said in the filing, describing how a recording device can be placed at a central office to record communications over a traditional telephone network.

But with Voice over IP and other Internet-based communications, "the [conventional] model for recording communications does not work," according to Microsoft.

The company filed for the patent on Dec. 23, 2009, and patent number 20,110,153,809 for the technology was granted on June 23.

Microsoft declined to comment about if and how it plans to use the technology and if it plans to possibly sell it to the federal government, according to a spokesperson reached via email.

It's no secret the federal government is looking for better ways to legally intercept Internet communications, and that it feels hampered by the inadequate ways to do so at the moment.

FBI officials have complained at length about the "going dark" problem, which refers to their inability to intercept electronic communications in a timely and efficient fashion even when they have a warrant to do so.

Part of the problem is that companies that have access to the communications don't have the capability to access it and get it in the hands of officials quickly and efficiently.

It's unclear whether the technology Microsoft patented will help alleviate this problem, but as described in the patent fling, it certainly should make it easier to record Internet-based communications delivered via a variety of means--including Voice over Internet Protocol, smartphones, PCs, set-top boxes, and Internet-based gaming devices such as Microsoft's own Xbox.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
Stephen Ward, VP, ThreatConnect,  7/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVE-2020-15008
PUBLISHED: 2020-07-07
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user su...