Post-Snowden, is Microsoft the Right Choice for Universities?

In light of the ongoing leaking of information about international and domestic government surveillance by the National Security Administration (NSA) in the United States and Government Communications Headquarters (GCHQ) in the United Kingdom, scholars and administrators need to reconsider if our data and confidential communications are truly secure. While the ethics review committees do their best job of ensuring that scholarly practices protect the privacy and safety of research subjects, the recent revelations should cause us to immediately reflect upon whether our use of Microsoft Office and particularly our email service Microsoft Outlook violates the research ethics agreements we’ve signed. Universities need to recognize that hiring private information technology corporations such as Microsoft and ethical compliance with protecting the privacy of our communications may not be compatible. Given our professional obligations to preserve confidentiality, what can be done to maintain compliance?

If we are serious about ethical research, universities should consider abandoning the Microsoft suite of programs in favour of not-profit, transparent, and highly encrypted software platforms that do not provide our data and metadata to marketing corporations and governments. (I say “not-profit” because I doubt that for-profit software companies will reject the immense profits to be made from retailing metadata to marketing companies). Knowing universities’ commitments to Microsoft I understand this is a Swiftian modest proposal. The software represents years of sunk-investment in training, skill development, and licensing deals. Many colleagues struggle with Microsoft software as is; any new software suites would undoubtedly cause rigor mortis in the university. Practical or not, the leaks should force universities to do something to ensure that we are not compromising private information.

As you know, Edward Snowden leaked documents to the Guardian revealing alarming collaborations between internet corporations (Google, Apple, AOL, PayPal, Facebook, etc.) and US and UK government agencies in the monitoring of citizens. No company has done more to ensure that the NSA and GCHQ has access to private information than the company many universities including my own Lancaster University hire for its document processing and email services: Microsoft. Under the Prism program, Microsoft provides to the NSA “direct access” to personal metadata. Microsoft helped the NSA circumvent encryption on The NSA had pre-encryption access to Outlook email. Microsoft assisted the US Federal Bureau of Investigations to “understand” how individuals remain anonymous on Outlook. Microsoft owns Skype and under Prism tripled the number of calls collected. On my university provided computer, I am presently writing this blog post on Microsoft Word. I will send it as an attachment on the university-provided Microsoft Outlook. I also use both of these programs to write about and discuss private issues regarding my research. Can we be sure that Microsoft defends the privacy of our research subjects from the monitoring eyes of the NSA and GCHQ? If we are serious about ethical research we should certainly worry about that.

This is not just an American problem. Via a program called Tempora, GCHQ collects online traffic through directly accessing undersea communication cables. In the UK Liberal Democrat Peer Lord Strasburger recently asked: “We now know GCHQ is routinely hoovering up and storing … the internet communications of millions of innocent people, turning us all from citizens into suspects. As far as I am aware, parliament has not sanctioned this. Can the minister please tell the house whether this blanket snooping on all of us is authorised by a minister, and if so, under which section of which act of parliament?” Mass surveillance in the UK is authorized under Section 8(4) of the Regulation of Investigatory Powers Act (RIPA), which allows for bulk surveillance by the Secretary of State. But according to an internal legal briefing, GCHQ has a “light oversight regime compared with the US.” Light indeed, as the GCHQ monitored the Blackberry phones of 2009 G20 leaders in London including a type of “economic espionage” of Brazilian President Dilma Rousseff paying close attention to information regarding Brazil’s semi-public oil company Petrobras. The surveillance of government officials in order to give home companies economic advantage goes far beyond the national safety that RIPA was written to ensure.

As scholars who must uphold the highest ethical standards in research and who must protect the privacy and safety of our research subjects, we should think twice about our reliance on software platforms provided by corporations such as Microsoft that do not share such ethical standards. While Silicon Valley is currently in a state of remorse, it is too little too late in my opinion. Scholars need to follow the state of India in attempting to cease the use of Microsoft’s Hotmail and Google’s Gmail for official communications. This ethical dilemma goes beyond transitioning out of the Microsoft Office suite and should cause us to critically reconsider the political valence of the university’s whole information technological assemblage—from the programs used to construct our arguments, to the networked systems we use to distribution our findings, to the for-profit cloud services we use for data retention. Now that we know the sophisticated ways in which the NSA and GCHQ crack encryption, can we be secure on these information platforms owned by corporations able and willing to collaborate with domestic surveillance and sell our metadata for a profit?

Thankfully, network activists are at work developing encrypted, not-for-profit, transparent, open source, and politically and technologically robust information technological solutions to these pressing problems of privacy. Information technology intensive cultural industries like the educational sector should leverage their trend-setting capacities and instigate a sea-change transition from compromised private to encrypted not-for-profit information systems. This would have reverberations, as students would continue to use these alternative systems in their subsequent professional lives. As a lecturer who teaches about the potentials and pitfalls of our networked lives, I would welcome such a prefigurative politics.

Considering the neoliberal university-marketing logic VCs and deans have learned perhaps they could justify such experiments in terms of cost-benefit managerialism. Could you imagine the free publicity from the media event around this headline? ‘University drops commercial software platforms until government surveillance stops.’ Such free press might just help us make our enrollment quotas and other essential metrics.