I’m dipping into the Lync Insider mailbag this week. We had some questions about the PRISM article in late June. Here are your answers!
1. In regards to PRISM: Exchange Server is another Microsoft Product. Does that mean all our emails are shared with the NSA?
I wrote about the PRISM security issue the other day, in regards to Lync Server. With Exchange Server, the same concern applies. A locally-hosted or private cloud Exchange Server should be fine; Microsoft does not have control of the data. However if you use the Outlook client in Office 365, or Outlook.com email, then Microsoft does have some control of your data.
Microsoft has stated that they do not provide the NSA with direct access to email, though they could still share your data with the NSA under their current terms. I don’t know just how far it’s gone, but so far PRISM is causing a lot of privacy worries – with good reason!
2. Can an intelligence agency “tap” a Lync VoIP call, like they do normal phones?
I’m not intimately familiar with how phone taps/wiretaps work, so I had to look it up. Here’s the Wikipedia page, if you’re curious: https://en.wikipedia.org/wiki/Telephone_tapping
VoIP service providers are seen as telecom carriers under the law, and must cooperate with wiretaps. So yes, an agency can “tap” your Lync calls via the VoIP line used (e.g., a SIP trunk). However, this applies to calls leaving the Lync Server network, as internal calls are routed differently than external calls.
Plus the sheer volume of such calls occurring lends some degree of obscurity. Just be mindful!
3. What about Skype? Is Skype safe?
Unfortunately, no. Skype started cooperating with intelligence agencies before the Microsoft acquisition, under the auspices of “Project Chess.” Skype calls ARE subject to NSA spying, and have been for a while.
This really irritates me (as I’m sure it does many Skype users!). It means that, depending on the form a unified Skype-Lync system takes on, it could mean NSA access is built in.
I seriously hope this is not the case. I liked Skype – not as much as Lync, but still – and this sort of news darkens my opinion of it. If it means opening Lync Server to NSA data mining…then maybe Skype and Lync should NOT merge.
All good questions. Hope my answers help put some minds at ease (or spur changes, if your privacy is at risk). If you have questions about Lync Server 2013 and/or current privacy concerns, please email me at firstname.lastname@example.org and ask.
See you next week!