Microsoft has blocked an Israeli military unit from using some of its technology services after the company found evidence supporting a report that the tech was being used for surveillance of Palestinian civilians.
The move by the Redmond, Wash.-based tech giant is in response to an Aug. 6 report by The Guardian, which revealed how Microsoft Azure was being used to store and process millions of Palestinian civilian phone calls made each day in Gaza and the West Bank.
Microsoft President Brad Smith announced in a note to employees on Thursday the decision to cease and disable services being used by Unit 8200, an Israeli military spy agency. He said an ongoing review by Microsoft had found “evidence that supports elements of The Guardian’s reporting.”
“We do not provide technology to facilitate mass surveillance of civilians,” Smith wrote. “We have applied this principle in every country around the world, and we have insisted on it repeatedly for more than two decades.”
He also noted that Microsoft’s respect for the privacy rights of its customers — in this case, the Israeli military — meant that among other things, it could not access customer content. The company previously acknowledged limits as to what it could verify, citing a lack of visibility into use of its technology on private servers outside its cloud.
The Guardian report and Microsoft’s dealings with Israel during the ongoing war in Gaza have been the basis for repeated protests against the company on its headquarters campus and elsewhere in recent months.
Members of the group No Azure for Apartheid have been calling on Microsoft to cut all ties to the Israeli military and government. Demonstrations in Redmond in August grew increasingly confrontational. Twenty people, including some current and former employees, were arrested during a protest on campus on Aug. 20. A week later, several protesters made their way into and occupied Smith’s office in Building 34.
At the time, Smith said Microsoft was committed to upholding its human rights principles and was actively investigating The Guardian report.
UPDATE: In a statement Thursday, No Azure for Apartheid called Microsoft’s move “an unprecedented, but insufficient, win for our campaign,” saying that it was only possible “because of the sustained pressure by our campaign.”
Microsoft officials have described the group’s actions as a distraction from its efforts to investigate the issue and have a dialogue with its employees.
The Guardian reported that the massive repository of intercepted Palestinian calls — which amounted to as much as 8,000 terabytes of data — was held in a Microsoft data center in the Netherlands. The newspaper said that within days of publishing its investigation, “Unit 8200 appears to have swiftly moved the surveillance data out of the country.”
On Thursday, The Guardian cited sources familiar with the data transfer, which occurred in early August, and said Unit 8200 “planned to transfer the data to the Amazon Web Services cloud platform.” Neither the Israel Defense Forces nor Amazon responded to The Guardian’s request for comment, and GeekWire has reached out to Amazon, as well.
In his memo to employees, Smith said that the company will continue providing cybersecurity services to Israel and other countries in the Middle East.
Read Brad Smith’s full letter to employees:
I want to let you know that Microsoft has ceased and disabled a set of services to a unit within the Israel Ministry of Defense (IMOD). I know many of you care about this topic, and I share more about this decision below.
Let me first provide some context. As I’ve said to you in recent weeks, Microsoft is not a government or a country. We are a company. Like every company, we decide what products and services to offer to our customers.
As we publicly announced on August 15, we decided to undertake a review of allegations that appeared in an article published on August 6 by The Guardian about a unit of the Israel Defense Forces (IDF). As we explained at that time, The Guardian article reported that “multiple individuals have asserted that the IDF is using Azure for the storage of data files of phone calls obtained through broad or mass surveillance of civilians in Gaza and the West Bank.”
We have reviewed The Guardian’s allegations based on two principles, both grounded in Microsoft’s longstanding protection of privacy as a fundamental right. As employees, we all have a shared interest in privacy protection, given the business value it creates by ensuring our customers can rely on our services with rock solid trust.
First, we do not provide technology to facilitate mass surveillance of civilians. We have applied this principle in every country around the world, and we have insisted on it repeatedly for more than two decades. This is why we explained publicly on August 15 that Microsoft’s standard terms of service prohibit the use of our technology for mass surveillance of civilians.
Second, we respect and protect the privacy rights of our customers. This means, among other things, that we do not access our customers’ content in this type of investigation.
Since August 15, we have pursued this review by respecting both these principles, as well as the company’s policies, contracts, and customer commitments. At no point has Microsoft accessed IMOD’s customer content. Rather, the review has focused on Microsoft’s own business records, including financial statements, internal documents, and email and messaging communications, among other records.
While our review is ongoing, we have found evidence that supports elements of The Guardian’s reporting. This evidence includes information relating to IMOD consumption of Azure storage capacity in the Netherlands and the use of AI services.
We therefore have informed IMOD of Microsoft’s decision to cease and disable specified IMOD subscriptions and their services, including their use of specific cloud storage and AI services and technologies. We have reviewed this decision with IMOD and the steps we are taking to ensure compliance with our terms of service, focused on ensuring our services are not used for mass surveillance of civilians.
As I said at our recent employee townhall, this does not impact the important work that Microsoft continues to do to protect the cybersecurity of Israel and other countries in the Middle East, including under the Abraham Accords.
I want to note our appreciation for the reporting of The Guardian. Its reports were based in part on sources outside Microsoft that had information we could not access in light of our customer privacy commitments. This helped inform our review.
I appreciate that many of you will have additional questions. Our review is ongoing. I’ll share more information in the coming days and weeks, when it’s appropriate to do so, including lessons learned from this review and how we will apply those lessons as we go forward.
Microsoft will continue to be a company guided by principles and ethics. We will hold every decision, statement, and action to this standard. This is non-negotiable.
Brad
