Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Microsoft Makes Big Moves To Protect Customers From Government Eyes

We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution.” – Brad Smith, Microsoft

We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution.” – Brad Smith, Microsoft

Microsoft, concerned over recent allegations of governments attempting to circumvent online security measures in order to monitor users, has vowed to take action in order to protect its customers from prying eyes and increase transparency.

To start, the software giant said it would “pursue a comprehensive engineering effort to strengthen the encryption of customer data” across its networks and services.

Microsoft Data Protection“For many years, we’ve used encryption in our products and services to protect our customers from online criminals and hackers,” Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs, Microsoft wrote in a blog post late Wednesday. “While we have no direct evidence that customer data has been breached by unauthorized government access, we don’t want to take any chances and are addressing this issue head on.”

Microsoft’s anti-surveillance and security efforts will include “major communications”, productivity and developer services such as Outlook.com, Office 365, SkyDrive and Windows Azure.

Overall, Microsoft said it would provide protection across the “full lifecycle of customer-created content”, including:

· Customer content moving between customers and Microsoft will be encrypted by default.

· All of Microsoft’s key platform, productivity and communications services will encrypt customer content as it moves between Microsoft data centers.

· Strong cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.

Advertisement. Scroll to continue reading.

Microsoft also said it would encrypt customer content that it stores.

For applications and services developed to run on Windows Azure, Microsoft will give developers the choice, but will offer tools help them easily protect data.

Code Transparency

In addition, Microsoft said it would enhance the transparency of its software code, helping to convince customers its products do not contain back doors. The company said it would go as far as opening a network of “transparency centers” designed to provide customers with greater ability to assure themselves of the integrity of Microsoft’s products. The centers will be opened across Europe, the Americas and Asia, Microsoft said.

The company also said it would make an effort to protect data traveling between service providers, such as from one email provider to another.

All of these initiatives will be in place by the end of 2014, Microsoft said, with much of it is effective already.

“Although this is a significant engineering effort given the large number of services we offer and the hundreds of millions of customers we serve, we’re committed to moving quickly,” Smith added. “In fact, many of our services already benefit from strong encryption in all or part of the lifecycle. For example, Office 365 and Outlook.com customer content is already encrypted when traveling between customers and Microsoft, and most Office 365 workloads as well as Windows Azure storage are now encrypted in transit between our data centers. In other areas we’re accelerating plans to provide encryption.”

“Ultimately, we’re sensitive to the balances that must be struck when it comes to technology, security and the law,” Smith concluded. “We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution.”

RelatedTwitter Boosts Web Encryption with ‘Forward Secrecy’

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...