Characterizing government spying as an ongoing and heavily coordinated electronic attack, Microsoft this week revealed that it will begin heavily encrypting all of the network traffic that is routed through its online services and all of the customer data that it stores. These stringent protections will be in place by the end of 2014, the firm claims.
"Government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks," Microsoft General Counsel Brad Smith writes in a new post to the Official Microsoft Blog. "We've decided to take immediate and coordinated action."
Related: "Microsoft Joins the War Against the NSA"
This action includes the following:
Expanding encryption. Microsoft's major communications, productivity, and developer services—Outlook.com, Office 365, SkyDrive, and Windows Azure—will be updated with Perfect Forward Secrecy and 2048-bit encryption at all points, including migrations between the firm's data centers. This protection will be in place across these services by the end of 2014. (Microsoft notes that many of these services already provide some form of encryption protection.)
Reinforcing legal protections. Microsoft says it is reinforcing legal protections for customer data. This will include informing business and government customers when Microsoft receives legal orders related to their data, challenging gag orders in court, and asserting "available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country."
Increasing transparency. Microsoft is enhancing the transparency of its software code by allowing government customers to examine source code to reassure them that the firm's products do not contain back doors. Microsoft will open transparency centers in Europe, the Americas, and Asia to accommodate this need and will expand the range of products that it will allow these customers to examine.
The point, of course, is to prevent US National Security Agency (NSA), Government Communications Headquarters (GCHQ, in the UK), and other secretive governmental spying from undermining the public trust in cloud computing generally and in Microsoft's offerings specifically.
"We're sensitive to the balances that must be struck when it comes to technology, security, and the law," Smith notes. "We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution. We want to ensure that important questions about government access are decided by courts rather than dictated by technological might. And we're focused on applying new safeguards worldwide, recognizing the global nature of these issues and challenges. We believe these new steps strike the right balance, advancing for all of us both the security we need and the privacy we deserve."
Microsoft isn't alone in stepping up its protections against governmental snooping. Yahoo! and Google have both announced similar plans to encrypt all of the data that goes through their own online services, as well.
