Microsoft today announced that it has enabled encryption protection on its consumer-oriented Outlook.com and OneDrive online services. These changes will help better protect customer data from electronic snooping and theft ... by governmental agencies including the NSA.
"We are in the midst of a comprehensive engineering effort to strengthen encryption across our networks and services," Microsoft Trustworthy Computing president Matt Thomlinson writes in a new post to the Microsoft on the Issues blog. "Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day. This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data."
As part of these ongoing efforts, Microsoft announced three new milestones today:
Outlook.com is now protected by both TLS and PFS encryption for both outbound and inbound email. Effective immediately, when you send an email, it is encrypted with Transport Layer Security and Perfect Forward Secrecy encryption and is thus better protected as it travels to other email providers. Full protection will of course require that the receiving email provider also have TLS support, but because Forward secrecy uses a different encryption key for every connection, it is regardless much more difficult for attackers to decrypt. "This is a significant engineering effort given the large number of services Microsoft offers and the hundreds of millions of customers we serve around the world," Thomlinson notes.
OneDrive is now protected with PFS encryption support. Data stored in Microsoft's cloud storage service is now protected by Perfect Forward Secrecy. And it works whether you access the service from onedrive.com on the web, via a mobile device app, or Microsoft's PC-based sync clients. This technology makes it more difficult for attackers to decrypt connections between their systems and OneDrive.
Microsoft Transparency Center. Additionally, Microsoft has opened a new Transparency Center on its Redmond campus. "Our Transparency Centers provide participating governments with the ability to review source code for our key products, assure themselves of their software integrity, and confirm there are no 'back doors'," Thomlinson writes. "The Redmond location is the first in a number of regional transparency centers that we plan to open. We continue to make progress on the Transparency Center in Brussels, with other locations soon to be announced."
These efforts follow other similar changes, including the Microsoft Azure ExpressRoute service, which enables businesses to create private connections between Azure datacenters and on-premises infrastructure, and enhanced messaging encryption in (the business versions of) Office 365. Presumably, more is on the way, including full (business) Office 365 email and data storage encryption.