Follow us:

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

December 5, 2013 at 7:52 AM

Microsoft takes action to prevent governments using “technological brute force” to get customers’ data

Brad Smith, Microsoft's general counsel (Photo from Microsoft)

Brad Smith, Microsoft’s general counsel (Photo from Microsoft)

Saying that governments must use the “legal process rather than technological brute force to access customer data,” Microsoft announced it’s taking steps to protect its customers’ data from government snooping.

In doing so, Microsoft characterized the reported actions of some governments as a “persistent threat” akin to sophisticated malware and cyber attacks.

Microsoft’s actions take place following reports that the U.S. National Security Agency was intercepting traffic inside Google’s and Yahoo’s private networks and fears that the NSA may have broken into Microsoft’s global communications links as well, according to a Washington Post report.

The actions Microsoft is taking, outlined last night in a blog post from General Counsel Brad Smith, fall largely into three areas:

  • Expanding encryption across its various services: Microsoft says it has no direct evidence that its customers’ data have been breached by unauthorized government access but that it’s taking measures to enhance encryption across its services such as Outlook.com, Office 365, SkyDrive and Windows Azure. Among the measures: encrypting by default content moving between Microsoft and its customers, encrypting content moving between Microsoft’s data centers, and encrypting customer content that it stores. Microsoft said many of the measures are in place already while the rest will be in place by the end of 2014.
  • Reinforcing legal protections for its customers’ data: Microsoft says it will continue its practice of notifying its business and government customers if it receive legal orders related to their data, or will challenge the orders in court if there are gag orders preventing Microsoft from notifying its customers.
  • Enhancing transparency of its software code, which, Microsoft says, makes it “easier for customers to reassure themselves that our products do not contain back doors.” Microsoft already has a program that allows its government customers to review its source code to confirm there are no back doors, Smith said. The company will now open a “network of transparency centers that will provide these customers with even greater ability to assure themselves of the integrity of Microsoft’s products” and will expand the product range covered in these programs.

Smith explained why Microsoft took these actions, saying in part:

Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.

If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” alongside sophisticated malware and cyber attacks.

 

Comments | More in Microsoft | Topics: nsa, surveillance

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


Advertising
The Seattle Times

The door is closed, but it's not locked.

Take a minute to subscribe and continue to enjoy The Seattle Times for as little as 99 cents a week.

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Subscriber login ►
The Seattle Times

To keep reading, you need a subscription upgrade.

We hope you have enjoyed your complimentary access. For unlimited seattletimes.com access, please upgrade your digital subscription.

Call customer service at 1.800.542.0820 for assistance with your upgrade or questions about your subscriber status.

The Seattle Times

To keep reading, you need a subscription.

We hope you have enjoyed your complimentary access. Subscribe now for unlimited access!

Subscription options ►

Already a subscriber?

We've got good news for you. Unlimited seattletimes.com content access is included with most subscriptions.

Activate Subscriber Account ►