Microsoft beefs up security of its services against NSA snooping
Twitter recently announced that it was enhancing security measures, now Microsoft is doing the same thing. Unlike Twitter’s update though, Microsoft calls out Uncle Sam directly and makes no bones about the valid concerns many people have about government intervention of legal electronic commerce.
Stating that government efforts to circumvent security and legal process “seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an ‘advanced persistent threat,’ alongside sophisticated malware and cyber attacks.” Microsoft also stated that it had no direct evidence that any customer data had been compromised by unauthorized government access.
Microsoft announced three areas where it is taking “immediate action” to confront the threat:
- Expansion of encryption across services
- Reinforcing legal protections of customer data
- Enhancing the transparency of its software code so that consumers can see there are no “back doors” embedded
The encryption enhancements will expand by default between Microsoft services and the customer. Encryption keys will include Perfect Forward Security and 2048-bit key algorithms. Customer content will also be encrypted by default, but for developers using platforms like Windows Azure it will be optional.
The legal part of the initiative is more challenging in light of the how the laws are written and policies from government agencies are enforced. We know about “National Security Letters” that instantly mandate a gag order for the recipient. However, the FBI’s use of NSLs gives the agency wide latitude and offers the targets little choice for action on the matter.
In short, Microsoft faces an uphill challenge on this front, but the company has a wide array of its own resources including the fact that the government runs on Windows, so there is leverage where it may not exist elsewhere.
In terms of increasing the transparency of its source code, Microsoft will go beyond normal access for developers and actually open a network of transparency centers around the world (Americas, Europe and Asia) so that people can examine the range of products and their integrity.
Some of these changes go into effect immediately, others are starting now and will be in place over the next year. Given how Microsoft likes to cite privacy compared to its competitors, this direction from “old softy” was inevitable.
sources: Microsoft via CNN
1. Reality_Check (Posts: 245; Member since: 15 Aug 2013)
Doesn't matter in the case of NSA. If it wants something, resistance is futile.
7. designerfx (Posts: 65; Member since: 26 Mar 2013)
actually it's more like:
# of areas where we can actually validate microsoft's "we're securing things!" claims:
"Enhancing the transparency of its software code"
in short: nothing will be done.
11. Droid_X_Doug (Posts: 5529; Member since: 22 Dec 2010)
As long as MS' servers are located on U.S. soil, your data is a court order away from the alphabet agencies. And since all FISA court orders are issued with a gag ruling, you aren't even aware of the order to disclose.
French companies are moving the servers that contain their data to France. All the security measures in the world can't protect against a FISA court order if the servers are located in the U.S.
2. xtremesv (Posts: 188; Member since: 21 Oct 2011)
Microsoft won't bite its own government. This can be a strategy to ease people's minds and get them to think their data is safe from illegal snooping.
3. alterecho (Posts: 1053; Member since: 23 Feb 2012)
The only America company I could think of, that has the guts to defy NSA/American government is Apple. They are so business/machine minded, they don't care about government and it's threats. When Jobs was around, it looked as though the American president was listening to him. But then again, this is what I observed and could be different in reality.
8. designerfx (Posts: 65; Member since: 26 Mar 2013)
You couldn't be more wrong.
1: the EFF.
10. alterecho (Posts: 1053; Member since: 23 Feb 2012)
1.Yup. I forgot about them. But then again, they are the least likely company to hold any information about people.
2. WRONG! Google is most likely company the government will tap first and first to give in.
Leave out the favouritism aside for a minute and just think about it for a moment. Have you ever seen Apple give away anything? No. They don't seem to have any emotion. Their ONLY aim seems to be to earn money and do business.
If you're under warranty, they'll take care of you as their own extension, but once it's over, they demand money to care of you.
EVERYTHING is accounted at Apple. Just look at the way it treats their employees. No free stuff. Even they have to pay to use the gym or cafeteria in their building. Read about how celebrities pleaded with Steve Jobs to get a special iPhone before the official launch of the original back in 2007. He just wouldn't buckle fro anyone. You've got to stand in the line like the rest. Apple is a well oiled machine, with no feelings. You pay to use their service.
They seem to have some kind of a rule book that they seem to follow to the minutiae.
12. Droid_X_Doug (Posts: 5529; Member since: 22 Dec 2010)
"They seem to have some kind of a rule book that they seem to follow to the minutiae."
It is called the USA Patriot Act and relevant sections of the Foreign Intelligence Surveillance Act.
Resistance is futile. Even for Apple. You don't f*ck with the U.S. government.
13. alterecho (Posts: 1053; Member since: 23 Feb 2012)
"It is called the USA Patriot Act and relevant sections of the Foreign Intelligence Surveillance Act."
I was referring to Apple's rule book.
"You don't f*ck with the U.S. government."
4. N-fanboy (Posts: 528; Member since: 12 Jan 2013)
I don't know why people are complaining about NSA's actions like they have anything relivant. But its confusing to me because they say 'in democracy a government is powered by the people for the people' then why would the government spy on its own people?
6. elitewolverine (Posts: 1150; Member since: 28 Oct 2013)
because we are a republic...so democracy is not what you think it is for here.
5. Augustine (Posts: 607; Member since: 28 Sep 2013)
That'd be quite an about-turn by the company who enthusiastically forked over access to its customers' data to the NSA based on secret warrants issued by secret courts based on secret laws. What country is this again, Cuba?
On the down side, Microsoft's customers will lose the NSA backup of their data. Of course, as any government service, upon request, it'd take 7 months to reply with data from 19 months ago.
14. rodneyej1 (Posts: 3208; Member since: 06 Jul 2013)
They can spy on my all they want.. Who cares.. I hope they enjoy looking at my life.. Whatever.
15. taikucing (unregistered)
I know what NSA want: to grab pr0n photos from people.