Microsoft beefs up security of its services against NSA snooping

Microsoft beefs up security of its services against NSA snooping
If there is one issue that has managed to maintain staying power, it is the ongoing trail of revelations related to the depth and breadth of access to electronic data by the National Security Agency. It is a gift that keeps on giving.

Twitter recently announced that it was enhancing security measures, now Microsoft is doing the same thing. Unlike Twitter’s update though, Microsoft calls out Uncle Sam directly and makes no bones about the valid concerns many people have about government intervention of legal electronic commerce.

Stating that government efforts to circumvent security and legal process “seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an ‘advanced persistent threat,’ alongside sophisticated malware and cyber attacks.”  Microsoft also stated that it had no direct evidence that any customer data had been compromised by unauthorized government access.

Microsoft announced three areas where it is taking “immediate action” to confront the threat:

  1. Expansion of encryption across services
  2. Reinforcing legal protections of customer data
  3. Enhancing the transparency of its software code so that consumers can see there are no “back doors” embedded

The encryption enhancements will expand by default between Microsoft services and the customer. Encryption keys will include Perfect Forward Security and 2048-bit key algorithms. Customer content will also be encrypted by default, but for developers using platforms like Windows Azure it will be optional.

The legal part of the initiative is more challenging in light of the how the laws are written and policies from government agencies are enforced. We know about “National Security Letters” that instantly mandate a gag order for the recipient. However, the FBI’s use of NSLs gives the agency wide latitude and offers the targets little choice for action on the matter.

In short, Microsoft faces an uphill challenge on this front, but the company has a wide array of its own resources including the fact that the government runs on Windows, so there is leverage where it may not exist elsewhere.

In terms of increasing the transparency of its source code, Microsoft will go beyond normal access for developers and actually open a network of transparency centers around the world (Americas, Europe and Asia) so that people can examine the range of products and their integrity.

Some of these changes go into effect immediately, others are starting now and will be in place over the next year. Given how Microsoft likes to cite privacy compared to its competitors, this direction from “old softy” was inevitable.

sources: Microsoft via CNN



15. taikucing unregistered

I know what NSA want: to grab pr0n photos from people.

14. rodneyej1

Posts: 3576; Member since: Jul 06, 2013

They can spy on my all they want.. Who cares.. I hope they enjoy looking at my life.. Whatever.

5. Augustine

Posts: 1043; Member since: Sep 28, 2013

That'd be quite an about-turn by the company who enthusiastically forked over access to its customers' data to the NSA based on secret warrants issued by secret courts based on secret laws. What country is this again, Cuba? On the down side, Microsoft's customers will lose the NSA backup of their data. Of course, as any government service, upon request, it'd take 7 months to reply with data from 19 months ago.

9. ZeroCide

Posts: 819; Member since: Jan 09, 2013

You sir get a +1

4. N-fanboy

Posts: 543; Member since: Jan 12, 2013

I don't know why people are complaining about NSA's actions like they have anything relivant. But its confusing to me because they say 'in democracy a government is powered by the people for the people' then why would the government spy on its own people?

6. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

because we are a democracy is not what you think it is for here.

3. alterecho

Posts: 1106; Member since: Feb 23, 2012

The only America company I could think of, that has the guts to defy NSA/American government is Apple. They are so business/machine minded, they don't care about government and it's threats. When Jobs was around, it looked as though the American president was listening to him. But then again, this is what I observed and could be different in reality.

8. designerfx

Posts: 76; Member since: Mar 26, 2013

You couldn't be more wrong. 1: the EFF. 2: Google.

10. alterecho

Posts: 1106; Member since: Feb 23, 2012

1.Yup. I forgot about them. But then again, they are the least likely company to hold any information about people. 2. WRONG! Google is most likely company the government will tap first and first to give in. Leave out the favouritism aside for a minute and just think about it for a moment. Have you ever seen Apple give away anything? No. They don't seem to have any emotion. Their ONLY aim seems to be to earn money and do business. If you're under warranty, they'll take care of you as their own extension, but once it's over, they demand money to care of you. EVERYTHING is accounted at Apple. Just look at the way it treats their employees. No free stuff. Even they have to pay to use the gym or cafeteria in their building. Read about how celebrities pleaded with Steve Jobs to get a special iPhone before the official launch of the original back in 2007. He just wouldn't buckle fro anyone. You've got to stand in the line like the rest. Apple is a well oiled machine, with no feelings. You pay to use their service. They seem to have some kind of a rule book that they seem to follow to the minutiae.

12. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

"They seem to have some kind of a rule book that they seem to follow to the minutiae." It is called the USA Patriot Act and relevant sections of the Foreign Intelligence Surveillance Act. Resistance is futile. Even for Apple. You don't f*ck with the U.S. government.

13. alterecho

Posts: 1106; Member since: Feb 23, 2012

"It is called the USA Patriot Act and relevant sections of the Foreign Intelligence Surveillance Act." I was referring to Apple's rule book. "You don't f*ck with the U.S. government." I didn't.

2. xtremesv

Posts: 299; Member since: Oct 21, 2011

Microsoft won't bite its own government. This can be a strategy to ease people's minds and get them to think their data is safe from illegal snooping.

1. Reality_Check

Posts: 277; Member since: Aug 15, 2013

Doesn't matter in the case of NSA. If it wants something, resistance is futile.

7. designerfx

Posts: 76; Member since: Mar 26, 2013

actually it's more like: # of areas where we can actually validate microsoft's "we're securing things!" claims: zero. "Enhancing the transparency of its software code" in short: nothing will be done.

11. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

As long as MS' servers are located on U.S. soil, your data is a court order away from the alphabet agencies. And since all FISA court orders are issued with a gag ruling, you aren't even aware of the order to disclose. French companies are moving the servers that contain their data to France. All the security measures in the world can't protect against a FISA court order if the servers are located in the U.S.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless