Microsoft beefs up security of its services against NSA snooping
If there is one issue that has managed to maintain staying power, it is the ongoing trail of revelations related to the depth and breadth of access to electronic data by the National Security Agency. It is a gift that keeps on giving.
Twitter recently announced that it was enhancing security measures, now Microsoft is doing the same thing. Unlike Twitter’s update though, Microsoft calls out Uncle Sam directly and makes no bones about the valid concerns many people have about government intervention of legal electronic commerce.
Stating that government efforts to circumvent security and legal process “seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an ‘advanced persistent threat,’ alongside sophisticated malware and cyber attacks.” Microsoft also stated that it had no direct evidence that any customer data had been compromised by unauthorized government access.
The encryption enhancements will expand by default between Microsoft services and the customer. Encryption keys will include Perfect Forward Security and 2048-bit key algorithms. Customer content will also be encrypted by default, but for developers using platforms like Windows Azure it will be optional.
The legal part of the initiative is more challenging in light of the how the laws are written and policies from government agencies are enforced. We know about “National Security Letters” that instantly mandate a gag order for the recipient. However, the FBI’s use of NSLs gives the agency wide latitude and offers the targets little choice for action on the matter.
In short, Microsoft faces an uphill challenge on this front, but the company has a wide array of its own resources including the fact that the government runs on Windows, so there is leverage where it may not exist elsewhere.
In terms of increasing the transparency of its source code, Microsoft will go beyond normal access for developers and actually open a network of transparency centers around the world (Americas, Europe and Asia) so that people can examine the range of products and their integrity.
Some of these changes go into effect immediately, others are starting now and will be in place over the next year. Given how Microsoft likes to cite privacy compared to its competitors, this direction from “old softy” was inevitable.
sources: Microsoft via CNN
Twitter recently announced that it was enhancing security measures, now Microsoft is doing the same thing. Unlike Twitter’s update though, Microsoft calls out Uncle Sam directly and makes no bones about the valid concerns many people have about government intervention of legal electronic commerce.
Microsoft announced three areas where it is taking “immediate action” to confront the threat:
- Expansion of encryption across services
- Reinforcing legal protections of customer data
- Enhancing the transparency of its software code so that consumers can see there are no “back doors” embedded
The encryption enhancements will expand by default between Microsoft services and the customer. Encryption keys will include Perfect Forward Security and 2048-bit key algorithms. Customer content will also be encrypted by default, but for developers using platforms like Windows Azure it will be optional.
The legal part of the initiative is more challenging in light of the how the laws are written and policies from government agencies are enforced. We know about “National Security Letters” that instantly mandate a gag order for the recipient. However, the FBI’s use of NSLs gives the agency wide latitude and offers the targets little choice for action on the matter.
In short, Microsoft faces an uphill challenge on this front, but the company has a wide array of its own resources including the fact that the government runs on Windows, so there is leverage where it may not exist elsewhere.
Some of these changes go into effect immediately, others are starting now and will be in place over the next year. Given how Microsoft likes to cite privacy compared to its competitors, this direction from “old softy” was inevitable.
Things that are NOT allowed: