- SMB Spotlight
Microsoft has said it will boost encryption across its portfolio of services, including Office 365 and Windows Azure, in order to protect its customers from government spy agencies.
Microsoft was one of many companies to discover that its data may have been siphoned off by US and UK government agencies after documents were released by whistleblower Edward Snowden in the summer.
Executive vice president for legal affairs at Microsoft Brad Smith wrote in a blog post that these issues have made concerns about snooping a top issue at the company, as it made the threat from snooping as big as cyber attacks by terrorists or criminals.
“We are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data," he wrote.
“If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an 'advanced persistent threat', alongside sophisticated malware and cyber attacks.”
As such, the firm is set on a task of boosting encryption across its services for the end of 2014. Smith said this would cover all its major services such as Outlook.com, Office 365, SkyDrive and Windows Azure.
It will also ensure all content moving between Microsoft and its customers and via its data centres is to be encrypted and it will also use ‘perfect forward secrecy' to make it harder to decrypt data. Twitter recently announced it would use this too to stop mass data siphoning from its services.
“While we have no direct evidence that customer data has been breached by unauthorised government access, we don't want to take any chances and are addressing this issue head on,” Smith said.
“Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.”
Microsoft said it would also make access to its encryption tools available for third-party developers building products that are hosted on Azure.
Smith also reiterated Microsoft’s intention to challenge government orders for data and to alert businesses whenever possible to requests for data that it receives.
“We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data,” he said.
Lastly, in order to counter some allegations that ‘back doors’ have been built into products in order to allow governments to easily access data, Microsoft will be opening transparency centres where customers can assess the source code of its products. These will available in Europe, the US and Asia.
“Just as we’ve called for governments to become more transparent about these issues, we believe it’s appropriate for us to be more transparent ourselves,” Smith explained.
“We’re therefore taking additional steps to increase transparency by building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors.”
Other firms such as Yahoo have also encrypted information passing through their data centres, as tech giants move to reassure customers that they do not want government agencies to be able to access their data.