The Inquirer-Home

Microsoft compares government snooping to advanced persistent threats

No more Mr NSA nice guy
Thu Dec 05 2013, 11:24
An eye in close-up superimposted by a screen of random numbers

SOFTWARE SELLER Microsoft has told its customers that even with all this government surveillance and whistleblowing going on, it remains faithful to users and their data.

Microsoft general counsel and EVP for legal and corporate affairs Brad Smith took to the firm's blog to say that it stands between the peering eyes of government and its customers.

"Many of our customers have serious concerns about government surveillance of the internet," he said. "We share their concerns. That's why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data."

Smith's gloves have come off, and it seemed like he's had enough of the US government's unwillingness to be open, and was happy to use words like "circumvent" and "surreptitiously".

"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures - and in our view, legal processes and protections - in order to surreptitiously collect private customer data," he added.

"In particular, recent press stories have reported allegations of governmental interception and collection - without search warrants or legal subpoenas - of customer data as it travels between customers and servers or between company data centers in our industry. If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications."

Smith went further, and likened government snooping to what is called in the security industry an "advanced persistent threat". This he said, ranks it alongside cyber attacks and malware.

Rather than sit on its hands, or presumably just wave them about, Microsoft is moving swiftly in three areas. Smith said that it will increase its use of encryption, will boost legal protection of customer data, and will make its code more open so that users can adequately check it for backdoors.

"For many years, we've used encryption in our products and services to protect our customers from online criminals and hackers. While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on," Smith added.

"Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services."

Outlook.com, Office 365, Skydrive and Azure will be cleaned up, and any customer data that moves between users and Microsoft will be encrypted by default. In fact, almost everything will be encrypted by default, and the firm will work with other parties to ensure that data passed between them will be equally well preserved.

"We're working with other companies across the industry to ensure that data traveling between services - from one email provider to another, for instance - is protected," he added.

"Although this is a significant engineering effort given the large number of services we offer and the hundreds of millions of customers we serve, we're committed to moving quickly. In fact, many of our services already benefit from strong encryption in all or part of the lifecycle."

Microsoft said it will also keep a fire lit under its efforts to challenge gag orders, and will always impart what information it can. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Blackberry completes restructuring process

Do you think Blackberry can bounce back to growth?