Microsoft enhances encryption amid concerns of government surveillance

Share this article:

Microsoft announced on Wednesday that it would be improving and expanding its security to protect customer data, an initiative several companies – Google, Yahoo and Twitter, to name a few – have undertaken in recent days amid growing concerns of government surveillance.

The technology and computer software giant will be expanding encryption across services and reinforcing legal protections over customer data, Brad Smith, executive vice president and general counsel at Microsoft, wrote in a blog post. He added that the company would increase transparency of its software code so customers can confirm that products do not contain back doors.

“While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on,” Smith wrote. “Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.”

The effort extends to major services – such as Outlook.com, Office 365, SkyDrive and Windows Azure – but also includes customer-created content. This means content moving between customers is encrypted by default, content will be encrypted as it moves between data centers, and content that is stored by Microsoft will be encrypted.

“We will use best-in-class industry cryptography to protect these channels, including perfect forward secrecy and 2048-bit key lengths,” Smith wrote. “All of this will be in place by the end of 2014, and much of it is effective immediately.”

Seth Schoen, a senior staff technologist with the Electronic Frontier Foundation, previously explained to SCMagazine.com that forward secrecy is an encryption technique that takes advantage of a cryptographic key exchange known as Diffie-Hellman – meaning there is no single master key to decrypt data.

Microblogging website Twitter adopted forward secrecy in late November. Facebook, Dropbox and Tumblr are some of the other companies that have also implemented forward secrecy, but the initiative is not as widespread as it should be, Schoen said, because it is very computationally intensive.

Schoen told SCMagazine.com on Thursday that he was happy about the Microsoft announcement, but he added, “Microsoft has a significant role in many different parts of the computer and communications industry, so there are many unanswered questions about its role in facilitating surveillance – or protecting users' security about different kinds of threats.”

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.