Microsoft enhances encryption amid concerns of government surveillance
Microsoft announced on Wednesday that it would be improving and expanding its security to protect customer data, an initiative several companies – Google, Yahoo and Twitter, to name a few – have undertaken in recent days amid growing concerns of government surveillance.
The technology and computer software giant will be expanding encryption across services and reinforcing legal protections over customer data, Brad Smith, executive vice president and general counsel at Microsoft, wrote in a blog post. He added that the company would increase transparency of its software code so customers can confirm that products do not contain back doors.
“While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on,” Smith wrote. “Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.”
The effort extends to major services – such as Outlook.com, Office 365, SkyDrive and Windows Azure – but also includes customer-created content. This means content moving between customers is encrypted by default, content will be encrypted as it moves between data centers, and content that is stored by Microsoft will be encrypted.
“We will use best-in-class industry cryptography to protect these channels, including perfect forward secrecy and 2048-bit key lengths,” Smith wrote. “All of this will be in place by the end of 2014, and much of it is effective immediately.”
Seth Schoen, a senior staff technologist with the Electronic Frontier Foundation, previously explained to SCMagazine.com that forward secrecy is an encryption technique that takes advantage of a cryptographic key exchange known as Diffie-Hellman – meaning there is no single master key to decrypt data.
Microblogging website Twitter adopted forward secrecy in late November. Facebook, Dropbox and Tumblr are some of the other companies that have also implemented forward secrecy, but the initiative is not as widespread as it should be, Schoen said, because it is very computationally intensive.
Schoen told SCMagazine.com on Thursday that he was happy about the Microsoft announcement, but he added, “Microsoft has a significant role in many different parts of the computer and communications industry, so there are many unanswered questions about its role in facilitating surveillance – or protecting users' security about different kinds of threats.”