Microsoft enhances encryption amid concerns of government surveillance

Share this article:

Microsoft announced on Wednesday that it would be improving and expanding its security to protect customer data, an initiative several companies – Google, Yahoo and Twitter, to name a few – have undertaken in recent days amid growing concerns of government surveillance.

The technology and computer software giant will be expanding encryption across services and reinforcing legal protections over customer data, Brad Smith, executive vice president and general counsel at Microsoft, wrote in a blog post. He added that the company would increase transparency of its software code so customers can confirm that products do not contain back doors.

“While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on,” Smith wrote. “Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.”

The effort extends to major services – such as Outlook.com, Office 365, SkyDrive and Windows Azure – but also includes customer-created content. This means content moving between customers is encrypted by default, content will be encrypted as it moves between data centers, and content that is stored by Microsoft will be encrypted.

“We will use best-in-class industry cryptography to protect these channels, including perfect forward secrecy and 2048-bit key lengths,” Smith wrote. “All of this will be in place by the end of 2014, and much of it is effective immediately.”

Seth Schoen, a senior staff technologist with the Electronic Frontier Foundation, previously explained to SCMagazine.com that forward secrecy is an encryption technique that takes advantage of a cryptographic key exchange known as Diffie-Hellman – meaning there is no single master key to decrypt data.

Microblogging website Twitter adopted forward secrecy in late November. Facebook, Dropbox and Tumblr are some of the other companies that have also implemented forward secrecy, but the initiative is not as widespread as it should be, Schoen said, because it is very computationally intensive.

Schoen told SCMagazine.com on Thursday that he was happy about the Microsoft announcement, but he added, “Microsoft has a significant role in many different parts of the computer and communications industry, so there are many unanswered questions about its role in facilitating surveillance – or protecting users' security about different kinds of threats.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.