Microsoft enhances encryption amid concerns of government surveillance

Share this article:

Microsoft announced on Wednesday that it would be improving and expanding its security to protect customer data, an initiative several companies – Google, Yahoo and Twitter, to name a few – have undertaken in recent days amid growing concerns of government surveillance.

The technology and computer software giant will be expanding encryption across services and reinforcing legal protections over customer data, Brad Smith, executive vice president and general counsel at Microsoft, wrote in a blog post. He added that the company would increase transparency of its software code so customers can confirm that products do not contain back doors.

“While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on,” Smith wrote. “Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.”

The effort extends to major services – such as Outlook.com, Office 365, SkyDrive and Windows Azure – but also includes customer-created content. This means content moving between customers is encrypted by default, content will be encrypted as it moves between data centers, and content that is stored by Microsoft will be encrypted.

“We will use best-in-class industry cryptography to protect these channels, including perfect forward secrecy and 2048-bit key lengths,” Smith wrote. “All of this will be in place by the end of 2014, and much of it is effective immediately.”

Seth Schoen, a senior staff technologist with the Electronic Frontier Foundation, previously explained to SCMagazine.com that forward secrecy is an encryption technique that takes advantage of a cryptographic key exchange known as Diffie-Hellman – meaning there is no single master key to decrypt data.

Microblogging website Twitter adopted forward secrecy in late November. Facebook, Dropbox and Tumblr are some of the other companies that have also implemented forward secrecy, but the initiative is not as widespread as it should be, Schoen said, because it is very computationally intensive.

Schoen told SCMagazine.com on Thursday that he was happy about the Microsoft announcement, but he added, “Microsoft has a significant role in many different parts of the computer and communications industry, so there are many unanswered questions about its role in facilitating surveillance – or protecting users' security about different kinds of threats.”

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.