Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft says government snooping constitutes an APT event

Steve Ragan | Dec. 9, 2013
Company's top lawyer announces effort towards wide-reaching encryption to protect customer information

Microsoft isn't happy, and their top lawyer had plenty to say about protecting customer information this week in a blog post that announced the company's efforts to implement wide-reaching encryption.

Brad Smith, the General Counsel & Executive Vice President of Legal & Corporate Affairs at Microsoft, said on Wednesday that the software giant is taking steps to protect customer data from government snooping. Like Google, Yahoo, and Twitter before them, Microsoft recognizes that their customers are concerned, and plans to do something about it.

The revelations from Edward Snowden this year, which focused on the wide-reaching, sweeping data collection done by the NSA and partner intelligence agencies, touched all of the major technology firms in one form or another.

"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures -- and in our view, legal processes and protections -- in order to surreptitiously collect private customer data," Smith wrote.

Without naming him directly, Smith referenced the countless stories and media reports during the second half of the year sourced from Snowden's leaked documents. All summer long, a new story would emerge weekly it seemed, focused on governmental interception and collection (often without search warrants or legal subpoenas), somewhere in the world.

The most critical stories were reserved for the U.S., and the one that alarmed Silicon Valley the most focused on the collection of data as it moved between corporate datacenters and private networks. What was assumed to be a secure channel, was nothing of the sort.

Assuming all of the reports are true, then the government's efforts threaten to "seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks," he said.

In order to address this new APT, Microsoft is planning to boost encryption across their services, reinforce existing legal protections; including fighting gag orders and continuing their customer notifications when able, and enhance the level of transparency of their existing software code, making it easier for some customers to see that there are no backdoors.

"For many years, we've used encryption in our products and services to protect our customers from online criminals and hackers. While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on," Smith said.

The massive engineering undertaking will include all of Microsoft's communications, productivity, and developer services including, Office 365, SkyDrive and Windows Azure. The changes listed in Smith's post include implementation of Perfect Forward Secrecy, and 2048-bit keys, for the customer data that will be encrypted.


1  2  Next Page 

Sign up for MIS Asia eNewsletters.