Microsoft promises to protect data from prying governments

by Mark Tyson on 5 December 2013, 13:00

Tags: Microsoft (NASDAQ:MSFT)

Quick Link: HEXUS.net/qab53n

Add to My Vault: x

In a blog post late yesterday Microsoft General Counsel & Executive Vice President, Legal & Corporate Affairs, Brad Smith wrote to reassure customers that the firm will tackle the “advanced persistent threat” of government snooping. Smith said he was “alarmed by recent allegations,” of government data interception and collection and likened such surveillance to sophisticated malware and cyber attacks.

Microsoft’s plan to keep customer data private and secure consists of three main elements:

We are expanding encryption across our services.

We are reinforcing legal protections for our customers’ data.

We are enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors.

Smith elaborated upon the points above. Starting with new encryption measures he said that Microsoft will “pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services”. Specifically data transfer between customers and Microsoft services will be encrypted by default. Also Microsoft will use Perfect Forward Secrecy and 2048-bit key lengths. Smith said that Microsoft will move quickly to implement these changes and some changes have already been made in the way Office 365 content is transferred and stored.

Microsoft's Brad Smith

In the legal field Microsoft is “committed to notifying business and government customers if we receive legal orders related to their data”. Any gag orders will be challenged. Microsoft prefers that government agencies contact business customers directly for information about their employees rather than going directly to Microsoft’s cloud.

The transparency of Microsoft’s software code for governments will be increased. Microsoft will open centres in Europe, the Americas and Asia which will “provide these customers with even greater ability to assure themselves of the integrity of Microsoft’s products”. Such customers will be able to review Microsoft source code and “confirm there are no back doors”.

The new measures help to create the correct balance where “important questions about government access are decided by courts rather than dictated by technological might,” concluded Microsoft’s General Counsel.

With an eye on increasingly sophisticated attacks Microsoft announced a new initiative last month with the opening of a dedicated CyberCrime Centre, pictured above. The new high-security facility in Redmond was praised by INTERPOL as being both effective and proactive.



HEXUS Forums :: 17 Comments

Login with Forum Account

Don't have an account? Register today!
Very interesting indeed. Nice to see at least one of the big guns doing something about it……but then I guess US businesses are already afraid of losing more custom due to companies refusing to use US based services due to the government surveillance.
Meh, they amount to empty assurances.
aidanjt
Meh, they amount to empty assurances.

Pretty much. Whether they deliver on any of this remains to be seen. After all, I'm not sure there is any profit for them in fighting their government, and they certainly won't do it out of respect for liberty and human rights.
aidanjt
Meh, they amount to empty assurances.

My take's a bit a more cynical than that, tbh:

Microsoft: "Your data is safe with us … because we say so!“
TheWorld: ”Yeah, riiiiiiiight….."
scaryjim
Microsoft: "Your data is safe with us … because we say so!"

I may be even more cynical:
Microsoft: “Your data is safe from Governments … because we want it all to ourselves!”