- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - In the midst of the NSA snooping scandal, Microsoft is talking up a three-pronged approach to keep customer data safe from the prying eyes of governments.
In a blog post, the company’s top lawyer pledges Microsoft will use more encryption, fight government demands for customer data and make its own source code available to the scrutiny of government customers.
While some of these measures are already in place and some won’t be available to all customers, they represent an effort to take a stand against government efforts - such as the NSA mass surveillance - to gather information about Microsoft customers, says the statement by Brad Smith, the general counsel and executive vice president for Microsoft’s legal and corporate affairs.
“Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data,” Smith writes. “In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry… We want to ensure that important questions about government access are decided by courts rather than dictated by technological might.”
The new efforts being announced call for expanded use of encryption, taking a stronger stand against government demands for information and adding regional centers where government customers can examine Microsoft source code for security, he says.
Smith promises “a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services,” which includes Windows Azure cloud services, Office 365, SkyDrive and Outlook.com. Some of the measures he promises are already in place, but the list includes encrypting customer-to-Microsoft as well as Microsoft data-center-to-data center communications, and calls for encrypting data at rest.
Microsoft partners whose applications are available through Azure will have the option to encrypt or not, but Microsoft will provide tools for them to do so easily, Smith says.
He doesn’t specify what encryption will be used other than to say in some cases it will include perfect forward secrecy and encryption keys of 2048 bits, which is the same length it recommends its customers use. He says Microsoft is making an effort to enlist cooperation of third parties to protect data moving between services, such as email traveling from one provider to another.