December 5, 2013
Microsoft Taking Measures To Protect Customers From Gov’t Snooping
Enid Burns for redOrbit.com - Your Universe Online
Microsoft said it would take measures to increase the security of customer data, among other moves, to protect against the "advanced persistent threat" of government snooping. The three-pronged approach includes expanding encryption, reinforcing legal protections and increasing transparency to provide assurances to customers.
"That's why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data," Smith wrote.
Without naming specific governments that have collected with online data, Smith explains that some governments circumvent online security measures and overstep legal processes and protections.
Microsoft, among other tech companies, is reacting to documents leaked in the past few months by Edward Snowden that the US National Security Agency (NSA) conducted surveillance of online interactions.
"If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks," Smith wrote.
Microsoft stated that it will take immediate action in three areas:
* Expanding encryption across services.
* Reinforcing legal protections for customer data.
* Enhancing the transparency of software code, making it easier for customers to reassure themselves that Microsoft products do not contain back doors.
Encryption will be increased across Microsoft services such as Outlook, Office 365, SkyDrive and Windows Azure. Microsoft also says it will provide protection across the full life cycle of customer-created content.
Legal protections will be enacted to be sure that governments will be required to obtain legal orders. Microsoft will also notify businesses and government customers when legal orders are received.
In recent months Microsoft has been ordered to turn over information to the NSA, and it has complied with many of those orders, including the handing over of encrypted data. Microsoft also asked the government for more transparency in the case of data it provided under a request from the NSA's PRISM program where communication records were turned over. Microsoft was looking for government permission to make its customers aware of what data it provided to the government.
Microsoft hopes that governments will be able to go to other businesses or government agencies to obtain needed information, rather than going directly to Microsoft.
"Except in the most limited circumstances, we believe that government agencies can go directly to business customers or government customers for information or data about one of their employees – just as they did before these customers moved to the cloud – without undermining their investigation or national security. And when those limited circumstances arise, courts should have the opportunity to review the question and issue a decision," Microsoft's Smith wrote.
While Microsoft called for more transparency in informing customers of data it turned over to the government, it also plans to provide more transparency into its own process. "Just as we’ve called for governments to become more transparent about these issues, we believe it’s appropriate for us to be more transparent ourselves," wrote Smith.
Microsoft plans to provide more transparency by allowing customers to review source code, which is intended to reassure customers that there are no back doors.
"We will open a network of transparency centers that will provide these customers with even greater ability to assure themselves of the integrity of Microsoft’s products. We’ll open these centers in Europe, the Americas and Asia, and we’ll further expand the range of products included in these programs," Smith wrote.