July 1, 2014
Microsoft Reveals Tougher Email Encryption After Google Remarks
Peter Suciu for redOrbit.com - Your Universe Online
Last month Google Inc. called out rival email providers for not providing enough encryption for their respective users' email accounts. Some of those rivals apparently took notice and quickly addressed the issue. On Tuesday Cnet reported that Microsoft unveiled tougher encryption standards for its web-based email and some cloud services.
Google's latest transparency report suggested that less than 50 percent of emails received by Google users through its Gmail service from Microsoft's Hotmail, Live and MSN were in fact encrypted. Now Microsoft is implementing a series of changes that will provide better protection from potential prying eyes. Microsoft's email services -- Outlook.com, Hotmail.com, Live.com and MSN.com -- are now secured via Transport Layer Security (TLS) protections, and this is meant to ensure that communications through these web-based programs are safe and secure.
"We are in the midst of a comprehensive engineering effort to strengthen encryption across our networks and services," Matt Thomlinson, vice president for trustworthy computing security at Microsoft, wrote in a blog post on Tuesday. "Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day. This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data."
Thomlinson noted that the TLS encryption will be provided to both inbound and outbound email; and it will be encrypted and "better protected" as the email travels between Microsoft and other email providers.
There is a catch, however.
"Of course, this requires their email service provider to also have TLS support," Thomlinson added.
Cnet's Seth Rosenblatt reported that Comcast and Microsoft are already in the process of implementing TLS for their webmail services.
Outlook.com users will further get an extra level of security, as Microsoft announced that it has also enabled Perfect Forward Secrecy (PFS) encryption support for both sending and receiving of email between providers. This also utilizes a different encryption key for every connection, which the software giant claimed would make it more difficult for attackers to decrypt connections.
Microsoft has been working over the course of the last six months with other email providers in the industry to ensure that mail remains protected. Microsoft said that it had forged relationships and worked closely with international providers through these efforts and that includes Deutsche Telekom, Yandex and Mail.Ru.
The encryption is also being added to existing protections that are already in place in Microsoft's other products and services including Microsoft Azure, Skype and Office 365. OneDrive, Microsoft's cloud-based service, also will enable the PFS encryption support and users will automatically be provided forward security when accessing the cloud service via onedrive.live.com or via the mobile OneDrive app and sync clients.
"As with Outlook.com's email transfer, this makes it more difficult for attackers to decrypt connections between their systems and OneDrive," Thomlinson stressed.
Microsoft also announced that it opened its first Microsoft Transparency Center at its Redmond, Wash. campus.
"Our Transparency Centers provide participating governments with the ability to review source code for our key products, assure themselves of their software integrity, and confirm there are no 'back doors,'" noted Thomlinson. "The Redmond location is the first in a number of regional transparency centers that we plan to open."
Microsoft may be looking to avoid the same fate that Verizon faced last month when the German government canceled a contract with the US-based telecom firm as part of German efforts to overhaul its internal communications following the revelation that the National Security Agency (NSA) was conducting its wide-reaching surveillance program.
"This particular update to its encryption platform probably has less to do with Google's transparency report and a lot more to do with former [NSA] contractor Edward Snowden's disclosures about the NSA's spying programs," Ruth Reader reported for Venture Beat. "His leak of sensitive government documents had a major impact on the companies the U.S. government was syphoning data from – including Microsoft. Most recently affected was Verizon, which lost a contract with the German government because it complied with U.S. government surveillance."
PROTECT YOURSELF TODAY - Norton Antivirus