Microsoft joins move to encrypt Web traffic

Dec 05, 2013
Microsoft's move follows similar actions by Google and Yahoo

Microsoft is joining the movement to encrypt traffic that flows across its networks, citing "serious concerns" about government surveillance.

The move by Microsoft follows similar actions by Google and Yahoo in the wake of revelations of vast online surveillance programs led by the US National Security Agency.

"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures - and in our view, legal processes and protections - in order to surreptitiously collect private customer data," Microsoft general counsel Brad Smith said in a blog post late Wednesday.

"If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications.

"Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks."

Smith said Microsoft said decided to "take immediate and coordinated action" to expand encryption across its services.

It is also stepping up efforts to reinforce legal protections of customer data and is "enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors."

"For many years, we've used encryption in our products and services to protect our customers from online criminals and hackers," Smith wrote.

"While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on.

"Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of across our networks and services."

Major tech companies have been seeking to disclose more details about in an effort to reassure customers, but have complained that the US will not allow certain details to be released.

Explore further: Yahoo vows to encrypt all its users' personal data (Update)

add to favorites email to friend print save as pdf

Related Stories

Microsoft presses US on data request disclosures

Jul 16, 2013

Microsoft said Tuesday it had asked the US government for permission to disclose details of how it handles national security data requests, citing "inaccuracies" in recent media reports.

Microsoft joins Google in US spying suit

Aug 31, 2013

Microsoft says that a battle to shed light on secret US government requests for Internet user data will play out in court after failed peace talks.

US government to declassify parts of secret order

Sep 13, 2013

(AP)—The U.S. government says it will declassify parts of a 2008 secret court order that required Yahoo to turn over customer data under the National Security Agency's PRISM data-gathering program.

Recommended for you

Some online shoppers pay more than others, study shows

2 hours ago

Internet users regularly receive all kinds of personalized content, from Google search results to product recommendations on Amazon. This is thanks to the complex algorithms that produce results based on users' profiles and ...

Twitter looks to weave into more mobile apps

Oct 22, 2014

Twitter on Wednesday set out to weave itself into mobile applications with a free "Fabric" platform to help developers build better programs and make more money.

Google unveils app for managing Gmail inboxes

Oct 22, 2014

Google is introducing an application designed to make it easier for its Gmail users to find and manage important information that can often become buried in their inboxes.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

thatsitalright
not rated yet Dec 05, 2013
Good thing we can trust corporations.

Next year I'm voting for Microsoft.
eric_in_chicago
not rated yet Dec 05, 2013
Don't they have a port in their systems labelled "NSA"?
malapropism
not rated yet Dec 05, 2013
Hmmm. So what type and level of encryption are they using - there are some algorithms and key lengths that aren't worth the registers they're written into because they are either so easy to crack or are already cracked.

And are they using PKI or private keys - if PKI then how can we be assured that the NSA have not demanded (and presumably got under threat of sanctions) a copy of the master key material; or if shared private keys how do they handle sending data to non-Microsoft servers?

While potentially a good start, and not wishing to deride efforts to protect public data, there are lots of details missing from this PR and lots of information that should be made public about the encryption methods to reassure that this is not just a sop to public opinion while the data are read behind the scenes by spooks, regardless. The same applies to the efforts by Google, Yahoo! and others.