Microsoft joins move to encrypt Web traffic

December 5, 2013
Microsoft's move follows similar actions by Google and Yahoo

Microsoft is joining the movement to encrypt traffic that flows across its networks, citing "serious concerns" about government surveillance.

The move by Microsoft follows similar actions by Google and Yahoo in the wake of revelations of vast online surveillance programs led by the US National Security Agency.

"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures - and in our view, legal processes and protections - in order to surreptitiously collect private customer data," Microsoft general counsel Brad Smith said in a blog post late Wednesday.

"If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications.

"Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks."

Smith said Microsoft said decided to "take immediate and coordinated action" to expand encryption across its services.

It is also stepping up efforts to reinforce legal protections of customer data and is "enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors."

"For many years, we've used encryption in our products and services to protect our customers from online criminals and hackers," Smith wrote.

"While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on.

"Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of across our networks and services."

Major tech companies have been seeking to disclose more details about in an effort to reassure customers, but have complained that the US will not allow certain details to be released.

Explore further: Microsoft presses US on data request disclosures

Related Stories

Microsoft presses US on data request disclosures

July 16, 2013

Microsoft said Tuesday it had asked the US government for permission to disclose details of how it handles national security data requests, citing "inaccuracies" in recent media reports.

Microsoft joins Google in US spying suit

August 31, 2013

Microsoft says that a battle to shed light on secret US government requests for Internet user data will play out in court after failed peace talks.

US government to declassify parts of secret order

September 13, 2013

(AP)—The U.S. government says it will declassify parts of a 2008 secret court order that required Yahoo to turn over customer data under the National Security Agency's PRISM data-gathering program.

Recommended for you

The ethics of robot love

November 25, 2015

There was to have been a conference in Malaysia last week called Love and Sex with Robots but it was cancelled. Malaysian police branded it "illegal" and "ridiculous". "There is nothing scientific about sex with robots," ...

Glider pilots aim for the stratosphere

November 20, 2015

Talk about serendipity. Einar Enevoldson was strolling past a scientist's office in 1991 when he noticed a freshly printed image tacked to the wall. He was thunderstruck; it showed faint particles in the sky that proved something ...


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Dec 05, 2013
Good thing we can trust corporations.

Next year I'm voting for Microsoft.
not rated yet Dec 05, 2013
Don't they have a port in their systems labelled "NSA"?
not rated yet Dec 05, 2013
Hmmm. So what type and level of encryption are they using - there are some algorithms and key lengths that aren't worth the registers they're written into because they are either so easy to crack or are already cracked.

And are they using PKI or private keys - if PKI then how can we be assured that the NSA have not demanded (and presumably got under threat of sanctions) a copy of the master key material; or if shared private keys how do they handle sending data to non-Microsoft servers?

While potentially a good start, and not wishing to deride efforts to protect public data, there are lots of details missing from this PR and lots of information that should be made public about the encryption methods to reassure that this is not just a sop to public opinion while the data are read behind the scenes by spooks, regardless. The same applies to the efforts by Google, Yahoo! and others.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.