Microsoft joins move to encrypt Web traffic

Dec 05, 2013
Microsoft's move follows similar actions by Google and Yahoo

Microsoft is joining the movement to encrypt traffic that flows across its networks, citing "serious concerns" about government surveillance.

The move by Microsoft follows similar actions by Google and Yahoo in the wake of revelations of vast online surveillance programs led by the US National Security Agency.

"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures - and in our view, legal processes and protections - in order to surreptitiously collect private customer data," Microsoft general counsel Brad Smith said in a blog post late Wednesday.

"If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications.

"Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks."

Smith said Microsoft said decided to "take immediate and coordinated action" to expand encryption across its services.

It is also stepping up efforts to reinforce legal protections of customer data and is "enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors."

"For many years, we've used encryption in our products and services to protect our customers from online criminals and hackers," Smith wrote.

"While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on.

"Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of across our networks and services."

Major tech companies have been seeking to disclose more details about in an effort to reassure customers, but have complained that the US will not allow certain details to be released.

Explore further: Yahoo vows to encrypt all its users' personal data (Update)

add to favorites email to friend print save as pdf

Related Stories

Microsoft presses US on data request disclosures

Jul 16, 2013

Microsoft said Tuesday it had asked the US government for permission to disclose details of how it handles national security data requests, citing "inaccuracies" in recent media reports.

Microsoft joins Google in US spying suit

Aug 31, 2013

Microsoft says that a battle to shed light on secret US government requests for Internet user data will play out in court after failed peace talks.

US government to declassify parts of secret order

Sep 13, 2013

(AP)—The U.S. government says it will declassify parts of a 2008 secret court order that required Yahoo to turn over customer data under the National Security Agency's PRISM data-gathering program.

Recommended for you

T-Mobile deal helps Rhapsody hit 2M paying subs

Jul 29, 2014

(AP)—Rhapsody International Inc. said Tuesday its partnership with T-Mobile US Inc. has helped boost its number of paying subscribers to more than 2 million, up from 1.7 million in April.

Airbnb woos business travelers

Jul 29, 2014

Airbnb on Monday set out to woo business travelers to its service that lets people turn unused rooms in homes into de facto hotel space.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

thatsitalright
not rated yet Dec 05, 2013
Good thing we can trust corporations.

Next year I'm voting for Microsoft.
eric_in_chicago
not rated yet Dec 05, 2013
Don't they have a port in their systems labelled "NSA"?
malapropism
not rated yet Dec 05, 2013
Hmmm. So what type and level of encryption are they using - there are some algorithms and key lengths that aren't worth the registers they're written into because they are either so easy to crack or are already cracked.

And are they using PKI or private keys - if PKI then how can we be assured that the NSA have not demanded (and presumably got under threat of sanctions) a copy of the master key material; or if shared private keys how do they handle sending data to non-Microsoft servers?

While potentially a good start, and not wishing to deride efforts to protect public data, there are lots of details missing from this PR and lots of information that should be made public about the encryption methods to reassure that this is not just a sop to public opinion while the data are read behind the scenes by spooks, regardless. The same applies to the efforts by Google, Yahoo! and others.