Microsoft joins move to encrypt Web traffic

December 5, 2013
Microsoft's move follows similar actions by Google and Yahoo

Microsoft is joining the movement to encrypt traffic that flows across its networks, citing "serious concerns" about government surveillance.

The move by Microsoft follows similar actions by Google and Yahoo in the wake of revelations of vast online surveillance programs led by the US National Security Agency.

"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures - and in our view, legal processes and protections - in order to surreptitiously collect private customer data," Microsoft general counsel Brad Smith said in a blog post late Wednesday.

"If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications.

"Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks."

Smith said Microsoft said decided to "take immediate and coordinated action" to expand encryption across its services.

It is also stepping up efforts to reinforce legal protections of customer data and is "enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors."

"For many years, we've used encryption in our products and services to protect our customers from online criminals and hackers," Smith wrote.

"While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head on.

"Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of across our networks and services."

Major tech companies have been seeking to disclose more details about in an effort to reassure customers, but have complained that the US will not allow certain details to be released.

Explore further: Microsoft presses US on data request disclosures

Related Stories

Microsoft presses US on data request disclosures

July 16, 2013

Microsoft said Tuesday it had asked the US government for permission to disclose details of how it handles national security data requests, citing "inaccuracies" in recent media reports.

Microsoft joins Google in US spying suit

August 31, 2013

Microsoft says that a battle to shed light on secret US government requests for Internet user data will play out in court after failed peace talks.

US government to declassify parts of secret order

September 13, 2013

(AP)—The U.S. government says it will declassify parts of a 2008 secret court order that required Yahoo to turn over customer data under the National Security Agency's PRISM data-gathering program.

Recommended for you

Inferring urban travel patterns from cellphone data

August 29, 2016

In making decisions about infrastructure development and resource allocation, city planners rely on models of how people move through their cities, on foot, in cars, and on public transportation. Those models are largely ...

How machine learning can help with voice disorders

August 29, 2016

There's no human instinct more basic than speech, and yet, for many people, talking can be taxing. 1 in 14 working-age Americans suffer from voice disorders that are often associated with abnormal vocal behaviors - some of ...

Apple issues update after cyber weapon captured

August 26, 2016

Apple iPhone owners on Friday were urged to install a quickly released security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by cyber arms dealers.


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Dec 05, 2013
Good thing we can trust corporations.

Next year I'm voting for Microsoft.
not rated yet Dec 05, 2013
Don't they have a port in their systems labelled "NSA"?
not rated yet Dec 05, 2013
Hmmm. So what type and level of encryption are they using - there are some algorithms and key lengths that aren't worth the registers they're written into because they are either so easy to crack or are already cracked.

And are they using PKI or private keys - if PKI then how can we be assured that the NSA have not demanded (and presumably got under threat of sanctions) a copy of the master key material; or if shared private keys how do they handle sending data to non-Microsoft servers?

While potentially a good start, and not wishing to deride efforts to protect public data, there are lots of details missing from this PR and lots of information that should be made public about the encryption methods to reassure that this is not just a sop to public opinion while the data are read behind the scenes by spooks, regardless. The same applies to the efforts by Google, Yahoo! and others.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.