Microsoft was one of many companies to discover that its data may have been siphoned off by US and UK government agencies after documents were released by whistleblower Edward Snowden in the summer.
Executive vice president for legal affairs at Microsoft Brad Smith wrote in a blog post
that these issues have made concerns about snooping a top issue at the
company, as it made the threat from snooping as big as cyber attacks by
terrorists or criminals.
“We are especially alarmed by recent allegations
in the press of a broader and concerted effort by some governments to
circumvent online security measures – and in our view, legal processes
and protections – in order to surreptitiously collect private customer
data," he wrote.
“If true, these efforts threaten to seriously
undermine confidence in the security and privacy of online
communications. Indeed, government snooping potentially now constitutes
an 'advanced persistent threat', alongside sophisticated malware and
cyber attacks.”
As such, the firm is set on a task of boosting
encryption across its services for the end of 2014. Smith said this
would cover all its major services such as Outlook.com, Office 365,
SkyDrive and Windows Azure.
It will also ensure all content moving between
Microsoft and its customers and via its data centres is to be encrypted
and it will also use ‘perfect forward secrecy' to make it harder to
decrypt data. Twitter recently announced it would use this too to stop mass data siphoning from its services.
“While we have no direct evidence that customer
data has been breached by unauthorised government access, we don't want
to take any chances and are addressing this issue head on,” Smith said.
“Therefore, we will pursue a comprehensive
engineering effort to strengthen the encryption of customer data across
our networks and services.”
Microsoft said it would also make access to its
encryption tools available for third-party developers building products
that are hosted on Azure.
Smith also reiterated Microsoft’s intention to
challenge government orders for data and to alert businesses whenever
possible to requests for data that it receives.
“We’ve done this successfully in the past, and
we will continue to do so in the future to preserve our ability to alert
customers when governments seek to obtain their data,” he said.
Lastly, in order to counter some allegations
that ‘back doors’ have been built into products in order to allow
governments to easily access data, Microsoft will be opening
transparency centres where customers can assess the source code of its
products. These will available in Europe, the US and Asia.
“Just as we’ve called for governments to become
more transparent about these issues, we believe it’s appropriate for us
to be more transparent ourselves,” Smith explained.
“We’re therefore taking additional steps to
increase transparency by building on our long-standing program that
provides government customers with an appropriate ability to review our
source code, reassure themselves of its integrity, and confirm there are
no back doors.”
Other firms such as Yahoo have also encrypted information
passing through their data centres, as tech giants move to reassure
customers that they do not want government agencies to be able to access
their data.
No comments:
Post a Comment