In a blog post late yesterday Microsoft General Counsel & Executive Vice President, Legal & Corporate Affairs, Brad Smith wrote to reassure customers that the firm will tackle the “advanced persistent threat” of government snooping. Smith said he was “alarmed by recent allegations,” of government data interception and collection and likened such surveillance to sophisticated malware and cyber attacks.
Microsoft’s plan to keep customer data private and secure consists of three main elements:
We are expanding encryption across our services.
We are reinforcing legal protections for our customers’ data.
We are enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors.
Smith elaborated upon the points above. Starting with new encryption measures he said that Microsoft will “pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services”. Specifically data transfer between customers and Microsoft services will be encrypted by default. Also Microsoft will use Perfect Forward Secrecy and 2048-bit key lengths. Smith said that Microsoft will move quickly to implement these changes and some changes have already been made in the way Office 365 content is transferred and stored.
Microsoft's Brad Smith
In the legal field Microsoft is “committed to notifying business and government customers if we receive legal orders related to their data”. Any gag orders will be challenged. Microsoft prefers that government agencies contact business customers directly for information about their employees rather than going directly to Microsoft’s cloud.
The transparency of Microsoft’s software code for governments will be increased. Microsoft will open centres in Europe, the Americas and Asia which will “provide these customers with even greater ability to assure themselves of the integrity of Microsoft’s products”. Such customers will be able to review Microsoft source code and “confirm there are no back doors”.
The new measures help to create the correct balance where “important questions about government access are decided by courts rather than dictated by technological might,” concluded Microsoft’s General Counsel.
With an eye on increasingly sophisticated attacks Microsoft announced a new initiative last month with the opening of a dedicated CyberCrime Centre, pictured above. The new high-security facility in Redmond was praised by INTERPOL as being both effective and proactive.