Microsoft expands encryption of its services in wake of snooping fears

Microsoft HQ

Microsoft is stepping up the use of encryption in its services to prevent governments from spying on its users.

The move comes in response to end user concerns about government surveillance of the internet, in the wake of the last summer's revelations by NSA whistleblower Edward Snowden.

Brad Smith, Microsoft's general counsel, confirmed in a blog post the software giant would expand encryption across the company's services, reinforce legal protections for its customers' data and enhance the transparency of Microsoft's software code, making it easier for customers to reassure themselves that its products do not contain back doors.

We are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we will challenge it in court.

"We are taking steps to ensure governments use legal process rather than technological brute force to access customer data," he said.

While Microsoft has encrypted some of its offerings for many years, Smith said this would now be ramped up to encompass many other services to reassure customers.

"This effort will include our major communications, productivity and developer services such as Outlook.com, Office 365, SkyDrive and Windows Azure, and will provide protection across the full lifecycle of customer-created content," he said.

Content moving between customers and Microsoft will be encrypted by default and all key platforms, productivity and communications services will encrypt customer content as it moves between its datacentres, he added. It will also use Perfect Forward Secrecy and 2048-bit key lengths.

Smith said all measures should be in place by the end of 2014 while much of it has happened already.

Microsoft will also take steps to reinforce legal protections for customers' data.

"We are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we will challenge it in court," Smith said.

The move will also see Microsoft commit to being more transparent. As such, it plans to expand the programme that allows government customers to check source code for hidden back doors.

"We will open a network of transparency centres that will provide these customers with even greater ability to assure themselves of the integrity of Microsoft's products. We'll open these centres in Europe, the Americas and Asia, and we'll further expand the range of products included in these programs," he said.

He said that the company was "alarmed" at the scale of government snooping and said such actions, if true, "potentially now constitutes an advanced persistent threat', alongside sophisticated malware and cyber attacks."

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.