Microsoft deems the US government an 'advanced persistent threat'
Despite the fact we have been living with the Edward Snowden leaks regarding NSA spying since May, the story remains front page news and continues to raise questions from citizens and governments the world over. The allegations that the National Security Agency is circumventing security measures without seeking warrants is a concern, not only to every citizen, but also to major corporations which survive by promising to protect their customers' data and privacy.
Now Microsoft is taking action. Regarding the recent news stories, Brad Smith, general counsel and executive vice president of Legal and Corporate Affairs at Microsoft, states "if true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an 'advanced persistent threat', alongside sophisticated malware and cyber attacks".
Smith says Microsoft plans to take immediate action, covering three main areas -- encryption, legal protection and enhanced transparency of its software code.
The company plans to enhance its encryption efforts across its communications platforms, including Outlook.com, Office 365, SkyDrive and Windows Azure. All communications will be protected using Perfect Forward Secrecy and 2048-bit key lengths. Microsoft wishes to have this in place before the end of 2014. The software and services company also plans to encrypt all customer data that it is storing, and will work with other companies to protect data traveling between its services and those belonging to others.
The software giant pledges transparency and legal action in the case of requests for user data. "We also will take new steps to reinforce legal protections for our customers' data. For example, we are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we will challenge it in court", Smith explains.
Finally, Microsoft intends to increase transparency into its software, allowing the code to be independently examined to confirm there are no back doors. Plans are in place to open a network of transparency centers to provide customers with an easier way to verify the integrity of the code. These centers will be located across North and South America, Europe and Asia.
"Ultimately, we're sensitive to the balances that must be struck when it comes to technology, security and the law. We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution", Smith concludes.
It's easy to call these statements from companies like Microsoft and Google grandstanding. However, it's difficult to deny the fact these corporations have a vested interest in fighting these allegations. Having customers afraid to use services like Skype and Gmail is very bad for business and hurts the bottom line.