Microsoft slams 'government snooping', expands encryption
Microsoft's top lawyer says the software behemoth is "alarmed" by recent revelations about government spying and has pledged to ratchet up its encryption.
Microsoft has taken an indignant line on the recent revelations surrounding the US NSA and the UK's GCHQ, declaring itself "alarmed" and promising to do all it can to stymie the spooks.
The software behemoth has pledged to ratchet up its encryption, increase its own transparency and fight gag orders in court.
"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data," writes Brad Smith, Microsoft's general counsel and executive vice president of legal and corporate affairs.
"While we have no direct evidence that customer data has been breached by unauthorised government access, we don't want to take any chances and are addressing this issue head on. Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services."
This includes both expanding encryption to include data passed between and stored on consumer and business services such as Outlook.com, Office 365, SkyDrive and Windows Azure. It also involves upgrading current encryption to use 2,048-bit keys.
Transparency
Microsoft also wants to be more transparent, making efforts to warn customers if governments use legal orders to obtain data. "We are committed to notifying business and government customers if we receive legal orders related to their data," Smith writes. "Where a gag order attempts to prohibit us from doing this, we will challenge it in court."
The Washington-based company will also let foreign government customers check its code to ensure there are no 'back doors' for US spooks to let themselves in, acknowledging the damage the recent stories have done to the US software industry's global reputation.
"We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the [US] Constitution. We want to ensure that important questions about government access are decided by courts rather than dictated by technological might," Smith concludes
Do you think the biggest Internet companies are doing enough to protect your data? What kind of checks and controls would you like to see? Leave an anonymous comment below, or over on our heavily compromised Facebook page.