X

Microsoft to fight Internet snooping with stronger crypto

Likening government surveillance to malware, Microsoft's general counsel says the company is taking steps to protect the privacy of online communications.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Microsoft

Comparing government surveillance to sophisticated malware and cyber attacks, Microsoft said late Wednesday it will encrypt Internet traffic traveling through its data centers.

Brad Smith, Microsoft's general counsel, wrote in a company blog post that the software giant is taking steps to ensure that any government surveillance of the Internet is conducted legally rather than by a technological subterfuge. Not mentioning the National Security Agency by name, Smith said Microsoft was especially alarmed by allegations that "some governments" had collected customer data from the Internet without warrants.

"If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications," Smith said in the blog post. "Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyberattacks."

Microsoft's conclusions most likely stem from documents leaked by former NSA contractor Edward Snowden. In October, the Washington Post reported that newly surfaced documents showed the NSA secretly accessed data from several tech giants by intercepting unencrypted Internet traffic in a program called Muscular.

Following Google's lead, Microsoft plans to switch over to stronger 2,048-bit encryption keys by the end of 2014. This type of encryption is said to take more than a decade to overcome because of computing power constraints. Yahoo and Facebook have also said they're moving to 2,048-bit encryption keys in the near future.

Smith also said Microsoft plans to make its software code more transparent to reassure customers that its products do not contain "back doors." The company also plans to open "transparency centers" in Europe, Asia, and the Americas to reassure its government customers of the integrity of its products.

"We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution," Smith wrote. "We want to ensure that important questions about government access are decided by courts rather than dictated by technological might."

Microsoft announced last month that it will introduce message encryption for Office 365 in early 2014. This new service will automatically encrypt all users' e-mail.

The Washington Post reported in November that Microsoft was considering overhauling its system for encrypting Internet traffic because it believes the NSA might have breached its global communications systems.