Microsoft customer privacy vs. NSA snooping

By , Network World |  Security, Microsoft, NSA

In the midst of the NSA snooping scandal, Microsoft is talking up a three-pronged approach to keep customer data safe from the prying eyes of governments.

In a blog post, the company's top lawyer pledges Microsoft will use more encryption, fight government demands for customer data and make its own source code available to the scrutiny of government customers.

BACKGROUND:Tech industry calls for 'oversight and accountability' of NSA surveillance 

RECENT:NSA is said to collect cellphone location data across the world 

While some of these measures are already in place and some won't be available to all customers, they represent an effort to take a stand against government efforts - such as the NSA mass surveillance - to gather information about Microsoft customers, says the statement by Brad Smith, the general counsel and executive vice president for Microsoft's legal and corporate affairs.

"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures and in our view, legal processes and protections in order to surreptitiously collect private customer data," Smith writes. "In particular, recent press stories have reported allegations of governmental interception and collection without search warrants or legal subpoenas of customer data as it travels between customers and servers or between company data centers in our industry... We want to ensure that important questions about government access are decided by courts rather than dictated by technological might."

The new efforts being announced call for expanded use of encryption, taking a stronger stand against government demands for information and adding regional centers where government customers can examine Microsoft source code for security, he says.

Smith promises "a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services," which includes Windows Azure cloud services, Office 365, SkyDrive and Some of the measures he promises are already in place, but the list includes encrypting customer-to-Microsoft as well as Microsoft data-center-to-data center communications, and calls for encrypting data at rest.

Microsoft partners whose applications are available through Azure will have the option to encrypt or not, but Microsoft will provide tools for them to do so easily, Smith says.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question