December 05, 2013, 1:22 PM — In the midst of the NSA snooping scandal, Microsoft is talking up a three-pronged approach to keep customer data safe from the prying eyes of governments.
In a blog post, the company's top lawyer pledges Microsoft will use more encryption, fight government demands for customer data and make its own source code available to the scrutiny of government customers.
While some of these measures are already in place and some won't be available to all customers, they represent an effort to take a stand against government efforts - such as the NSA mass surveillance - to gather information about Microsoft customers, says the statement by Brad Smith, the general counsel and executive vice president for Microsoft's legal and corporate affairs.
"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures and in our view, legal processes and protections in order to surreptitiously collect private customer data," Smith writes. "In particular, recent press stories have reported allegations of governmental interception and collection without search warrants or legal subpoenas of customer data as it travels between customers and servers or between company data centers in our industry... We want to ensure that important questions about government access are decided by courts rather than dictated by technological might."
The new efforts being announced call for expanded use of encryption, taking a stronger stand against government demands for information and adding regional centers where government customers can examine Microsoft source code for security, he says.
Smith promises "a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services," which includes Windows Azure cloud services, Office 365, SkyDrive and Outlook.com. Some of the measures he promises are already in place, but the list includes encrypting customer-to-Microsoft as well as Microsoft data-center-to-data center communications, and calls for encrypting data at rest.
Microsoft partners whose applications are available through Azure will have the option to encrypt or not, but Microsoft will provide tools for them to do so easily, Smith says.