Microsoft’s reputation – along with many other top technology firms – was damaged by the NSA revelations which, if Edward Snowden’s leaks are correct, the Redmond-based firm was involved in the programme; whether knowingly or not.
Now it’s the turn of Brad Smith, Microsoft’s general counsel, to help ease customer distrust in the company’s services by speaking of their shared concerns about government surveillance of the internet, and steps they’re taking against the NSA.
In a post on ‘Microsoft’s Official Blog’ on TechNet, Smith calls the intrusive snooping an “advanced persistent threat”. It’s a pretty scathing piece, and a bold and serious measure to take against your own government; which either shows how concerned Microsoft truly feel, or how much pressure they feel under their customers.
The Washington Post revealed details of a program, known as MUSCULAR, the NSA uses to tap into networks owned by Google, Yahoo, and Microsoft to obtain user information. It exploits weaknesses in encryption between servers and data centres; causing the companies involved to step up their security efforts in response.
In the post, Smith mentions that all of Microsoft’s “key platform, productivity and communications services” will encrypt customer data with strong 2048-bit encryption as it moves between data centres. Services such as Office, Outlook, and SkyDrive are all used as examples; but a notable – perhaps accidental – omission is Skype… a key target in the NSA PRISM programme.
This information, it is claimed, has been used for efforts of public safety – including prevention of terrorism. A positive side-effect of these revelations is causing companies to re-assess their security and encryption measures; but shouldn’t detract from the real issue.
With increasing cyber-security fears, and the ability to plot and organise malicious activities through use of the internet, the requirement for surveillance is indisputable. How this is handled in regards to retaining privacy is where the issue lies – something the NSA appeared to give little concern to.
Facebook founder, Mark Zuckerberg, echoed this very sentiment to ABC News: “These things are always a balance in terms of doing the right things and also being clear and telling people about what you’re doing,
I think the government really blew it on this one. I honestly think that they’re continuing to blow it in some ways, and I hope that they become more transparent in that part of it,” he said.
Many of you may have seen the leaked slide below which details when each company became involved in the PRISM programme…
There has been many a comment pointing towards Microsoft being the first to “enter” back in 2007; when realistically it’s more likely they were the prime NSA target at the time when MSN Messenger and Hotmail were the most widely-used communication tools.
Microsoft also claims to be stepping up their legal protection efforts; committing to notify customers if their data is being accessed by legal orders. Where a “gag order” is in place, they will challenge this in court. Smith says: “We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data.”
In a final part to this three-pronged attack to increase customer trust; Microsoft will be opening “Transparency Centres” which allows customers to review source code for any backdoors alongside employees; helping to re-assure themselves of their products’ integrity.
What do you think of these increased privacy efforts from Microsoft?