Microsoft blasts "government snooping," pledges to enhance encryption

Xbox maker says it is "alarmed" by recent allegations of government's attempts to collect private customer data, vows to expand encryption for products and services.


Recent reports of "government snooping," including unauthorized Internet surveillance, has drawn an indignant response from Microsoft. Writing on the company's blog, Microsoft corporate affairs executive Brad Smith said he is "alarmed" by these revelations and pledged that Microsoft will enhance encryption efforts for its products and services.

A report from this summer, based on documents provided by Edward Snowden, pegged Microsoft as having closely collaborated with United States intelligence services to allow its users' communications data to be intercepted.

"Many of our customers have serious concerns about government surveillance of the Internet. We share their concerns. That's why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data," Smith said.

"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures--and in our view, legal processes and protections--in order to surreptitiously collect private customer data," he added.

In particular, Smith called out the reports of governmental interception and collection of customer data as it travels between users and servers.

"If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications," he said. "Indeed, government snooping potentially now constitutes an 'advanced persistent threat,' alongside sophisticated malware and cyber attacks."

As a result of these allegations, Smith said Microsoft will take "immediate and coordinated action" by expanding encryption efforts, reinforcing legal protection for customer data, and enhancing transparency of software code to make it obvious that products do not have back doors.

Any specific implications for the Xbox platform were not specified. A company representative was not immediately available to comment. Microsoft previously attempted to quell privacy concerns for the Xbox One by outlining in a privacy document that data captured through the system does not leave the console.

Smith made it clear that Microsoft has no direct evidence that its customer data has been breached by unauthorized government access, but will still pursue a "comprehensive engineering effort to strengthen the encryption of customer data across our networks and services." This includes major portals like Outlook, Office 365, SkyDrive, and Windows Azure, Microsoft's cloud network that powers some Xbox Live cloud services.

All of Microsoft's new encryption efforts, including expanding current encryption to use 2,048-bit keys, will be in place by the end of 2014, though much of it is effective immediately, Smith said.

"Ultimately, we're sensitive to the balances that must be struck when it comes to technology, security, and the law," Smith said. "We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution. We want to ensure that important questions about government access are decided by courts rather than dictated by technological might. And we're focused on applying new safeguards worldwide, recognizing the global nature of these issues and challenges. We believe these new steps strike the right balance, advancing for all of us both the security we need and the privacy we deserve."

For more details on Microsoft's plan to protect consumer data from "government snooping," check out Smith's post on Microsoft's website.

Join the conversation
There are 620 comments about this story