clock menu more-arrow no yes mobile

Filed under:

Microsoft's new security policies target 'government snooping'

As a response to continuing reports of wide-ranging government surveillance of online communications, Microsoft is making a concerted effort to protect users of its services from "government snooping," the company announced today.

"Many of our customers have serious concerns about government surveillance of the internet. We share their concerns. That's why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data," said Brad Smith, general counsel for Microsoft and executive vice president of legal and corporate affairs, in a post on the company's official blog.

Although Smith did not call out Xbox Live or gaming platforms by name, the Xbox One's cloud computing infrastructure involves Windows Azure, and the console's video upload functionality uses SkyDrive.

Microsoft now sees surreptitious government surveillance online as an "advanced persistent threat" on the same level as "sophisticated malware and cyber attacks," according to Smith. In light of that viewpoint, the company is stepping up its anti-surveillance efforts in three main ways.

Microsoft now sees surreptitious government surveillance online as an "advanced persistent threat"

First, Microsoft is expanding the use of encryption across its "major communications, productivity and developer services," including the productivity suite Office 365, web-based email client Outlook, cloud storage service SkyDrive and cloud computing platform Windows Azure. Under Microsoft's new policies, data moving between Microsoft and its customers will be encrypted by default, and for key services like the ones mentioned above, customer content will also be encrypted as it moves between Microsoft data centers.

"All of this will be in place by the end of 2014, and much of it is effective immediately," said Smith.

Microsoft is also redoubling its efforts under the law to shield its customers from surveillance. The company will continue to alert users of legal orders related to personal or business data, and will challenge gag orders in court if those orders attempt to prevent the company from notifying customers.

"Except in the most limited circumstances, we believe that government agencies can go directly to business customers or government customers for information or data about one of their employees — just as they did before these customers moved to the cloud — without undermining their investigation or national security," said Smith.

Microsoft is one of a number of technology companies implicated in the NSA leaks

Finally, Microsoft is taking steps to be more transparent with customers, so individuals and businesses can review the integrity of the company's security protocols. According to Smith, Microsoft is opening "transparency centers" to assist in this practice.

Microsoft is one of a number of technology companies implicated earlier this year in reports of surveillance by the U.S. National Security Agency. According to documents provided to the media by leaker Edward Snowden, Microsoft granted the NSA access to private emails and Skype conversations — a charge the company vehemently denied. This past October, Snowden leaked additional documents indicating that the NSA secretly intercepted data of Google and Yahoo users.

"We want to ensure that important questions about government access are decided by courts rather than dictated by technological might. And we're focused on applying new safeguards worldwide, recognizing the global nature of these issues and challenges," said Smith.

Sign up for the newsletter Sign up for Patch Notes

A weekly roundup of the best things from Polygon