Microsoft is battening down the hatches when it comes to protecting its customers against government surveillance.
In a blog post published tonight, Brad Smith, Microsoft’s General Counsel, laid out the company’s plans for dealing with governments that want to get a hold of its users’ data. First and foremost, Microsoft now considers government surveillance to be a “advanced persistent threat,” much like the threat of malware and other cyber attacks. From there, the company has decided to try and respond by locking down its systems, fighting the legal battles that it can and reassuring government customers that the U.S. government doesn’t have secret back doors into its products.
Like Google and Yahoo, Microsoft is working to roll out stronger encryption to all parts of its business. In particular, by the end of 2014, the company plans to have all traffic between consumers and Microsoft’s servers encrypted, and Smith says that all of its “key platform, productivity and communications services” will have their internal server traffic encrypted by then as well.
Currently, all content transmitted to customers from Office 365 and Outlook.com is encrypted, and “most Office 365 workloads as well as Windows Azure storage,” are encrypted when transmitted internally.
Interestingly, Smith also said that Microsoft is working with other Internet companies to encrypt traffic between between their servers. While Microsoft won’t say which companies are included in that collaborative effort just yet, it seems logical for major players like Google, Yahoo, Facebook and Apple to work together with Microsoft to encrypt users’ emails and other communications.
Microsoft will also continue to challenge requests for customer data, especially when those requests come with attached gag orders that prevent the company from disclosing them to the customers in question, especially when those customers are private organizations.
“Except in the most limited circumstances, we believe that government agencies can go directly to business customers or government customers for information or data about one of their employees – just as they did before these customers moved to the cloud – without undermining their investigation or national security,” Smith said.
Finally, Smith said that the company plans to provide its government customers with the “appropriate ability” to review Microsoft’s source code at specially-designated centers in Europe, the Americas and Asia to assure them that there aren’t any back doors in key applications.
When it came to the overarching philosophy of Microsoft’s changes, the company’s philosophy seems best summed up in these pointed sentences from Smith’s closing paragraph:
“We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution,” he wrote. “We want to ensure that important questions about government access are decided by courts rather than dictated by technological might.”
Previously on GeekWire: Report: Microsoft plans to secure its internal communications against NSA spying