Feeds

Microsoft thumbs nose at NSA, hardens crypto for Outlook, OneDrive

New server-side feature makes it harder for spies to snoop

Gartner critical capabilities for enterprise endpoint backup

Microsoft has flipped the switch to activate stronger encryption on its OneDrive and Outlook.com cloud services as part of a broader effort to make it harder for the NSA and other spying agencies to snoop on its customers' data.

Specifically, Outlook.com now supports TLS encryption on all connections to its servers, both incoming and outgoing.

Technically, that means any email sent using the service will be fully encrypted during transit, from end to end. But for that to actually happen, the receiving mail server must also support TLS encryption. Many don't.

To that end, Microsoft has been working with major email providers to ensure that they get TLS up and running on their servers. In a Tuesday blog post, Matt Thomlinson, VP of Redmond's Trustworthy Computing group, named Deutsche Telekom, Mail.ru, and Yandex as three examples of companies that have partnered with Redmond in this effort.

In addition, both Outlook.com and OneDrive now support Perfect Forward Secrecy (PFS) in their encryption. An alternative algorithm for crypto key exchange, PFS makes it harder for eavesdroppers to decrypt communications because it never sends the secret session key in full over the network.

In the case of OneDrive, PFS encryption is now used whether the client is connecting via the OneDrive website, mobile apps, or the desktop sync client.

"Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day," Thomlinson wrote. "This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data."

In other words, although Microsoft has pledged to resist when governments try to grab its customers' data via warrants and other legal instruments – for its largest enterprise and government customers, at least – it isn't convinced that the NSA or some other snoop outfit won't try to use surreptitious wiretaps to gain the same info.

In a speech at a recent event, Brad Smith, Microsoft's top lawyer, said the NSA domestic surveillance scandal is causing foreign companies to grow reluctant to do business in the US, and that unless the US government acts to curb the spy agencies' activities, it risks doing serious damage to the nation's tech industry.

"Last fall people in Washington, including at the White House and Congress, had a view that this was an issue that needed to be addressed but might blow over ... it is not blowing over ... in June of 2014 it is clear it is getting worse not better," Smith said. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
Oracle reveals 32-core, 10 BEEELLION-transistor SPARC M7
New chip scales to 1024 cores, 8192 threads 64 TB RAM, at speeds over 3.6GHz
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
Object storage bods Exablox: RAID is dead, baby. RAID is dead
Bring your own disks to its object appliances
Nimble's latest mutants GORGE themselves on unlucky forerunners
Crossing Sandy Bridges without stopping for breath
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.