Feeds

Microsoft thumbs nose at NSA, hardens crypto for Outlook, OneDrive

New server-side feature makes it harder for spies to snoop

HP ProLiant Gen8: Integrated lifecycle automation

Microsoft has flipped the switch to activate stronger encryption on its OneDrive and Outlook.com cloud services as part of a broader effort to make it harder for the NSA and other spying agencies to snoop on its customers' data.

Specifically, Outlook.com now supports TLS encryption on all connections to its servers, both incoming and outgoing.

Technically, that means any email sent using the service will be fully encrypted during transit, from end to end. But for that to actually happen, the receiving mail server must also support TLS encryption. Many don't.

To that end, Microsoft has been working with major email providers to ensure that they get TLS up and running on their servers. In a Tuesday blog post, Matt Thomlinson, VP of Redmond's Trustworthy Computing group, named Deutsche Telekom, Mail.ru, and Yandex as three examples of companies that have partnered with Redmond in this effort.

In addition, both Outlook.com and OneDrive now support Perfect Forward Secrecy (PFS) in their encryption. An alternative algorithm for crypto key exchange, PFS makes it harder for eavesdroppers to decrypt communications because it never sends the secret session key in full over the network.

In the case of OneDrive, PFS encryption is now used whether the client is connecting via the OneDrive website, mobile apps, or the desktop sync client.

"Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day," Thomlinson wrote. "This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data."

In other words, although Microsoft has pledged to resist when governments try to grab its customers' data via warrants and other legal instruments – for its largest enterprise and government customers, at least – it isn't convinced that the NSA or some other snoop outfit won't try to use surreptitious wiretaps to gain the same info.

In a speech at a recent event, Brad Smith, Microsoft's top lawyer, said the NSA domestic surveillance scandal is causing foreign companies to grow reluctant to do business in the US, and that unless the US government acts to curb the spy agencies' activities, it risks doing serious damage to the nation's tech industry.

"Last fall people in Washington, including at the White House and Congress, had a view that this was an issue that needed to be addressed but might blow over ... it is not blowing over ... in June of 2014 it is clear it is getting worse not better," Smith said. ®

Reducing security risks from open source software

More from The Register

next story
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
SHOCK and AWS: The fall of Amazon's deflationary cloud
Just as Jeff Bezos did to books and CDs, Amazon's rivals are now doing to it
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
BlackBerry: Toss the server, mate... BES is in the CLOUD now
BlackBerry Enterprise Services takes aim at SMEs - but there's a catch
The triumph of VVOL: Everyone's jumping into bed with VMware
'Bandwagon'? Yes, we're on it and so what, say big dogs
Carbon tax repeal won't see data centre operators cut prices
Rackspace says electricity isn't a major cost, Equinix promises 'no levy'
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.