Thursday, December 5, 2013

Microsoft's steps toward customer control

In a post that I wrote this morning, I worried about a proposal to install Amber Alert monitoring systems on wearable devices - without the knowledge of the person using the wearable device.

It's fair to say that this proposal did not come from Microsoft's Brad Smith, the company's General Counsel and Executive Vice President, Legal and Corporate Affairs. Smith has indicated the steps that Microsoft will take to keep its customers informed. Here are excerpts from Smith's message.

Many of our customers have serious concerns about government surveillance of the Internet.

We share their concerns. That’s why we are taking steps to ensure governments use legal process rather than technological brute force to access customer data.

Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry....

· Customer content moving between our customers and Microsoft will be encrypted by default.
· All of our key platform, productivity and communications services will encrypt customer content as it moves between our data centers.
· We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.
· All of this will be in place by the end of 2014, and much of it is effective immediately.
· We also will encrypt customer content that we store. In some cases, such as third-party services developed to run on Windows Azure, we’ll leave the choice to developers, but will offer the tools to allow them to easily protect data.
· We’re working with other companies across the industry to ensure that data traveling between services – from one email provider to another, for instance – is protected.

In addition to these technical measures, Microsoft is also taking similar measures on the business side of the house, including a pledge for transparency. Of course, as Google has already noted, tech companies' attempts at transparency are sometimes limited by governments prohibiting the companies from releasing sensitive data.

The full message from Microsoft is here. H/T InformationWeek.
blog comments powered by Disqus