Security Corner

Jun 5 2014   6:37PM GMT

Microsoft calls government snooping “advanced persistent threat”

Ken Harthun Ken Harthun Profile: Ken Harthun

Data integrity
Data privacy
Information security

Yes, just like malware. Well, isn’t it a malevolent government act to spy–without cause–on its citizens?

In a December 2013 blog post, Microsoft says they share our concerns:

Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry.

Then they position such activities right there alongside malware and cyber attacks:

If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an “advanced persistent threat,” [emphasis added] alongside sophisticated malware and cyber attacks.

Because of this, Microsoft is ramping up its encryption on, Office 365, SkyDrive and Windows Azure, to name a few. They are also working to reinforce legal protections by notifying customers if they receive any government order to release data and they are challenging any gag orders:

Where a gag order attempts to prohibit us from doing this, we will challenge it in court. We’ve done this successfully in the past, and we will continue to do so in the future to preserve our ability to alert customers when governments seek to obtain their data. And we’ll assert available jurisdictional objections to legal demands when governments seek this type of customer content that is stored in another country.

Another step they are taking is to increase transparency by making their source code available for review where appropriate:

We’re therefore taking additional steps to increase transparency by building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors.

I’m very happy with these efforts on Microsoft’s part. How about you?

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: