In response to increasing levels of government surveillance online, Microsoft has increased the levels of encryption used in its cloud products and says it will make it easier for government users to check its own code for “back doors” allowing access to sensitive data. However, the company has stopped short of opening up source code for all customers.
Encryption picture from Shutterstock
Microsoft announced the policy change in an unusually-strongly-worded blog post. It’s not every day you see a listed corporation describe government surveillance as an “advanced persistent threat” that’s functionally equivalent to malware.
The main changes, all of which are planned to be implemented by the end of 2014, are:
- All content moving between Microsoft and customers will be encrypted by default
- All data moving between Microsoft data centres will be encrypted by default
- All customer content will be encrypted
- Developers building services on Azure or Office 365 will be able to choose whether or not data is encrypted for individual apps
Microsoft is also planning to make it easier to review its own products for potential flaws:
We’re therefore taking additional steps to increase transparency by building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors.
That’s good news for government customers, but unfortunately the same flexibility isn’t being extended to anyone else.