Microsoft adds new Outlook.com and OneDrive encryption to thwart government snooping

[COKid]

Microsoft says it has added new layers of encryption to Outlook.com emails and OneDrive files as part of a broader push to protect customer data from hacking and government surveillance.

 

The addition of Transport Layer Security to Outlook.com will encrypt messages sent between Microsoft and other email providers. The company also enabled Perfect Forward Secrecy encryption in Outlook.com and OneDrive, which uses a different encryption key for each connection.

 

?We are in the midst of a comprehensive engineering effort to strengthen encryption across our networks and services,? said Matt Thomlinson, Microsoft?s vice president of Trustworthy Computing Security, in a blog post.

 

He said the effort ?helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data.?

 

Citing documents from Edward Snowden and information from anonymous sources, The Washington Post reported in October that the NSA was able to access data from hundreds of millions of online user accounts through a program called MUSCULAR, by intercepting data transferred between the servers of large technology companies.

 

Microsoft?s Outlook.com encryption has been in the works since last year. Google recently called on other webmail providers to step up their efforts to adopt Transport Layer Security to provide end-to-end encryption for email.

 

The company has also been improving the encryption of data and messages in Office 365, Windows Azure and other online services.

 

Source: http://www.geekwire.com/2014/microsoft-adds-new-outlook-com-onedrive-encryption-thwart-government-snooping/

[Torolol]

NSA: "Bend over and give me the key, microsoft"

Microsoft: "Yes master"

[Ian W]

NSA: "Bend over and give me the key, microsoft"

Microsoft: "Yes master"

That's not the way it works and you know it.

[The_Decryptor Veteran]

TLS is a good addition (Everything should use TLS), but it won't actually protect emails from anything, it's easy enough to block TLS from email connections.

That's not the way it works and you know it.

Yeah, Microsoft says no first then the government gets the key anyway.

[Ian W]

TLS is a good addition (Everything should use TLS), but it won't actually protect emails from anything, it's easy enough to block TLS from email connections.

Yeah, Microsoft says no first then the government gets the key anyway.

Yes, but it is not fair to portray Microsoft in such a negative light since it is legally required to comply.

[LimeMaster]

NSA: "Bend over and give me the key, microsoft"

Microsoft: "Yes master"

Sounds pretty accurate. Although, same could be said for any big company.

[+theblazingangel MVC]

Yes, but it is not fair to portray Microsoft in such a negative light since it is legally required to comply.

Who is portraying Microsoft in an unfairly negative light? The posts that you are responding to are simply pointing out how such enhancements are fundamentally undermined.

The fact is that companies like Microsoft can be compelled to hand over their keys. How much they may or may not protest before complying only factors into how much we may or may not hate them; it doesn't change the fact that they have to hand them over. If the keys are handed over, then with the powerful position the government intelligence agencies are in with regard to traffic capture, the addition of TLS and PFS can quite easily mean ###### all. These security enhancements only mean something significant if and only if Microsoft can somehow resist any demand for them to hand over their keys, and/or if the agency's data capture capabilities are somehow significantly restricted.

As long as Microsoft can be compelled to hand over keys, and as long as they refrain from significantly changing the way their services work (not giving us zero-knowledge based encryption), trumpeting security enhancements like this and their new "transparency centre for governments" only serves to bolster an illusion of security (where government intrusion is considered as a threat), helping Microsoft to persuade ill-informed gullible customers to not leave them for platforms with better security models that can resist such threats.

It is Microsoft's decision not to adopt the open-source model and provide zero-knowledge services, and to stick with their existing platform designs, which are incapable of defending against the concept of governments compelling companies to hand over keys/data, thus I have no sympathy for them.

[Andre S. Veteran]

It is Microsoft's decision not to adopt the open-source model and provide zero-knowledge services, and to stick with their existing platform designs, which are incapable of defending against the concept of governments compelling companies to hand over keys/data, thus I have no sympathy for them.

Open-source or not, they'd still have to keep their private keys secret and still could be compelled by law to hand them over.

[+Eternal Tempest MVC]

Microsoft, Google, and other's are increases there security to prevent unknown snooping on them that was reveled. 

They still comply with government. 

[+theblazingangel MVC]

Open-source or not, they'd still have to keep their private keys secret and still could be compelled by law to hand them over.

Well that depends on the product and the model it's built on. I understand where you're coming from, but I didn't mean to imply that any product of theirs could be made secure/trustworthy by simply offering up the source code, let me elaborate a little...

(To be clear, I'm not just talking about Microsoft's cloud services, but Windows and other locally installed software also.)

• Windows, VS compilers and other local software such as MS Office. If open-sourced could give you greater trust in them, with the usual open-source caveats below of course*. An open-source OS and compiler are fundamental to trusting the software running on your machine (ignoring the hardware/firmware itself) and providing a trusted base upon which to verify that binaries of other open-source applications have been build from the same source code you have a copy of. Microsoft could open-source all of their products, providing a huge boost in our trust in them. I don't expect they ever will though, they'll be too worried about loosing out to piracy. I haven't yet read any details of how their new 'transparency centre' to allow governments to review their code will work exactly; on the face of it it sounds laughable, but leave talking about that for another post.
• OneDrive would not benefit from simply being open-sourced, they'd still need to protect their keys, which they can't reasonably be expected to do. (Unless you were to run a personal copy of the service on your own servers with the provided source-code and your own keys of course). However, if the local client was open-source, and if it implemented zero-knowledge (your data is encrypted/decrypted locally and only you can access the key) then this provides a secure model, one in which we don't need to worry about Microsoft being compelled to give up keys. It's not perfect*, but it's a much better model (from a trust perspective) than it currently is. Now, using the service as it currently is, you could always encrypt files manually before allowing them to be uploaded to OneDrive. This "custom-local-encryption" you're adding essentially provides you with an alternative zero-knowledge based model, only it's a bit of a messy hack, it only helps the minority that know to do it, let alone know how, and you're still reliant on closed source binaries. For users of the current model, without such custom-local-encryption, the TLS/PFS enhancements are essentially meaningless due to compelled-key-disclosure undermining them, and it is also meaningless if you do add such custom-local-encryption.
• With the outlook.com email service, open-sourcing the service would not enhance security/trust. Complicating things here is the need for other individuals to be able to view what you're uploading (sending). For total privacy (in terms of the content) decryption keys must be privately held, they cannot be held or generated by the service, nor transferred via the service in clear-text. A good encryption model to use here is PPK cryptography. PPK would be applied in a similar manor to the "custom-local-encryption" mentioned above in the discussion of OneDrive - You're adding a custom enhancement to the service provided by Microsoft. The trouble with sending something encrypted to another individual is that it depends on you meeting with them in person prior to sending messages in order to do a secure key exchange/verification, unless with the PPK model the recipient's key is already signed by someone else's key which you already trust. You have to be willing to do that if you want to send someone else an encrypted message with confidence that it's private. Using PPK, the TLS/PFS enhancements are meaningless in terms of protecting message content. Without PPK they are essentially meaningless because of compelled-key-disclosure undermining them. In terms of message meta-data (who you're contacting, when, how often), using the Microsoft service, this is naturally exposed to the service and thus also not truly secure. So what could Microsoft do to enhance their email service? Not a lot, at least not directly. They could provide an open-source desktop email client application with PPK facilities. Alternatively, for those using web interfaces, you'd need an open-source browser with PPK capabilities, and would need such a web interface to be able to interact with in some secure manor. S/MIME is alternative to PPK, however it relies on the CA model, and the CA model is susceptible to compelled-key-dislosure also, so that's no good.

This is not to say that enhancements, such as TLS and PFS here, are not appreciated though. It could always help make things harder even if it doesn't offer perfect protection.

* With open-source you need to rely on the assumption that people are reviewing the code and will spot backdoors; you need to verify that you have the same source code as other people; and you need to know that the installed application and updates that are compiled by others are from that same source code.

[techbeck]

That's not the way it works and you know it.

 

Correct.  MS just looks themselves...

 

But seriously, good companies are making things more secure.  Should have been like this from the start and things like NSA snooping shouldnt be the driving factor.