Last week, the Washington Post reported that Microsoft was looking into beefing up the encryption for its online services, in order to prevent government agencies like the NSA from using its data illegally. This week, Microsoft confirmed that it will be upgrading the encryption for services such as Outlook.com, Office 365, SkyDrive and Windows Azure.
In a blog post, Microsoft's general counsel Brad Smith said that they don't have any direct evidence that the NSA or other government groups have targeted their online services, but added the company doesn't want to take any chances. He listed just what Microsoft plans to do to protect its data:
Customer content moving between our customers and Microsoft will be encrypted by default.
All of our key platform, productivity and communications services will encrypt customer content as it moves between our data centers.
We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.
We also will encrypt customer content that we store. In some cases, such as third-party services developed to run on Windows Azure, we’ll leave the choice to developers, but will offer the tools to allow them to easily protect data.
Smith said that much of these plans have already been put into effect and that the rest of its encryption efforts will be completed by the end of 2014. He added that Microsoft will continue to fight efforts to obtain customer data in the courts and will notify its business and government customers if it receives any legal orders related to their data.
Finally, Smith said that Microsoft will launch what it calls "transparency centers" for government clients in the Americas, Europe and Asia that he says "will provide these customers with even greater ability to assure themselves of the integrity of Microsoft’s products."