CNET is reporting Microsoft (MSFT) is implementing tougher encryption standards for Web-based email and some cloud services. According to the article, Microsoft has activated Transport Layer Security encryption (TLS) for its webmail services at Outlook.com, Hotmail.com, Live.com, and MSN.com. This should make it significantly harder for email originating from and being sent to a Microsoft account to be spied on, as long as the connecting email service also uses TLS.
Matt Thomlinson, vice president of Microsoft’s Trustworthy Computing division, said “This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data.”
The article goes on to say that Microsoft’s heightened encryption efforts stem from revelations that the NSA had been spying on Internet companies such as Microsoft via a program called Muscular.
In addition, the move comes just a few weeks after a well-publicized Google webmail report that was less-than-flattering to Microsoft. In the report, Google scored Microsoft, along with Comcast and Apple, as webmail providers with inadequate levels of encryption to protect their users’ email.
The article goes on to say that Microsoft also has activated Perfect Forward Secrecy encryption (PFS) for its cloud storage service OneDrive. The OneDrive website, OneDrive mobile apps, and OneDrive syncing tools will now all use the tougher PFS encryption standard, which protects user confidentiality even when an third-party is eavesdropping on the network.
Finally, Microsoft has opened a “transparency center” at its headquarters in Redmond, WA, where governments can review Microsoft source code for “key products” to confirm that no hidden backdoors have been added to the software. Microsoft has not revealed which of its products will be available for review.