Microsoft may ramp up encryption of customer data post-Snowden

Share this article:

Microsoft has confirmed to SCMagazineUK.com that it is considering encrypting customers' personal data which it sends over the internet, in the wake of the allegations of mass electronic surveillance by the NSA.

Microsoft is considering encrypting customers' personal data that it sends over the internet, in the wake of the allegations of mass electronic surveillance by the US's NSA intelligence agency.

The revelation that Microsoft is “evaluating additional changes that may be beneficial to further protect our customers' data” came after its EMEA vice president of legal and corporate affairs, Dorothee Belz, faced tough questioning on Monday from a Committee of European MEPs.

The grilling came on Monday during the ninth in a series of hearings by the European Parliament's Civil Liberties Committee, which is looking into the electronic mass surveillance by the NSA and Britain's GCHQ revealed by ex-NSA whistleblower Edward Snowden.

Belz appeared together with Google's director of public policy and government relations, Nicklas Lundblad, and Facebook's EMEA director for public policy, Richard Allan. All three companies denied that they had allowed the NSA or any other government agency access to their customers' personal data through server backdoors.

Following the hearing, independent privacy researcher Caspar Bowden - who was a chief privacy adviser to Microsoft until 2011 - gave his views to SCMagazineUK.com and pointed out that: "Microsoft's representative admitted they did not encrypt data sent from server-to-server, in the context of a question about how data was protected between cloud computing data centres.”

Bowden told SCMagazineUK.com: “This answer apparently confirmed that Microsoft's services are just as much at risk from the Muscular interception programme Snowden's documents revealed about Google and Yahoo."

In an emailed response to this comment, a Microsoft spokesperson told SCMagazineUK.com: “Over the last few years, Microsoft and others have increased protection of customer data travelling across the internet by increasing use of SSL for services. However, recent disclosures make it clear we need to invest in protecting customers' information from a wide range of threats, which, if the allegations are true, include governments. We are evaluating additional changes that may be beneficial to further protect our customers' data.”

In September, The Washington Post reported that Google was accelerating its programme to encrypt the information flowing between its data centres worldwide, amid the backlash against NSA spying.

Meanwhile, the enquiry also heard from US Republican Congressman Jim Sensenbrenner who is hoping to introduce a draft bill in the US to strengthen controls over the NSA. Sensenbrenner highlighted the need for checks by Congress, the Foreign Intelligence Surveillance Court and the White House. "I hope that we have learned our lesson and that oversight will be a lot more vigorous," he told the hearing.

Noting the appearance of Microsoft, Google and Facebook, Dutch MEP Sophie in 't Veld, who was chairing the inquiry, pointed out that Yahoo and Amazon had declined the Civil Liberties Committee's invitation to appear. A delegation from the Committee met Apple during their visit to Washington DC on 28-30 October.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more