Back to Main

Microsoft Cranks Up Anti-Spying Security, Playing Off Google's Creepiness Factor

By: Minyanville
Posted: 11/27/2013 12:20:00 PM
Referenced Stocks: AAPL;CSCO;GOOG;MSFT;YHOO

Microsoft ( MSFT ) is strengthening security and privacy further in response to reports that government agencies may be able to access user data without permission.

The Washington Post reported that the company is renewing efforts to encrypt traffic on its Web services such as Outlook and Skype. The paper's sources said that top executives at the software company are meeting this week to discuss beefing up encryption, which makes it much harder for spies or malicious hackers to compromise one's privacy.

"We're focused on engineering improvements that will further strengthen security," Brad Smith, a Microsoft general counsel, told shareholders last week, "including strengthening security against snooping by governments."

Last month, documents leaked by former National Security Agency contractor Edward Snowden detailed how the NSA can tap into Google ( GOOG ) and Yahoo ( YHOO ) servers, allowing the spies to collect any communications they wish. The two web companies vowed to strengthen encryption on data that moves between their data centers to prevent this. The documents also refer to Hotmail and Windows Live, but Microsoft cannot yet confirm that the government is tapping its wires in the same way. Still the company is concerned.

Is Microsoft truly making an about-face? The company is hardly known for its commitment to user privacy. The Electronic Frontier Foundation's Who Has Your Back scorecard in 2012 gave Microsoft one star out of four for user privacy, but it got four stars out of six this year. One beef that the Internet freedom crowd has with Microsoft is that it doesn't notify users of government requests for data. Twitter (NYSE: TWTR ) got a perfect score, while Apple ( AAPL ) got a single star. Microsoft says that it only provides data to the government when legally obliged to do so. The EFF says that despite its engineering clout, Microsoft remains behind on encryption technology.

In Edward Snowden's revelations, it came out that Microsoft was the first company to comply with PRISM, the secret program that allegedly gave the intelligence community backdoor access to user communications. When Redmond launched Outlook.com in the summer of 2012, the NSA had trouble circumventing encryption of web chats, and Microsoft helped them figure it out a few months later . Some documents indicated that NSA analysts could read pre-encrypted emails.

Way back in 1999, Heise , a German computer-security publication, wrote that researchers found evidence that the NSA had its own key for a driver that works with Internet Explorer.

It was found because "Microsoft's developers had failed to remove or 'strip' the debugging symbols used to test this software before they released it. Inside the code were the labels for the two keys. One was called 'KEY'. The other was called 'NSAKEY'."

Though there hasn't been an exodus of users, the threat of coming under Uncle Sam's gaze is already making it harder for US tech firms to compete abroad. Most big Web services like Google are banned in China but as we wrote earlier this week , enterprise-level tech companies like Cisco ( CSCO ) are seeing sales sink in China since the Snowden revelations came out.

However, beefing up crypto and calling for limits to the NSA's information-hoovering could be just a marketing ploy on Microsoft's part. The company is positioning itself as the anti-Google. Thanks to growing awareness of internet privacy and some slightly creepy moves on Google's part over the years, there is certainly room for a tech giant to offer privacy. The "Scroogled" campaign tries to paint Google as Big Brother. (Word on the internet is that these t-shirts are really popular on Google's campus; this is what passes for irony these days.) But the kettle might be calling the pot black in this case. Especially after the damning PRISM revelations were made public, it will be hard for the companies involved to ingenuously market themselves to users at home and abroad as a privacy-focused service.

Twitter: @vincent_trivett