Cloud Microsoft Security

Microsoft Bolsters Encryption For OneDrive And Outlook.com

As reported on TechCrunch.

by Alex Wilhelm

Microsoft announced this morning that it has bolstered the security of several of its digital products, bringing stronger encryption tools to its OneDrive and Outlook.com services.

In the wake of revelations that the United States government was tapping the core fiber cables of the Internet, snooping on traffic between the data centers of large technology companies, and working to weaken encryption, a loose, industry wide effort has been undertaken to build digital dikes to keep prying eyes out of customer data.

As we’ve noted, this is an interesting moment when user well-being and the profit motive of corporations find common cause: Less government, more privacy. (The cause-effect pull here is mildly tautological, but let’s move on.)

According to a blog post that it released this morning, Microsoft has added Transport Layer Security encryption to Outlook.com, allowing email sent by users of the service to remain encrypted while in transit. Microsoft cited several email providers, including Yandex and Mail.Ru as partners in the effort — the receiving email service must support Transport Layer Security encryption or it doesn’t work.

Outlook.com, along with OneDrive also now both sport Perfect Forward Secrecy encryption.

Google, Yahoo, and others have also made strides to tighten their security. Yahoo encrypted information moving between its data centers, and promised an encrypted version of its messaging product. Google has made similar efforts.

All quite reasonable, right? Not to some in our government. Congressman Mike Rogers recently had sharp words for technology companies who are in favor of stronger protections against government surveillance:

While I’m on my soapbox, we should be really mad at Google and Facebook and Microsoft, because they’re doing a very interesting, and I think, very dangerous thing. They’ve decided to come out and say “we oppose this new FISA bill, because it doesn’t go far enough.” And when you peel that onion back a bit and say “Why are you doing this? This is a good bill, it’s safe, it’s bi-partisan, it’s rational. It meets all the requirements for 4th Amendment protections and privacy protection and allowing the system to work.”

And they say, “Well, we have to do this because we’re trying to make sure we don’t lose our European business.” I don’t know about the rest of you but that offends me from the words “European business.” Think about what they’re doing. They’re willing to, in their mind, justify the importance of their next quarter’s earnings in Europe versus the national security of the United States. Everybody on those boards should be embarrassed and their CEOs should be embarrassed and their stockholders should be embarrassed. That one quarter cannot be worth the national security of the United States for the next ten generations.”

The bill that Rep. Rogers is riffing on attracted ire. Around half of its co-sponsors voted against the law’s final form when it was unceremoniously rammed through the lower chamber of Congress after what I’ve heard was strong lobbying from the Executive Branch.

Some in the Senate have pledged to tighten the bill’s language when they take it up this summer.

But while Congress can’t decide if you and I deserve a reasonable expectation of privacy, the companies to which we have entrusted our data are at least doing what they should have done a long time ago: locking down our data to what I can only hope becomes the nth degree.