Redmond announced in a blog post that the additional encryption will apply to products such as Outlook.com, Office 365, SkyDrive and Windows Azure, to be implemented by the end of 2014.
The company said:
· We are expanding encryption across our services.
· We are reinforcing legal protections for our customers’ data.
· We are enhancing the transparency of our software code, making it easier for customers to reassure themselves that our products do not contain back doors.
“While we have no direct evidence that customer data has been breached by unauthorized government access, we don't want to take any chances and are addressing this issue head-on,” Brad Smith, general counsel and executive vice president, legal & corporate affairs, Microsoft, wrote in an blog post.
“Therefore, we will pursue a comprehensive engineering effort to strengthen the encryption of customer data across our networks and services.”
The company will encrypt all data moving between the company and customers, and will deploy perfect forward secrecy (PFS) and 2,048-bit key lengths. With PFS, a separate set of crytographic protocols replace a session key exchange process with one that never sends the secret session key across a network.
As we reported last month Twitter has also enhanced its security with PFS, announcing on 22 November it has added the technology on its home page, API page and mobile site.
Meanwhile, Microsoft rival Google has strengthened security on its network by upgrading Secure Socket Layer (SSL) certificates from 1,024-bit to 2,048-bit encryption. Other services, such as NSA whistleblower Edward Snowden's email service Lavabit, simply chose to shut down altogether rather than comply with NSA directives.
“In particular, recent press stories have reported allegations of governmental interception and collection — without search warrants or legal subpoenas — of customer data as it travels between customers and servers or between company data centers in our industry,” Smith said.
“If true, these efforts threaten to seriously undermine confidence in the security and privacy of online communications.
“We believe these new steps strike the right balance, advancing for all of us both the security we need and the privacy we deserve,”