Microsoft is stepping up its webmail encryption. The update comes a few weeks after Google released an update to its transparency report showing that less than 50 percent of emails received in Gmail accounts from Microsoft’s Hotmail, Live, and MSN email services were encrypted.
The software giant is now implementing a series of changes to its products to better guard them against spies and cyber thieves. Microsoft has added encryption safeguards to the Outlook.com webmail service and to the OneDrive cloud storage service, in order to better protect these consumer products from government snoops.
Outlook.com, Hotmail.com, Live.com, and MSN.com are now secured with Transport Layer Security protections. TLS is the next generation Secure Sockets Layer and ensures communications on the web are safe. It’s often used in tandem with Forward Secrecy or in Microsoft’s case, Perfect Forward Secrecy, which can keep your information secure even if someone manages to decrypt Microsoft services. Microsoft will only be using PFS for its cloud storage service OneDrive.
“Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day. This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data,” Matt Thomlinson, vice president, Trustworthy Computing Security, at Microsoft wrote in a blog post.
“Over the past six months, we have been working across the industry to further protect and help ensure your mail remains protected. This includes working closely with several international providers throughout our implementation, including, Deutsche Telekom, Yandex and Mail.Ru to test and help ensure that mail stays encrypted in transit to and from each email service,” Microsoft explained.
The company has also launched the very first Transparency Center, allowing government agency the ability to review source code for key products to ensure it is secure.
“Our Transparency Centers provide participating governments with the ability to review source code for our key products, assure themselves of their software integrity and confirm there are no back doors. The Redmond location is the first in a number of regional transparency centers that we plan to open,” Microsoft explains.
Microsoft made allusions to these plans back in December as it revealed it was to expand its encryption to help thwart government snooping, something Thomlinson was keen to reiterate today. “This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data,” he says.
Finally, the computing giant had previously intimated that it was looking to build a network of transparency centers across Europe, the Americas and Asia. The first of these opens today, perhaps unsurprisingly at its Redmond campus in Washington. These centers are designed to give government an outlet for reviewing source code for key products, assure themselves of their software integrity and confirm there are no back doors. It’s thought that Brussels in Belgium will be the next location to open.
PFS is not new, Google has been using it since 2011, but many companies and websites don’t use it.
The move follows similar ones from other cloud computing providers. For example, Google announced end-to-end encryption for Gmail in April, including protection for email messages while they travel among Google data centers. It recently announced similar encryption for its Google Drive cloud storage service.
It’s not clear from Microsoft’s announcement whether the encryption protection it announced covers Outlook.com messages and OneDrive files as they travel within Microsoft data centers. It’s also not clear what, if any, encryption OneDrive and Outlook.com have had until now. Microsoft didn’t immediately respond to a request for comment.
Cloud computing providers like Microsoft, Google, Amazon and many others have been rattled by disclosures from former National Security Agency contractor Edward Snowden regarding government snooping into online communications, due to the effect on their consumer and business customers.
As a result, these companies have been busy boosting encryption on their systems, while also lobbying the U.S. government to stop the stealthy and widespread monitoring of Internet services.
Microsoft reaffirms its commitment of increasing consumer data protection while increasing transparency in the process.