Over the past several weeks, many vendors have come out against the US Government and the NSA, suggesting they will build stronger encryption into their online services to help thwart the NSA threat. Over many months, new reports have leaked showing that the NSA has been illegally tapping connections between Cloud company datacenters to obtain private and personal information about US citizens. The NSA continues to advocate that the covert spying actions are to keep the public safe.
In an era where US jobs are at risk due to poor economic policies, the NSA's actions have only served to destroy confidence in Cloud vendors and eliminate any hope of profit in the Public Cloud. The Cloud has been likened to the Gold Rush, with the hope of bringing a new economy to the lagging tech sector where PCs sales are slumping and innovation is stagnate. The NSA's efforts have seriously hampered any belief that the Public Cloud can be a profitable business anytime soon. Enterprises are now focused solely on architecting Private Clouds and it will be a long time before the Public Cloud will become a real opportunity. A Private Cloud eliminates the connection between the on-premise datacenter and a Cloud hosting collective. It also ensures that company data is retained, controlled, and managed within the corporate structure instead of trusting it to the wilds of the Internet where the NSA is constantly creeping.
On Wednesday, on the Official Microsoft Blog, Microsoft's General Counsel & Executive Vice President, Legal & Corporate Affairs, Brad Smith, wrote out Microsoft's stance on the situation and outlined what the company is working on to combat the "advanced persistent threat" of the NSA and the US Government.
Smith puts the NSA threat into the same category as sophisticated malware and cyber-attacks and questions the legality of what is transpiring. He said that it is one thing to use subpoenas for information, but quite another when the NSA backdoors the process with maliciously intent.
Microsoft is working to do three things:
- Expand encryption across services. Customer created content and information will be encrypted by default using Perfect Forward Secrecy and 2048-bit key lengths.
- Reinforce legal protections for customer data. Microsoft will begin to notify business and government customers when legal orders are received, and will use the court system to remove government issued gag orders.
- Increase transparency. Microsoft will open a network of "transparency centers" in Europe, Americas, and Asia to aid customers in reviewing source code to confirm Microsoft does not build back doors into its software.
The full post is here: Protecting customer data from government snooping