Back in December, Microsoft had announced its commitment to reinforce legal protections for its customers’ data. Almost 7 months later, Matt Thomlinson – Vice President, Trustworthy Computing Security at Microsoft announced via a blog post “3 major milestones that honor the company’s commitments to security and increased transparency”.
First, Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email. This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers. Of course, this requires their email service provider to also have TLS support.
Over the past six months, we have been working across the industry to further protect and help ensure your mail remains protected. This includes working closely with several international providers throughout our implementation, including, Deutsche Telekom, Yandex and Mail.Ru to test and help ensure that mail stays encrypted in transit to and from each email service. I’d like to thank each of these companies and the community for the hard work they’ve put in, and for making this additional engineering investment a priority.
Additionally, Outlook.com has also enabled Perfect Forward Secrecy (PFS) encryption support for exchanging emails between email providers. Forward secrecy uses a different encryption key for every connection, making it more difficult for attackers to decrypt connections.
The second announcement was PFS encryption support being enabled for OneDrive as well.
OneDrive customers now automatically get forward secrecy when accessing OneDrive through onedrive.live.com, our mobile OneDrive application and our sync clients. As with Outlook.com’s email transfer, this makes it more difficult for attackers to decrypt connections between their systems and OneDrive.
The third and final announcement was the opening of the first Microsoft Transparency Center, on their Redmond, Washington campus.
Our Transparency Centers provide participating governments with the ability to review source code for our key products, assure themselves of their software integrity, and confirm there are no “back doors.” The Redmond location is the first in a number of regional transparency centers that we plan to open.
With data privacy becoming a core concern for many users in this age of government snooping, I wonder if this move from Microsoft is more of a reactionary measure rather than a proactive one.
Why did it take Microsoft so long to step up its security? What was it waiting for? Surely this step could’ve been taken much earlier.