Microsoft beefs up security, privacy of online services

Summary:[UPDATED] The company is improving encryption for Outlook.com and OneDrive users and aiming to boost confidence of foreign governments in their integrity.

Microsoft has announced several improvements to the encryption used in their online services. The announcement comes in a blog entry by Matt Thomlinson, Microsoft's Vice President of Trustworthy Computing Security.

Both Outlook.com and OneDrive have enabled Perfect Forward Secrecy (PFS), an encryption technique by which parties use a different encryption key for every connection, making it more difficult for attackers to decrypt connections. Google has been the leader in PFS, having enabled it for many of their services since 2011.

[UPDATE: To clarify, Microsoft says that PFS protects connections between the Outlook.com server (mail.live.com) and other email providers, not the connection between the end user and the Outlook.com server.]

Outlook.com is also making more extensive use of Transport Layer Security (TLS) when communicating with other mail systems. Both when sending and receiving mail, Outlook.com will use TLS if the other server supports it. This will make it very difficult for any party listening in to the data transfer to read the communications.

The company also announced their first "Transparency Center," this one in Redmond, WA. At these centers participating governments can analyze Microsoft source code to confirm that there are no "back doors" by which other parties (of course we're talking about Microsoft or the US government) could monitor communications. Microsoft had previously announced a Brussels Transparency Center. The concerns are valid, as  Germany recently ended a contract with Verizon  over fears that the company was enabling US surveillance.

That the announcement came on their "Microsoft on the Issues" blog shows that the thrust of this announcement is to boost confidence in Microsoft's services in the wake of revelations of governments monitoring and reading private communications.

Topics: Security, Government, Microsoft

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.