Microsoft beefs up security, privacy of online services

[UPDATED] The company is improving encryption for Outlook.com and OneDrive users and aiming to boost confidence of foreign governments in their integrity.
Written by Larry Seltzer, Contributor

Microsoft has announced several improvements to the encryption used in their online services. The announcement comes in a blog entry by Matt Thomlinson, Microsoft's Vice President of Trustworthy Computing Security.

Both Outlook.com and OneDrive have enabled Perfect Forward Secrecy (PFS), an encryption technique by which parties use a different encryption key for every connection, making it more difficult for attackers to decrypt connections. Google has been the leader in PFS, having enabled it for many of their services since 2011.

[UPDATE: To clarify, Microsoft says that PFS protects connections between the Outlook.com server (mail.live.com) and other email providers, not the connection between the end user and the Outlook.com server.]

Outlook.com is also making more extensive use of Transport Layer Security (TLS) when communicating with other mail systems. Both when sending and receiving mail, Outlook.com will use TLS if the other server supports it. This will make it very difficult for any party listening in to the data transfer to read the communications.

The company also announced their first "Transparency Center," this one in Redmond, WA. At these centers participating governments can analyze Microsoft source code to confirm that there are no "back doors" by which other parties (of course we're talking about Microsoft or the US government) could monitor communications. Microsoft had previously announced a Brussels Transparency Center. The concerns are valid, as Germany recently ended a contract with Verizon over fears that the company was enabling US surveillance.

That the announcement came on their "Microsoft on the Issues" blog shows that the thrust of this announcement is to boost confidence in Microsoft's services in the wake of revelations of governments monitoring and reading private communications.

Editorial standards