Feedback
Tech

Microsoft says government snooping as bad as 'malware and cyber attacks'

Microsoft recently announced stricter privacy measures in the wake of allegations of NSA snooping in the press.
Microsoft recently announced stricter privacy measures in the wake of allegations of NSA snooping in the press.

Microsoft isn't mincing words when it comes to how it feels about U.S. intelligence agencies potentially spying on its customers. 

On Tuesday, Brad Smith, Microsoft's general counsel and executive vice president, wrote in a blog post that "government snooping potentially now constitutes an 'advanced persistent threat'" to online privacy and security "alongside sophisticated malware and cyber attacks."

Smith cited concern over "recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures — and in our view, legal processes and protections — in order to surreptitiously collect private customer data."

Specifically, he referenced reports of the NSA intercepting data as it traveled between "company data centers in our industry." 

NBC reached Microsoft for comment and will update the story when the company responds. 

On Oct. 30, 2013, The Washington Post reported that it had obtained evidence from former NSA contractor Edward Snowden that the agency — in cooperation with its British counterpart, the Government Communications Headquarters (GCHQ) — intercepted communications that traveled between Yahoo and Google's data centers around the world, intercepting 181,280,466 records in the month following Jan. 9, 2013. Those records reportedly included when and to whom emails were sent, as well as their content.

The documents released by Snowden suggested, but did not prove, that Microsoft was also targeted, reported The Washington Post.

In response, Microsoft announced three new security measures:

  1. Using "best-in-class industry cryptography" protect data moving between customers and Microsoft, as well as between its data centers around the world. Smith said Microsoft would switch to stronger 2,048-bit encryption by the end of 2014 for its Outlook.com email service, Office 365 apps, Skydrive and its Azure cloud platform. Google completed similar measures in November, while Yahoo and Facebook have announced plans to do the same in the future.
  2. Notifying businesses or individuals if the government has requested their data. If prevented from doing that by a gag order, Smith wrote, Microsoft would challenge the decision in court. 
  3. Opening "transparency centers" in Europe, the Americas and Asia to allow governments inspect the company's source code and reassure them of its "integrity, and confirm there are no back doors."

While the move towards stronger encryption is meant to prevent intelligence agencies from scooping up information as it travels between data centers, they can still request it through court orders.

"We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution," Smith wrote. "We want to ensure that important questions about government access are decided by courts rather than dictated by technological might."

Keith Wagstaff writes about technology for NBC News. He previously covered technology for TIME's Techland and wrote about politics as a staff writer at TheWeek.com. You can follow him on Twitter at @kwagstaff and reach him by email at: Keith.Wagstaff@nbcuni.com