Microsoft has pledged to fight in court any snooping into its foreign customers’ sensitive data by US surveillance agencies, as it compared government surveillance to hi-tech cyber-attacks and malware.
The software giant was quick to point out Wednesday on its blog that it had never shared such information with US clandestine agencies under the Foreign Service Intelligence Act. According to Microsoft, authorities should not have casual access to information stored on foreign computers anyway.
The company’s general counsel, Brad Smith, told Reuters that Microsoft is "committing contractually to not turning it over without litigating that issue," also promising to provide additional computer safeguards in the form of the encryption of its internal traffic.
The news also comes on the heels of revelations by The Washington Post and other newspapers detailing how the NSA had tapped into foreign fiber-optic cables to snoop on Yahoo and Google’s traffic, while also undermining their encryption and sabotaging their code with so-called “back doors.”
Reports that the NSA had strayed outside the framework set by the Foreign Intelligence Surveillance Court had Google and Yahoo ringing the alarm and acting quickly – but not Microsoft, which was criticized at the time for not providing enough safeguards.
Smith confessed that Microsoft had been caught off guard by the recent Washington Post revelations, explaining that any prior talk of intelligence at Microsoft focused on how the company could best follow the intelligence law, and not on how it could protect itself from “technological brute force,” so “that really was like an earthquake sending shock waves through our industry," Smith said.
Now the company will be “taking steps to ensure governments use legal process rather than technological brute force to access customer data,” Smith said, adding: “Government snooping potentially now constitutes an ‘advanced persistent threat’ alongside sophisticated malware and cyber-attacks.”
The company believes intelligence agencies cannot compel it to install spyware on user machines, and vowed to fight such requests in court.
Microsoft also promised to encrypt user data and promised to cooperate with other companies’ e-mail services to ensure that the stream of data stays secure when a user chooses to switch over from the company’s own Outlook.com (formerly Hotmail) to other services, such as Yahoo or Google.
In another step to tackle the issue, Microssoft promised to take care of the back doors that foreign governments worry about when installing Microsoft products. To do this, the company will work more closely with its regional centers.
Some experts believe that the time for Microsoft to step up its game and join the ranks of other tech heavyweights security-wise is long overdue.