Microsoft to increase use of encryption to thwart NSA/GCHQ internet surveillance

Microsoft to address weak point exploited by NSA and GCHQ

Microsoft is planning to increase its use of encryption of customer data sent over the internet in a bid to thwart the pervasive internet surveillance being practised by the US National Security Agency (NSA) and the UK's GCHQ.

The decision is one of many similar moves being considered by major IT industry companies in response to the documents released by NSA whistleblower Edward Snowden this summer. In particular, one of the more recent exposures showed how the NSA was intercepting data sent unencrypted between the servers of internet companies Yahoo and Google.

Microsoft's EMEA vice president of legal and corporate affairs, Dorothee Belz, told the European Parliament's Civil Liberties Committee this week that the company is "evaluating additional changes that may be beneficial to further protect our customers' data".

The grilling was the ninth in a series of hearings by the Committee, set up after the Snowden revelations broke this summer.

Belz was appearing alongside Google's director of public policy and government relations, Nicklas Lundblad, and Facebook's EMEA director for public policy, Richard Allan. The representatives of all three companies denied that they had allowed the NSA or any other government agencies unfettered access to customer data via any network backdoors.

Following the grilling, Caspar Bowden, an independent privacy consultant who was previously chief privacy adviser to Microsoft until 2011 told SCMagazine that: "Microsoft's representative admitted they did not encrypt data sent from server-to-server, in the context of a question about how data was protected between cloud computing data centres."

He continued: "This answer apparently confirmed that Microsoft's services are just as much at risk from the Muscular interception programme Snowden's documents revealed about Google and Yahoo."

However, Microsoft has since pledged to step up its security and confirmed to SCMagazine its plans: "...recent disclosures make it clear we need to invest in protecting customers' information from a wide range of threats, which, if the allegations are true, include governments. We are evaluating additional changes that may be beneficial to further protect our customers' data."