Microsoft has added encryption safeguards to the Outlook.com webmail service and to the OneDrive cloud storage service, in part to better protect these consumer products from government snoops.
"Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day. This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data," Matt Thomlinson, vice president, Trustworthy Computing Security, at Microsoft wrote in a blog post.
The move follows similar ones from other cloud computing providers. For example, Google announced end-to-end encryption for Gmail in April, including protection for email messages while they travel among Google data centers. It recently announced similar encryption for its Google Drive cloud storage service.
It's not clear from Microsoft's announcement whether the encryption protection it announced covers Outlook.com messages and OneDrive files as they travel within Microsoft data centers. It's also not clear what, if any, encryption OneDrive and Outlook.com have had until now. Microsoft didn't immediately respond to a request for comment.
Cloud computing providers like Microsoft, Google, Amazon and many others have been rattled by disclosures from former National Security Agency contractor Edward Snowden regarding government snooping into online communications, due to the effect on their consumer and business customers.
As a result, these companies have been busy boosting encryption on their systems, while also lobbying the U.S. government to stop the stealthy and widespread monitoring of Internet services.
In December, Microsoft announced it would roll out in the coming 12 months sweeping improvements in encryption across its consumer and enterprise cloud services, including Outlook.com, its Azure platform, Office 365 and other products. Tuesday's announcement is part of that ongoing effort.
Brad Smith, Microsoft's general counsel, wrote then that "we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures -- and in our view, legal processes and protections -- in order to surreptitiously collect private customer data. In particular, recent press stories have reported allegations of governmental interception and collection -- without search warrants or legal subpoenas -- of customer data as it travels between customers and servers or between company data centers in our industry."
Smith went on to say that, if true, the situation threatens to "seriously undermine" the security and privacy of online communications, turning government snooping into "an advanced persistent threat alongside sophisticated malware and cyber attacks."
The company said Tuesday that inbound and outbound mail from Outlook.com is now protected with Transport Layer Security (TLS) encryption as it travels to and from Microsoft email systems. A caveat is that if there's another email service provider involved in the exchange it must also have implemented TLS on its end. Microsoft has been working with other large, international email service providers on efforts to get TLS more broadly adopted.
Sign up for CIO Asia eNewsletters.