Microsoft is taking steps to expand its encryption efforts to safeguard its Internet traffic after classified documents released by ex-National Security Agency contractor Edward Snowden shed light on the NSA’s data-collection capabilities.
Last month, the disclosure of NSA’s Muscular program revealed that the agency had gained access into the private networks of Google and Yahoo by tapping the Web connections that linked their respective data centers. From its vantage point, the surveillance program could intercept raw, unprotected data as it was transferred between data centers.
While there is no proof that Muscular also ensnared Microsoft’s network, its Hotmail and Windows Live Messenger services were mentioned in connection with the program, The Washington Post reported. So Microsoft isn’t taking chances.
Suspicions had been building at the company for “several months,” according to the report. It finally boiled over in October when it was disclosed that the NSA was tapping Google and Yahoo.
Sources with knowledge of Microsoft’s plans told the newspaper that the company “is moving toward a major new effort to encrypt its Internet traffic amid fears that the National Security Agency may have broken into its global communications links.” Top executives are reportedly involved in the project and will determine how it is implemented.
Microsoft General Counsel Brad Smith weighed in, saying that if the NSA targeted the company in the manner it did Google and Yahoo, “it would be ‘very disturbing’ and a possible constitutional breach if true.”
The exact nature of the NSA’s data-collection capabilities remains cloaked in mystery. An anonymous U.S. government insider did offer to The Washington Post “that collection can be done at various points and does not necessarily happen on a company’s private fiber-optic links.”
In an Oct. 31 analysis, eWEEK’s Sean Michael Kerner explained, “In the Muscular approach, the NSA has cleverly managed to insert itself at a point where it can intercept all Google and Yahoo traffic. You see, both Google and Yahoo use robust sets of private links between data centers.” He cites an earlier Washington Post report stating that the NSA enlisted an “un-named telecom vendor to offer secret access to a cable or switch through which Google and Yahoo traffic passes.”
In the months following the Snowden leaks and growing concern about NSA’s activities, major tech companies have repeatedly requested that the U.S. government provide more transparency over its intelligence programs and how they impact user data. Last month, they stepped up their efforts.
In an Oct. 31 letter, AOL, Apple, Facebook, Google, Microsoft and Yahoo voiced their support for the USA Freedom Act, legislation that would curtail the NSA’s surveillance activities. In the letter, addressed to the bill’s authors and sponsors in Congress, the companies said they “welcome the debate about how to protect both national security and privacy interests.” Further, they “applaud the sponsors of the USA Freedom Act for making an important contribution to this discussion.”