Microsoft's Tighter Encryption: Why Others Should Follow Its Lead
NEWS ANALYSIS: While the NSA can probably crack any method of encryption you're likely to use, it's not the NSA you should really be worried about.The revelations in The Washington Post that Microsoft was working to encrypt all the traffic the company moves around the world because of National Security Agency (NSA) spying should only be a surprise because it wasn't already being done. Chances are (although we can't prove this) that anything Microsoft or any other large company with sensitive information moves across the public Internet is already encrypted. However, these same large companies also have massive private network connections that connect their data centers around the world. These networks and the global data centers they connect exist for a variety of reasons. Large companies have lots of offices that need access to data. These companies need to have secure links to disaster-recovery sites, or they need real-time mirroring to ensure data integrity. Whatever the reason, these sites are connected using fiber-optic cables that are usually provided by a third-party. Those third parties may include major carriers such as Verizon, or data communications companies such as Level 3.
Until recently, most of this traffic has been passed as unencrypted data. Most personally identifiable information such as health records or credit card numbers would have been encrypted in any case, but the vast majority of corporate data is stuff like boring old email, calendar entries or PowerPoint slides. Of course, the email and calendar metadata are exactly what the NSA and other intelligence services want. I doubt that even the NSA is willing to sit though terabytes of PowerPoint presentations.