You can’t possibly have missed all of the news that has been spewing forth since early last summer regarding the data leaked by Edward Snowden, regarding the NSA spying. None of that news was good, and it served as notice to many citizens, both US and abroad, that the current system cannot be trusted.
It also pointed the finger at major tech companies as possibly being in cahoots with the National Security Agency. But are those allegations accurate? Is Microsoft, among others, selling you out?
Setting the Stage
Among those implicated in early leaks was Microsoft, a company that has been beleaguered with problems in the security arena. Given the leaky nature of Windows and the monthly security patches, it seemed all too possible that allegations were true, even if unintentional.
However, respected security researcher Steve Gibson attempted to unravel the mess and pointed out that, in fact, the government didn’t need complicity to pull off the entire PRISM operation. “The NSA has installed this technology, this PRISM fiber-optic tapping/splitting technology, just upstream of all of those companies named. It is absolutely true that they probably never knew about it. They may be finding out about it for the first time, listening to this podcast. And I imagine it will suddenly all make sense to them. The NSA has said they had direct access to these companies' servers”, Gibson explains.
Microsoft, for its part, has attempted to dispel these rumors -- having customers afraid to use services like Skype and Outlook.com is rather bad for business, after all.
Chief Counsel Brad Smith, in a blog post went so far as to say “these efforts threaten to seriously undermine confidence in the security and privacy of online communications. Indeed, government snooping potentially now constitutes an ‘advanced persistent threat’, alongside sophisticated malware and cyber attacks”.
Just yesterday, at a security conference in Germany, the company unveiled that one of its new transparency centers would be setup in Brussels Belgium. These will be spread across Europe, Asia and the Americas. The plan is to allow access to the actual code, in the hopes of verifying the lack of backdoors.
There is also new encryption planned, using Perfect Forward Secrecy with 2048-bit key lengths to protect data stored, as well as what travels across the internet between Microsoft and other companies.
So, with background information out of the way, we get to the question I wish to pose to you this weekend. Do you trust Microsoft with your data? For my own part, I see no easy answers, as both sides of the equation have equally compelling arguments -- a company wishing to stay in business needs to play ball, but also needs to protect users if it wishes to keep them.
So, consider this a rather unscientific poll, and chime in using the comments below and let us know your feelings about what all of this means and how much you trust the company with your data.