Wednesday, April 22, 2015

Microsoft is cooking the NSA’s turkey for Thanksgiving


A sign is pictured in the hallway of the Microsoft Cybercrime Center, the new headquarters of the Microsoft Digital Crimes Unit, in Redmond, Washington November 11, 2013. Microsoft, the maker of the most popular computer operating system in the world is launching a new strategy against criminal hackers by bringing together security engineers, digital forensics experts and lawyers trained in fighting software pirates under one roof at its new Cybercrime Center. Picture taken November 11, 2013. To match Feature MICROSOFT-CYBERCRIME/ REUTERS/Jason Redmond (UNITED STATES - Tags: BUSINESS SCIENCE TECHNOLOGY CRIME LAW) - RTX15D4T

Tech Editor

The NSA never takes a holiday, and neither will Microsoft when it meets over Thanksgiving to plan a major counterattack against the increasingly-invasive spy agency.

The Washington Post reports Microsoft executives plan to meet through the holiday to map out more aggressive encryption techniques after an October report revealed the agency has learned how to successfully infiltrate the private networks of companies like Google and Yahoo.

Similar document slides released by the Washington Post Wednesday suggest similar private user data may have been intercepted from Microsoft clients Hotmail and Windows Live Messenger. An NSA-email implies Microsoft Passport may have been compromised as well.

Meetings held this week will discuss ways to improve “security against snooping by governments,” according to Microsoft’s general counsel “across the full range of consumer and business services,” according to an anonymous Microsoft source.

The Windows developer was implicated in the media earlier this summer for cooperating with the NSA surveillance programs leaked by former NSA contractor Edward Snowden. The company selectively denied parts of those claims at first, and has since changed its message by banding with other Silicon Valley giants in calling for greater transparency from the NSA, and asking permission to disclose federal information requests.

NSA’s MUSCULAR surveillance program captures data while it travels across international fiber-optic lines, network servers, and cloud storage – technically avoiding domestic surveillance bans, though data that travels outside the U.S. still includes data from U.S. citizens.

New encryption methods being implemented by companies like Microsoft, Google, Facebook and Yahoo could complicate NSA spying efforts as far into the future as 2030 – when the government says they could be more easily broken into.

Sensitive private user data can be better secured by encrypting data more heavily and more thoroughly with a mathematical formula that can only be decoded with special digital keys on either end of the data’s travel path. Picking it up between connection points – as the NSA does now – would provide the agency with useless, coded material.

If and when they break the code, that is. Encryption is never a guarantee, but Silicon Valley’s brightest believe it’s better than nothing at all.

“That’s a pretty big change in the way these companies have operated,” Johns Hopkins University cryptography expert Matthew Green said in The Washington Post. “And it’s a big engineering effort.”

“NSA’s focus is on targeting the communications of valid foreign intelligence targets,” The NSA said in a statement Tuesday. “Not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.”


No comments: