Microsoft: Advancing encryption and transparency efforts

In December, we announced our commitment to further increase the security of our customers’ data. We also announced our plans to reinforce legal protections for our customers’ data, and continue to increase transparency in how we engage with governments around the world. We are making positive progress on all of these fronts.

We are in the midst of a comprehensive engineering effort to strengthen encryption across our networks and services. Our goal is to provide even greater protection for data across all the great Microsoft services you use and depend on every day. This effort also helps us reinforce that governments use appropriate legal processes, not technical brute force, if they want access to that data.

As part of that, today we’re announcing three important milestones that honor our commitments to security and increased transparency.

First, Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email. This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers. Of course, this requires their email service provider to also have TLS support.

Over the past six months, we have been working across the industry to further protect and help ensure your mail remains protected. This includes working closely with several international providers throughout our implementation, including, Deutsche Telekom, Yandex and Mail.Ru to test and help ensure that mail stays encrypted in transit to and from each email service. I'd like to thank each of these companies and the community for the hard work they've put in, and for making this additional engineering investment a priority.

This encryption work builds on the existing protections already in many of our products and services, like Microsoft Azure, Skype and Office 365, and some improvements we have made over the last six months. A few examples include enhanced message encryption in Office 365 as well as Azure’s addition of ExpressRoute, a service that enables businesses to create private connections between Azure datacenters and infrastructure on their premises or in a colocation environment. This is a significant engineering effort given the large number of services Microsoft offers and the hundreds of millions of customers we serve around the world.

In addition to the availability of TLS, Outlook.com has also enabled Perfect Forward Secrecy (PFS) encryption support for sending and receiving mail between email providers. Forward secrecy uses a different encryption key for every connection, making it more difficult for attackers to decrypt connections.

Second, OneDrive has now enabled PFS encryption support as well. OneDrive customers now automatically get forward secrecy when accessing OneDrive through onedrive.live.com, our mobile OneDrive application and our sync clients. As with Outlook.com’s email transfer, this makes it more difficult for attackers to decrypt connections between their systems and OneDrive.

Third, I’m pleased to announce that today we opened the first Microsoft Transparency Center, on our Redmond, Wash. campus. Our Transparency Centers provide participating governments with the ability to review source code for our key products, assure themselves of their software integrity, and confirm there are no “back doors.” The Redmond location is the first in a number of regional transparency centers that we plan to open. We continue to make progress on the Transparency Center in Brussels that I announced in January, with other locations soon to be announced.

As with most things relating to security, the landscape is ever changing. Our work is ongoing and we are continuing to advance on engineering and policy commitments with the goal of increasing protection for your data and increasing transparency in our processes.

Posted by Matt Thomlinson
Vice President, Trustworthy Computing Security, Microsoft

Source: Advancing our encryption and transparency efforts - Microsoft on the Issues - Site Home - TechNet Blogs
 
This is all well and good, but what about bitlocker?

Releasing bitlocker for the normal junior version of windows 8 would do more for user security then all of the above combined. Or at least let us buy it by itself for less than $100.
 

My Computer

System One

  • OS
    Windows 8.1 consumer 64 bit
    Computer type
    Laptop
    System Manufacturer/Model
    Acer Aspire M5 481PT-6644
    CPU
    Intel Core I5
    Memory
    6 GB
    Hard Drives
    Spinning/SSD hybrid 500GB/20GB
    Mouse
    ELAN Trackpad
    Internet Speed
    18mbs/5mbs
    Browser
    Chrome
    Antivirus
    Windows Defender
Hi there

Sometimes you can have just TOO MUCH security. I can just see it now -- "Please help - my data is encrypted -- I've lost the USB / Key / my disk has got corrupt !!! etc. Just watch the zillions of posts coming in if this stuff ever hits the average home user.

This stuff IMO is fine for corporates -- unleashing it on "Joe Public" is just a disaster waiting to happen. In any case most data is stolen (at a consumer / user level) not by hackers fiddling around with people's computers but by users themselves replying to "dodgy" emails, posting too much personal data on social media sites or generally doing other totally stupid things like sending passwords to "fake" web sites / giving too much Bank data to online shopping etc etc.

I remember a stupid manager of a friend of mine who was doing a contract at the DVLA in Swansea S.Wales. (Driver registration, Vehicles etc -- like the US DMV in most states). This manager enforced everybody to have totally unrememberable passwords like !x34SUb0Y? for example. So What did everbody do -- you've guessed it -- write them all down on bits of paper etc. So Mr "Smug Manager" who thought he was the "Bees knees" for security actually was more liable to security breaches than had he just left everything alone.

People in designing Machine / Human systems must as well as the Technical stuff consider HUMAN OPERATORS too. I recommend you watch Aircrash Investigation on Nat. Geographic Channel -- even when the aircraft is made as possibly as safe as it can be there are times when things like the control layout / visibility etc are just wrong for the pilots and an accident happens.

I for one won't install any of this stuff on my NON WORK computers. Just taking reasonable precautions when using a machine at home should be MORE than enough security for most people.

@mikeytg - Bitlocker would be a TOTAL menace for home consumers -- especially those who have several computers on a LAN and are always plugging in and out USB sticks or drives -- especially for multi-media stuff -- videos, photos, music etc. Wait to see the requests here coming from people about how to unscramble and unlock their data !!!!

Even on these forums where in general people are many times more computer savvy than the average joe you often get requests for help for fixing what to more experienced people are fairly trivial mistakes (nothing wrong in that - we all have to learn at some time). A sophisticated system like Bitlocker would be a DISASTER -- if you want it and you are using a works computer install ENTERPRISE.

Cheers
jimbo
 

My Computer

System One

  • OS
    Linux Centos 7, W8.1, W7, W2K3 Server W10
    Computer type
    PC/Desktop
    Monitor(s) Displays
    1 X LG 40 inch TV
    Hard Drives
    SSD's * 3 (Samsung 840 series) 250 GB
    2 X 3 TB sata
    5 X 1 TB sata
    Internet Speed
    0.12 GB/s (120Mb/s)
This is all well and good, but what about bitlocker?

Releasing bitlocker for the normal junior version of windows 8 would do more for user security then all of the above combined. Or at least let us buy it by itself for less than $100.

Why just get Bitlocker for $100 when you can get the whole Pro upgrade for that amount including Bitlocker and so much more

Microsoft Windows 8.1 Pro Pack (Win 8.1 to Win 8.1 Pro Upgrade) - Product Key Card (no media) - Newegg.com

Or if you are like me just upgrade when Microsoft releases a new update, I got Windows 8 Pro upgrade for $39.99 when it launched at BestBuy.
 

My Computer

System One

  • OS
    Windows 8.1 Pro 64 Bit
    Computer type
    Laptop
    System Manufacturer/Model
    Sager NP2740
    CPU
    Intel Core i7 4702HQ 2.2 GHz
    Motherboard
    W740SU
    Memory
    8 GB 1600 MHz
    Graphics Card(s)
    Intel Iris Pro 5200
    Sound Card
    High Defenition Audio
    Monitor(s) Displays
    IPS Display
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 840 EVO 250 GB mSATA
    Internet Speed
    60 Mbps cable, NETGEAR Night Hawk AC1900
    Browser
    Firefox 38.0.5
    Antivirus
    Windows Defender & Malwarebytes Pro
Why just get Bitlocker for $100 when you can get the whole Pro upgrade for that amount including Bitlocker and so much more

Microsoft Windows 8.1 Pro Pack (Win 8.1 to Win 8.1 Pro Upgrade) - Product Key Card (no media) - Newegg.com

Or if you are like me just upgrade when Microsoft releases a new update, I got Windows 8 Pro upgrade for $39.99 when it launched at BestBuy.

My point was that bitlocker is only available with the $100 upgrade, it would be better if it was available by itself for $20 or so.
 

My Computer

System One

  • OS
    Windows 8.1 consumer 64 bit
    Computer type
    Laptop
    System Manufacturer/Model
    Acer Aspire M5 481PT-6644
    CPU
    Intel Core I5
    Memory
    6 GB
    Hard Drives
    Spinning/SSD hybrid 500GB/20GB
    Mouse
    ELAN Trackpad
    Internet Speed
    18mbs/5mbs
    Browser
    Chrome
    Antivirus
    Windows Defender
Back
Top