Microsoft is moving to encrypt its Internet traffic based on assumptions the National Security Agency has broken into its internal global communications systems as it did with Google and Yahoo, according to sources familiar with the plans.
Microsoft’s suspicions that the NSA is intercepting traffic within its private networks were heightened in October, when it was reported such intrusions have happened to Google and Yahoo, which have similar global infrastructures. Sources close to Microsoft’s deliberations told The Washington Post top executives at the company are to meet this week to decide what encryption initiatives will take place.
The Post reports two previously unreleased slides obtained via former NSA contractor Edward Snowden suggest the company is rightly concerned.
The slides on the operations on Google and Yahoo networks also reference Microsoft’s Hotmail and Windows Live Messenger. Another NSA email mentions Microsoft Passport, a web service no longer offered by Microsoft, as another potential target of the surveillance program called MUSCULAR.
Microsoft officials said they don’t have independent verification such surveillance of their internal data centers is occurring, though the company’s general counsel Brad Smith said Tuesday that such revelations would be “very disturbing” and a violation of constitutional rights.
Encryption efforts of such a scale would put Microsoft in the same league as Google, Yahoo, Facebook and other tech giants that have reinforced security defenses amid the cascade of secret NSA programs coming to light – some the companies have legally participated in with the NSA.
Experts tell The Post such investments in encryption will hamper surveillance – by governments, private companies and hackers alike – for years. These technology efforts may even supersede congressional policy efforts, currently underway, as the most tangible outcome of steady revelations of NSA surveillance since early June, when the Guardian and The Washington Post ran the first stories supplied with classified documents given to them by Snowden.
“That’s a pretty big change in the way these companies have operated,” said Matthew Green, a Johns Hopkins University cryptography expert. “And it’s a big engineering effort.”
The NSA said Tuesday in a statement about Microsoft that the agency’s “focus is on targeting the communications of valid foreign intelligence targets, not on collecting and exploiting a class of communications or services that would sweep up communications that are not of bona fide foreign intelligence interest to the U.S. government.”
One anonymous US official said Tuesday that collection can be done at various points and does not have to happen on a company’s private fiber-optic links. see more