Kudos to Microsoft for its takedown of NSA snooping

In outlining new encryption plans, Microsoft's general counsel implies the NSA's surveillance activities bear similarities to the most pernicious malware threats

The U.S. government spends around $70 billion per year on IT, making it the largest IT customer in the world. I don't know how much of that expenditure Microsoft takes in, but it's surely a fair-sized chunk. In that context, the words of Brad Smith, Microsoft general counsel and executive vice president, are unusually bold.

In a Dec. 4 blog post, Smith called government snooping an "advanced persistent threat" and announced that encryption would be extended across all Microsoft services by the end of 2014. As you probably know, advanced persistent threats are the preferred method by which the Chinese military has reportedly stolen intellectual property from U.S. companies. That's tough language. It leaves no doubt where Microsoft stands.

[ Behind the government's cyber spying: The cyber-war has begun. | Find out how to block the viruses, worms, and other malware that threaten your business with hands-on advice from InfoWorld's expert contributors in InfoWorld's "Malware Deep Dive" PDF guide. ]

This isn't Smith's first salvo. Back in July, he sent a letter to Attorney General Eric Holder noting that "the Constitution itself is suffering" and that Holder should get personally involved to "share publicly more complete information about how we handle national security requests for customer information." Of course, that letter was sent just days after Edward Snowden released documents outlining Microsoft's participation in the NSA's PRISM project, which in that particular case enabled the government to eavesdrop on Skype calls and break Outlook encryption.

A cynic might say that Smith's latest statement, like the one in July, has more to do with impressing Microsoft customers than with, say, protecting the Fourth Amendment. After all, Microsoft is on its way to becoming primarily a cloud company. Every cloud provider I've interviewed since the Snowden story broke has cited the NSA scandal as an inhibitor to cloud growth, particularly in Europe. Of course Google and Yahoo have already promised encryption by default.

But Smith was in no way obligated to characterize government spying in such refreshingly blunt terms. Plus, according to Smith's blog post, Microsoft plans to encrypt data not only in transit but also "customer content" at rest on Microsoft servers. Smith goes on to promise additional legal protection for Microsoft customers: "We are committed to notifying business and government customers if we receive legal orders related to their data. Where a gag order attempts to prohibit us from doing this, we will challenge it in court."

Those are fighting words. In addition, Microsoft -- along with AOL, Apple, Facebook, Google, and Yahoo -- signed an open letter to the Senate Judiciary Committee on Oct. 31 in support of the USA Freedom Act, a bipartisan bill to limit surveillance and bring "new levels of transparency to the Foreign Intelligence Surveillance Act Court (FISA court)," according to the EFF (Electronic Frontier Foundation). In the EFF's words, the USA Freedom Act is "a floor, not a ceiling" in reining in the NSA, but the organization is still "proud to support this bill" as a first step.

The war to curb unjustified snooping will be a protracted one. Score one for Microsoft in firing back.

This article, "Kudos to Microsoft for its takedown of NSA snooping," originally appeared at InfoWorld.com. Read more of Eric Knorr's Modernizing IT blog. And for the latest business technology news, follow InfoWorld on Twitter.

Copyright © 2013 IDG Communications, Inc.