'We still don't encrypt server-to-server data' admits Microsoft to EU Committee
In the context of a European Parliament committee hearing on NSA and GCHQ (the British counterpart) access to communications, this is rather perturbing. Dorothee Belz, EMEA VP for Legal and Corporate Affairs for Microsoft, joined peers from Google and Facebook to testify on the privacy issues when she conceded a lack of server encryption.
Wired.co.uk’s Chris Baraniuk pinged Microsoft’s official spokesman and came up empty except for a boilerplate (and ineffective) reassurance that "[Microsoft is] evaluating additional changes that may be beneficial to further protect our customers' data."
Well, we would hope so! It’s not like this newfangled encryption technology just arrived on the scene.
I know this blog is inherently pro-crypto, but this should be drawing mainstream outrage. You don’t need PETA to tell you that animal abuse is wrong, and you don’t really need SafeLogic to tell you that Microsoft has dropped the ball.
These tech giants, like Microsoft, Google, Facebook and others, have a fiduciary responsibility to safeguard the data of the users. There is an expectation of privacy, safety, and trust. If Microsoft cannot rise to the occasion and put reasonable measures in place, users should talk with their wallets and eschew products such as Outlook, Skydrive, and Office 365. Why place personal information within Cloud products proctored by a company demonstrating disinterest in proper stewardship?
Implementing world class cryptography is within the reach of every vendor, product, solution, and app – SafeLogic has proven that. There’s just no excuse for one of the biggest innovators of our lifetime to be lagging behind.
So Microsoft – if you need help, drop us a note!