In response allegations of government cyber-snooping that have peppered 2013, Microsoft has said it will take measures to strengthen its security measures across services those running on Xbox One.
"Like many others, we are especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data," said Brad Smith, general counsel and executive VP, legal and corporate affairs for Microsoft.
"In particular, recent press stories have reported allegations of governmental interception and collection – without search warrants or legal subpoenas – of customer data as it travels between customers and servers or between company data centers in our industry."
Microsoft says it is focusing on three areas to deal with the matter. It will expand encryption, reinforce legal protection of its customers' data and enhance the transparency of its software to enable customers to reassure themselves there are no back doors.
On the encryption front, Microsoft says its efforts will include Windows Azure, which is the cloud technology used in Xbox One, as well as Outlook.com, Office 365 and SkyDrive. Specifically, it will focus on:
· Customer content moving between our customers and Microsoft will be encrypted by default.
· All of our key platform, productivity and communications services will encrypt customer content as it moves between our data centers.
· We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.
· All of this will be in place by the end of 2014, and much of it is effective immediately.
· We also will encrypt customer content that we store. In some cases, such as third-party services developed to run on Windows Azure, we’ll leave the choice to developers, but will offer the tools to allow them to easily protect data.
· We’re working with other companies across the industry to ensure that data traveling between services – from one email provider to another, for instance – is protected.
You can read the full post here