Microsoft’s reputation, like that of several other leading technology companies, suffered after the NSA disclosures. According to Edward Snowden’s leaks, Microsoft may have been linked to the surveillance programs—whether knowingly or unknowingly—damaging public trust in the Redmond-based firm.
Now Microsoft’s general counsel, Brad Smith, has publicly addressed customers’ concerns about government surveillance and outlined steps the company is taking to protect user data and push back against intrusive government programs.
In a post on Microsoft’s Official Blog on TechNet, Smith described the extensive government monitoring as an “advanced persistent threat.” The message is both candid and forceful—a significant stance for a major company to take against its own government. It underscores either the depth of Microsoft’s concern or the pressure they feel from customers demanding stronger privacy protections.
The Washington Post revealed details of a program known as MUSCULAR, which the NSA allegedly used to intercept data from networks managed by Google, Yahoo, and Microsoft. The operation reportedly exploited weaknesses in encryption between servers and data centers, prompting the affected companies to strengthen their security measures.
Smith announced that Microsoft will encrypt customer data with robust 2048-bit keys as it travels between data centers across its core platform, productivity, and communications services. He cited products such as Office, Outlook, and SkyDrive as examples of services that will be protected by this upgraded encryption. Notably absent from the list was Skype, a service that had been cited elsewhere in connection with government surveillance programs.
Government agencies have argued that surveillance programs are used to support public safety objectives, including counterterrorism efforts. While those aims are often presented as justification, the revelations have forced technology companies to reevaluate their security and encryption practices—an important outcome, but not one that removes the need to confront the larger privacy issues at stake.
There is an undeniable tension between the legitimate need for surveillance to address criminal or terrorist threats and the public’s right to privacy. The core disagreement centers on how surveillance is conducted, how transparent authorities are about it, and how privacy is preserved—areas where critics say the NSA fell short.
Mark Zuckerberg, Facebook’s founder, voiced a similar criticism in an interview with ABC News, saying that surveillance policies require a careful balance. “These things are always a balance in terms of doing the right things and also being clear and telling people about what you’re doing,” he said. “I think the government really blew it on this one. I honestly think that they’re continuing to blow it in some ways, and I hope that they become more transparent in that part of it.”
Leaked materials have shown timelines indicating when each company reportedly became involved with the PRISM program. Many observers noted Microsoft’s early appearance on those slides—often interpreted as the company “entering” the program in 2007. A more likely interpretation is that Microsoft was an early focus for surveillance because services such as MSN Messenger and Hotmail were widely used at the time.
Beyond technical measures, Microsoft says it will increase its legal efforts to protect customer data. The company has pledged to notify customers when governments seek access to their information, unless legally prohibited by a gag order. In those cases, Microsoft says it will challenge nondisclosure orders in court. Smith emphasized that the company has successfully defended its right to notify customers in prior cases and intends to continue doing so to preserve transparency.
As a third component of its strategy to restore trust, Microsoft plans to open “Transparency Centers” where customers and independent reviewers can examine source code to confirm that products do not contain secret backdoors. The initiative is intended to reassure customers about the integrity of Microsoft’s software and services.
These steps—stronger encryption between data centers, increased legal challenges to gag orders, and greater transparency through code review—represent a concerted effort by Microsoft to rebuild customer trust and respond to the public outcry over government surveillance. Whether these measures will be sufficient to restore confidence remains to be seen, but they mark a clear shift toward prioritizing user privacy and openness.
What do you think of these increased privacy efforts from Microsoft?