Apparently Microsoft, one of the most popular computer companies, does not have any data encryption when it comes to “server-to-server communications”. This means when your data is passing from one Microsoft server to another Microsoft server, it isn’t being encrypted. The news comes from Dorothee Belz, who is the Microsoft Corporation European Vice President Legal and Corporate Affairs. She is also on the Microsoft Western Europe’s executive board and has been since 2008.
“Generally, what I can say today is server-to-server transportation is generally not encrypted,” she said. “This is why we are currently reviewing our security system.”
Recently, revelations, thanks to Edward Snowden and his leaks about the National Security Agency, have shown how the NSA have been able to exploit server-to-server communications between companies such as Yahoo and Google. So it is a little alarming to find out that Microsoft’s network is also insecure.
Sam Smith, who works at Privacy International as a technologist, has pointed out that areas such as Xbox Live or Hotmail are vulnerable if not encrypted, as well as a wide variety of other services Microsoft uses. “Unless Microsoft takes immediate action to rectify this situation,” he said, “any business or individual using their services to store or transmit sensitive data will have been fundamentally let down by a brand that suggested it was worthy of trust.”
More criticism has been launched at Microsoft from Jim Killock, who is Open Rights Group’s Executive Director. “It’s clear that agencies are willing to go to any length to get data without permission and to use it how they like,” he said.
Killock also added, “they’re not respecting legal access mechanisms; their interest is in wholesale access to whatever they can get their hands on. So Microsoft is already running a very, very significant risk of having their data accessed and made available outside of established legal mechanisms.”
Hopefully Microsoft, who claims to be addressing the problem, is actually serious about it and strive to make actual changes that insure the security and privacy of their users.
[via Artechnica]