This content is part of the Conference Coverage: RSA Conference 2016 special coverage: News and analysis
News Stay informed about the latest enterprise technology news and product updates.

Microsoft sounds the bell for strong encryption, privacy

Microsoft's top lawyer criticized the U.S. government's efforts to undermine strong encryption, and called on the industry to support and defend the technology.

SAN FRANCISCO -- Microsoft's top lawyer didn't mince words on Monday at RSA Conference 2016 about his company's commitment to protecting strong encryption and customer privacy.

During his keynote, Brad Smith, president and chief legal officer at Microsoft, reiterated his company's support for Apple in its ongoing battle with the FBI, and had harsh words for the U.S. government's actions to circumvent and violate customer privacy.

"It's why we at Microsoft are joining other companies across our industry to stand up for and stand with Apple in this new important case," Smith said to audience applause.

Smith said Microsoft has always been willing to cooperate with law enforcement and government agencies on lawful orders; as an example, he said Microsoft received 14 lawful orders seeking content about terrorist suspects who were at large in the aftermath of the Paris terrorist attacks last year. "In all 14 of those cases, we were able to respond, determine that the orders were lawful and pull the content," Smith said. "And we did that in an average response time [of] under 30 minutes."

But Smith criticized the U.S. government for attempting to circumvent the rule of law, specifically citing Microsoft's ongoing legal battle with the U.S. Department of Justice regarding emails contained in a Microsoft data center in Ireland. Microsoft challenged a DOJ warrant to turn over the emails, arguing that the information resides in Ireland, and U.S. law enforcement should go through proper legal channels in that country to obtain the emails.

"We believe emphatically that when the government wants to investigate a legitimate business, and it wants information that belongs to that business, then it should go to that business and serve a warrant or subpoena on the business, and not go to the cloud services provider instead," Smith said. "This is the way the law and law enforcement has worked in our country for over two centuries. Cloud computing should not change that balance."

Call for strong encryption

Despite the best of intentions, one thing is clear: The path to hell starts at the backdoor.
Brad Smithpresident and chief legal officer, Microsoft

Smith was also emphatic in his opposition to the FBI's "going dark" campaign, as well as government efforts to weaken encryption. "Despite the best of intentions, one thing is clear: The path to hell starts at the backdoor. And we need to make sure that encryption technology remains strong," Smith said, which received widespread applause from the audience.

Smith called on the audience to support and protect strong encryption technology, arguing that efforts to weaken or undermine the technology will have a devastating effect on the public's trust in the infosec industry.

"We need every day, I believe, to keep in mind that when it comes to security, there is no technology that is more important than encryption. That's why we need to stand up, be thoughtful and also be vocal," Smith said. "More so than ever before, one thing is clear above all else: People will not use technology they do not trust, and hence, trust is the absolute foundation of our entire industry."

To that end, Smith said he supported the recently announced encryption commission proposed by Sen. Mark Warner (D-Va.) and Rep. Michael McCaul to have an open discussion about cybersecurity and law enforcement challenges. But Smith also said U.S. laws are woefully behind the times and must be updated to address 21st Century technology.

"We need a world where technology is governed by the rule of law, and not simply the laws of physics. We need good laws," Smith said. "We need to engage in public debate, because the world will trust technology only if the law can catch up."

Next Steps

Find out what cloud providers had to say about the iPhone backdoor debate at RSA 2016

Discover why it's time to take a stand on the encryption debate

Learn more about the public vs. private safety concerns with encryption


Dig Deeper on Disk and file encryption tools

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you agree with Microsoft's stance on strong encryption? Why or why not?
When I use Microsofts e-mail, I find that there is no built in encryption available.  There is not even a single simple password protection available.  And, several times, when I wished to send sensitive personal data in an encrypted file, even when using the easiest to crack Winzip thingi, then warns me that I should beware when sending it, and when receiving it.

Are there reasons when a non-criminal will want to use encryption?  Yes, for example, an accountant sending tax data, a doctor sending medical data, a businessman sending a secret business plan, a secretary of state sending sensitive data to her underlings, a US embassy official sending sensitive political data from e.g. Afghanistan to D.C., a military officer sending a secret "we attack at dawn" message, and who knows how many more.  

Microsoft had easily 20 years to make a "reasonably safe encryption system" available, but so far it chose not to.  

So as soon as Microsoft makes such a system available, then I believe that they are in favor of strong encryption.

"Reasonably safe" takes into account that almost all encryption can be cracked, it just depends on the amount of time and money
and computing power one throws at it.  For example, Apple's I-Phone is likely crackable, if one were to trick its Operating System into believing that 1 or 2 hours passed between each unsuccessfully tried password.  Not easy, not simple, but the NSA
can figure it out.  
Given their endless bugs, updates and fixes, I wouldn't trust MS with much of anything that really matters. That said, there are some worrying points in the article. 

Yes, encryption is very important. We all have secrets and we all want them safeguarded as best as possible. That's easy to understand in times of tranquility and international gemutlichkeit. 

This is not one of those times. This is a time of war, Real enemies with real weapons are gunning for us. Not some faceless somebody somewhere, but quite literally US. Are we really so shortsighted that we refuse to look at their plans because we don't want to anger the Encryption Gods...? How many murders are okay with us, how much destruction is is just fine? At what point does does our security become less important that staying alive...? 
I believe that the government should have access to data that they need, in the case of criminal investigations. That will always be my stance.
Am I the only one who finds it more than a bit disingenuous for <install this patch> Microsoft <install the new patch> to be the proponent <it's patch Monday, Tuesday, Wednesday> of better <download this patch> security...?

That aside, we really, really don't want to hide our data when it can save a life. Hell, a whole roomful of lives. What are you doing that's so secret anyway...?