FSFE: storing your data at Microsoft is negligent
In an article published yesterday, The Guardian describes how Microsoft is actively cooperating with the USA’s NSA. According to the article, Microsoft is providing the NSA with broad access to the communications of anyone using the company’s services, as follows:
- Microsoft gives the NSA access to encrypted mails on Hotmail, Live.com and Outlook.com, as well as web chat messages;
- Microsoft provides the NSA with easy access to its SkyDrive storage service, which currently has 250 million users worldwide;
- Microsoft makes it possible for the NSA to monitor audio and video calls on the Skype service which it acquired in 2011.
“This makes it clear that trusting Microsoft with your critical company data is downright negligent,” says Karsten Gerloff, President of the Free Software Foundation Europe (FSFE). “In both the public and the private sector, those responsible for security and data protection urgently need to take action to protect their organisations, customers and clients.”
While it is difficult or impossible to entirely escape surveillance, there are ways to minimise the risk that sensitive data, such as confidential product data or patient records, is intercepted by a third party. Free Software solutions for groupware, office products and operating systems are fully auditable and often data security a priority. End-to-end encryption with free software such as
GnuPG and off-the-record messaging (OTR) protects data in transit. Products providing secure audio, video and chat communications, such as Jitsi, go a long way towards replacing Skype.
“We advise companies and all other organisations that wish to protect their data to use free software solutions, to store data in-house wherever possible and to cooperate only with providers whom they trust to protect their customers’ data,” says Gerloff. “Such providers will often use strong encryption, and minimise the amount of data they store. Using smaller providers instead of global IT companies makes it somewhat less likely that customers’ data will be caught in the NSA’s dragnet.”