Science

Microsoft Will Warn Users of 'State-Sponsored' Hacks 

The Gates administration pledges transparency on state-sponsored incursions. 

by Sam Blum
N I C O L A/ Flickr Creative Commons

The tech industry’s role in government surveillance programs hasn’t endeared it to consumers of its product. This is presumably part of the reason Google, Facebook, and Twitter all called for greater transparency about state-backed data collection in the wake of Edward Snowden’s revelations. While tech giants have often warned users that hacks are likely or imminent, information on where the attacks come from — like rogue hacking collectives or teams of government spies — has historically been concealed.

Microsoft has announced its intention to break with that tradition and inform users of its Outlook email software if hacks are being engineered by “state-sponsored” entities. The initiative, which company personnel outlined to Reuters, comes after the company was subjected to criticism for failing to notify victims of a Chinese government hack in 2011 that targeted leaders of Chinese ethnic minority groups.

Rodrigo Ghedin /Flickr Creative Commons

A statement published by the company on Wednesday is directed at Outlook users. It delivers a rather blunt promise that the new program is aimed at enemies foreign and domestic.

“We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state.
“We already notify users if we believe their accounts have been targeted or compromised by a third party, and we provide guidance on measures users can take to keep their accounts secure. We’re taking this additional step of specifically letting you know if we have evidence that the attacker may be “state-sponsored” because it is likely that the attack could be more sophisticated or more sustained than attacks from cybercriminals and others.”

Because prominent tech companies are giant repositories of civilian user-data, privacy advocates have long campaigned for players like Facebook and Google to publicly denounce and habitually ignore collection efforts by governments and law-enforcement agencies. The arguments made by these activists hasn’t fallen on deaf ears, but it also hasn’t carried the day. Given ISIS’s recruiting techniques and the atomization of terror movements, pressure from government agencies is likely to ramp up.

Microsoft’s plan comes with some suggestions for Outlook users concerned about the security of their information. The company apparently is increasingly interested in partnering with its clients rather than the people elected (or appointed) to look over them.