Mark Russinovich Leads Encryption Effort On Windows Azure After Snowden-NSA Fallout

After the NSA scandal broke this summer, revealing that the U.S. spy agency was eavesdropping wholesale on the most popular services on the web, Microsoft turned to five or six of its top engineers for help.  One of them was Mark Russinovich.  It was only natural that Russinovich ended up on the small team of engineers who would decide how Microsoft should respond to the documents leaked by former NSA contractor Edward Snowden.

“It gave Microsoft a wake-up call, especially the revelation of tapping inter-data-center connections,” Russinovich says, referring to an October Washington Post story that exposed an NSA sketch, or “slide,” showing that the agency is grabbing data from lines that run between the massive computer centers operated by the likes of Google and Yahoo. “The tapping of public wires going into a data center? That slide was shocking to me, because it’s just so flagrant.”

And, yes, he took particular issue with the little smiley face that some NSA staffer had apparently drawn on the slide.

Driven by Russinovich and others, Microsoft soon vowed to encrypt all information that moves between the data centers driving its most popular web services, to encode this information so that interlopers cannot read it.  This is part of a massive shift among the giants of the web, with Google, Yahoo, and others making similar vows in the wake of the NSA revelations.  Nevertheless, Russinovich warns that encryption only gets you so far.  There are many other ways for state-sponsored programs to snoop on private web data, and Microsoft must assume that all of them are possible.

Companies such as Microsoft, Google, and Yahoo operate dozens of data centers across the globe, and in many cases, they’ve fashioned these information warehouses so that they can freely copy and move data among disparate locations, using high-speed fiber optic lines. In some cases, they lease these lines from telecom outfits.

In others, they own them.  But according to Russinovich, both types are vulnerable to eavesdropping.  “Even if it’s our own,” he says, “somebody can tap the fiber.”

Russinovich says that he and his fellow Microsoft engineers considered setting up enormous network routers at the edge of each data center that would collect all information and encrypt it before sending it to another facility.  However, they eventually decided this setup was too costly and, ultimately, too vulnerable.

“It’s hugely expensive, because these devices have to encrypt everything,” he says.  “But it also creates a single point of weakness for your keys. You’ll essentially have a single key encrypting data.”

Instead, Microsoft will encrypt data every time it passes between the many small services that make up a sweeping online operation such as Windows Azure.  In other words, it will encrypt information before it leaves individual servers inside the data center — whether that information is traveling to another data center or not.

“You need a more distributed way of handling the problem: Every individual service — whenever it talks to another service — should encrypt that channel,” Russinovich explains.  “Then the price for the encryption is paid for with the resources of the individual data centers.”

Therefore, the thousands of servers inside the data center provide the processing power needed to encrypt — “you got all these servers sitting around and they’re not fully utilized anyway.  Why not use their CPUs to do the encryption, rather than these monster routers?”  — And encryption is spread across many different keys.

This is how Azure was operating before the NSA revelations — though it was using a weaker form of encryption.  As detailed in a blog post from Microsoft general counsel Brad Smith, the company will now use encryption keys that span 2,048 bits and use “best-in-class industry cryptography.”

Like many other web giants, Microsoft will also encrypt data using what’s called “Perfect Forward Secrecy,” where keys are discarded after they’re used.  This means that if attackers gain access to a key, they cannot use it to unlock data they have collected in the past.

All this, Smith says in the post, will be in place on Microsoft’s most popular online services by the end of 2014, including, Office 365, SkyDrive, and Windows Azure.

Even Russinovich will tell you that encryption only gets you so far. There are ways the NSA can get at Microsoft’s data without tapping lines between data centers. The possibility remains that the agency could work hand-in-hand with someone inside Microsoft who has access to its services — someone who’s charged with operating machines inside a data center, for instance. This might be someone the agency plants inside the data center or someone the NSA coerces in some way.

“An inside threat? That’s the scariest one,” Russinovich says. “They could spear-phish him or blackmail him or maybe he’s just sympathetic to their cause.”

Amid the Snowden revelations, many pundits have also wondered whether the Microsoft brain trust — the people who run the company — have actively worked with the NSA to provide access to data. More than a decade ago, privacy geeks questioned Microsoft’s relationship with the agency when a researcher discovered a variable called “_NSAKEY” buried in the Windows operating system. More recently, Snowden’s leaked documents reportedly show that Microsoft cooperated with the FBI to make sure the government — including the NSA — could access e-mail.

But Russinovich says the NSAKEY controversy was a red-herring, and he believes that Microsoft would only be hurting itself if it cozied up to the NSA.

“I can’t say for sure that that hasn’t happened, but I will say that I’m really skeptical that it could. The risk to the business is monumental,” he says. “Without trust, there is no cloud. You’re asking customers to give you their data to manage, and if they don’t trust you, there’s no way they’re going to give it to you. You can screw up trust really easily. You can screw it up just by showing incompetence. But if you show intentional undermining of trust, your business is done.”

Microsoft’s tools are not just used by consumers.  Cloud services such as Azure are ways for big businesses to store their data and run many of their own online applications, and there is a real danger that these businesses will retreat into their own data centers if they think Microsoft is exposing their private information.

Read the full post over at WIRED

About the author  ⁄ Suril Amin

Suril is a scientist, journalist and obsessive Microsoft observer. He holds an advanced degree in Biotechnology with minors in Biochemistry, Microbiology, and Molecular Biology. Send him tips on twitter: