Re: AC 12:55
"Well firstly it's not unencrypted - all traffic and data are encrypted. Secondly you can supply a second level of protection to sensitive information via Active Directory DRM that Microsoft (or the US government) would not have access to."
Point 1: Traffic encryption means not much (even less considering the multiple points of failure in the SSL certificate generation process if someone really is out to get you), and is incidental if you encrypt before transfer.
Point 2: This "Active Directory DRM" that you speak of, has its source code been verified by 3rd parties as having no recognisable back doors? Given Office 365 is supposed to be web based, will it work using MacOS and Linux?
If the answer is no to any of those, you have failed me.
"I trust Microsoft a lot more than I do Google who are the other major alternative, and who's core business is selling your data to dvertisers. If that's not good enough then there are plenty of EU based companies like Colt that will sell you a similar platform on EU only datacentres..."
Point 3: I did not say I trusted any of the other major players else instead (Google & Dropbox have the same or worse failings). That was my point about "verifiable client-side encryption" so I don't need to trust them.
"No you don't necessary know if it is happening. There is a requirement of confidentiality on those requested to provide access to your data."
Point 4: Err, so just how do they access my encrypted data if I was using verifiable client-side encryption with a non-trivial password?
Almost impossible without demanding the key, and if they do then _I_ know they have asked.
You read, but did not understand.