Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

UK wants “back door” in Windows Vista Security
Karel Donk ^ | 15 February 2006 | Karel Donk

Posted on 02/15/2006 11:06:08 AM PST by ShadowAce

I came across this article on BBC, which mentions that UK officials are talking to Microsoft about the new security measures in Windows Vista, specifically encryption of the filesystem, and expressing their concern that it would make it harder for them to gain access to a suspects’ computer. What surprised me is that the article notes that Professor Ross Anderson is asking the UK government to look at putting in ways to get around encryption in Windows Vista. And it seems the UK government is already talking to Microsoft about this.

The question that immediately comes to mind is: Doesn’t including a back door in such a system defeat the entire purpose of the system? I’d never expect Professor Anderson, as an expert in cryptography, to even think of suggesting to include a back door into the system by design. The primary reason why I’d want to encrypt everything on my computer is to make sure that nobody can access the information on my computer without my knowledge. I could never comfortably make use of such a feature when I know that certain people would still be able to break into my computer when they wanted to. It’s like purposely building a back door into PGP so that certain people would still be able to read all email using PGP encryption when they felt like it. Who would want to rely on PGP’s security and privacy if that were the case?

And while I understand Professor Anderson’s concern as mentioned in the BBC article - mainly that criminals could use the encryption system in Windows Vista to prevent law enforcement from accessing any information on their PC - purposely designing a back door into the system is not a good solution. It defeats the entire purpose of the system, namely security and privacy. Besides, when these criminals know about the back door in the system, they won’t be using that system in the first place. It seems that the only “criminals” you’ll be able to use this against, are the normal users who don’t know about these things.

I believe that this is something Microsoft just won’t be able to allow, or if they do, they won’t be able to tell the public about it. Apart from normal users who are going to have doubts on protecting their private information using the encryption system in Windows Vista, governments around the world would never consider using an operating system with a back door built into it by design (WTF?). Especially when you know that the US government, perhaps through Microsoft, would be able to gain access to the “back door keys” to break into your systems. Not to mention the extra possibilities this could open up for hackers.

Finally, I’d like to include an interview I did with Professor Anderson a while ago in March 2003 about Palladium, now named Next Generation Secure Computing base, and DRM in Windows. Especially the last part goes well with what I described above. You may also want to check out Professor Anderson’s Palladium FAQ for more information.

The New Scientist article I mentioned before is about the USA possibly blocking the use of GPS systems in certain regions in case this would be required in the war against Iraq. This seems to be an instance of a growing issue in the world today, where many governments refuse to implement certain technologies in the fear that in the case of a war or other problem, if the technology is in control of  someone else, this is a serious vulnerability. This also explains why governments around the world seem to be in favour of Linux, an open source OS, instead of Windows, which they can’t control and change. With .NET and Palladium this would be an even greater problem because then the systems would rely on servers/software in the USA.
 
In your Palladium FAQ you’ve raised concerns about the USA being capable of blocking for example Iraq from using its computers if they were using TCPA computers. 
 
If Palladium was already in Windows today and TCPA computers were used in Iraq, could the US government remotely disable Iraq computers?

Professor Anderson:The original plan was that it could, by revoking the serial numbers of the operating systems and/or hardware (Fritz chips, CPUs, HDD controllers,…). The claim now is that neither TCPA nor Palladium can do this. However, Microsoft publicists are using the words `TCPA’ and `Palladium’ (or (NGSCB) in a narrow sense to mean only the monitoring/reporting hardware, and the Nexus component in Windows 2004, respectively. My spies in Microsoft also say that both hardware and software are still a moving target, and we’ll have to look closely at the spec once it stabilises to see what it can be made to do.

However, even if MS is telling the truth and no new funtionality gets added, there is still going to be revocation functionality in the apps. So if Saddam had turned on the TC Office functionality now being advertised for Windows Server 2003, then this could be used to blacklist any machine or group of machines, and on a TCPA machine this would use the added strength of mechanism that the Fritz chip gives. It would be much more difficult to recover data that had been sealed using WS2003 keys and that was now formally unavailable because of the blacklisting.”

Today Microsoft already distributes certain software, such as Media Player and Service Pack 1 for Windows XP, where you have to agree to give Microsoft all rights to make changes to your computer and update it without your knowing it.

Professor Anderson:This is part of the Palladium strategy, as is WS2003 and, I believe, even the relatively crude copy controls on the Xbox. Everything is moving in the direction of full TC lockdown. There are many components that need to be in place for it all to work, and the MS people are working hard to get them all there.”

What are the possibilities, that the US government could use this to distribute code to for example government computers in Iraq using Windows XP, that disables their systems?

Professor Anderson:Current doctrine is that the US and UK governments are given quite assistance at exploiting security vulnerabilities that arise by accident during the time period between their discovery and their becoming well enough known that a patch gets shipped. It is supposedly against policy to create vulnerabilities specifically for the government. That at least was the deal done in 1999 or thereabouts as the key escrow initiative was called off. Microsoft, Intel, Northern Telecom have people who assist a special FBI unit at Quantico that develops and maintains exploit tools. This may all have changed since 9/11, of course.

Given an exploitable vulnerability in the other side’s PCs, telephone exchanges or whatever, you can of course get your code in and run it as you please.”



TOPICS:
KEYWORDS: microshaft; microsoft; privacy; security; uk; vista

1 posted on 02/15/2006 11:06:09 AM PST by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

2 posted on 02/15/2006 11:06:27 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

The way microsoft screws its customers I'm sure they know right where the back door is.


3 posted on 02/15/2006 11:07:50 AM PST by x5452
[ Post Reply | Private Reply | To 1 | View Replies]

To: x5452

LOL!


4 posted on 02/15/2006 11:10:25 AM PST by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 3 | View Replies]

To: ShadowAce

Neat article. Interesting example of liberty vs security.


5 posted on 02/15/2006 11:15:34 AM PST by tfecw (It's for the children)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

"Doesn’t including a back door in such a system defeat the entire purpose of the system?"

In a word, Yes.


6 posted on 02/15/2006 11:17:49 AM PST by roaddog727 (P=3/8 A. or, P=plenty...............)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

I will never trust a closed-source OS's encryption. Peer-reviewed OSS all the way, baby, especially if it was written or endorsed by Philip Zimmermann or Bruce Schneier.


7 posted on 02/15/2006 11:34:48 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
If microsoft shipps with this crypto functionality, I'd be extremely suprised if there wasn't a back door.

See the case of  Crypto AG.

  It may be the greatest intelligence scam of the century: For decades, the US has routinely intercepted and deciphered top secret encrypted messages of 120 countries. These nations had bought the world's most sophisticated and supposedly secure commercial encryption technology from Crypto AG, a Swiss company that staked its reputation and the security concerns of its clients on its neutrality. The purchasing nations, confident that their communications were protected, sent messages from their capitals to embassies, military missions, trade offices, and espionage dens around the world, via telex, radio, teletype, and facsimile.

...

 All the while, because of a secret agreement between the National Security Agency (NSA) and Crypto AG, they might as well have been hand delivering the message to Washington. Their Crypto AG machines had been rigged so that when customers used them, the random encryption key could be automatically and clandestinely transmitted with the enciphered message. NSA analysts could read the message traffic as easily as they could the morning newspaper.


8 posted on 02/15/2006 11:35:00 AM PST by zeugma (Muslims are varelse...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Yes of course they want one. And so do the Chinese military and their hacker friends.

Why not let Microshaft hold seminars in back door access for all at the UN.
9 posted on 02/15/2006 11:36:11 AM PST by USF (I see your Jihad and raise you a Crusade ™ © ®)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JosephW

Ping


10 posted on 02/15/2006 11:52:01 AM PST by GarySpFc (de oppresso liber)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

More bunk from Europe about how unfair Windows is. Why don't you stick to the somewhat worthwhile articles that tell us exactly how many Billions they're extorting this time?


11 posted on 02/15/2006 3:42:40 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 1 | View Replies]

To: tfecw
Neat article. Interesting example of liberty vs security.

No. Liberty and security are not at odds on this issue at all. It would be in the interests of both liberty and security to have encryption that works.

12 posted on 02/15/2006 4:09:07 PM PST by Still Thinking (Disregard the law of unintended consequences at your own risk.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: x5452

After the amount of money that Gates gives to the Republican party and you're complaining about spending a few extra bucks for quality software.


13 posted on 02/15/2006 5:14:48 PM PST by mm201
[ Post Reply | Private Reply | To 3 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson