I came across this article on BBC, which mentions that UK officials are talking to Microsoft about the new security measures in Windows Vista, specifically encryption of the filesystem, and expressing their concern that it would make it harder for them to gain access to a suspects’ computer. What surprised me is that the article notes that Professor Ross Anderson is asking the UK government to look at putting in ways to get around encryption in Windows Vista. And it seems the UK government is already talking to Microsoft about this.
The question that immediately comes to mind is: Doesn’t including a back door in such a system defeat the entire purpose of the system? I’d never expect Professor Anderson, as an expert in cryptography, to even think of suggesting to include a back door into the system by design. The primary reason why I’d want to encrypt everything on my computer is to make sure that nobody can access the information on my computer without my knowledge. I could never comfortably make use of such a feature when I know that certain people would still be able to break into my computer when they wanted to. It’s like purposely building a back door into PGP so that certain people would still be able to read all email using PGP encryption when they felt like it. Who would want to rely on PGP’s security and privacy if that were the case?
And while I understand Professor Anderson’s concern as mentioned in the BBC article – mainly that criminals could use the encryption system in Windows Vista to prevent law enforcement from accessing any information on their PC – purposely designing a back door into the system is not a good solution. It defeats the entire purpose of the system, namely security and privacy. Besides, when these criminals know about the back door in the system, they won’t be using that system in the first place. It seems that the only “criminals” you’ll be able to use this against, are the normal users who don’t know about these things.
I believe that this is something Microsoft just won’t be able to allow, or if they do, they won’t be able to tell the public about it. Apart from normal users who are going to have doubts on protecting their private information using the encryption system in Windows Vista, governments around the world would never consider using an operating system with a back door built into it by design (WTF?). Especially when you know that the US government, perhaps through Microsoft, would be able to gain access to the “back door keys” to break into your systems. Not to mention the extra possibilities this could open up for hackers.
Finally, I’d like to include an interview I did with Professor Anderson a while ago in March 2003 about Palladium, now named Next Generation Secure Computing base, and DRM in Windows. Especially the last part goes well with what I described above. You may also want to check out Professor Anderson’s Palladium FAQ for more information.
The New Scientist article I mentioned before is about the USA possibly blocking the use of GPS systems in certain regions in case this would be required in the war against Iraq. This seems to be an instance of a growing issue in the world today, where many governments refuse to implement certain technologies in the fear that in the case of a war or other problem, if the technology is in control of someone else, this is a serious vulnerability. This also explains why governments around the world seem to be in favour of Linux, an open source OS, instead of Windows, which they can’t control and change. With .NET and Palladium this would be an even greater problem because then the systems would rely on servers/software in the USA.
In your Palladium FAQ you’ve raised concerns about the USA being capable of blocking for example Iraq from using its computers if they were using TCPA computers.
If Palladium was already in Windows today and TCPA computers were used in Iraq, could the US government remotely disable Iraq computers?
Professor Anderson: “The original plan was that it could, by revoking the serial numbers of the operating systems and/or hardware (Fritz chips, CPUs, HDD controllers,…). The claim now is that neither TCPA nor Palladium can do this. However, Microsoft publicists are using the words `TCPA’ and `Palladium’ (or (NGSCB) in a narrow sense to mean only the monitoring/reporting hardware, and the Nexus component in Windows 2004, respectively. My spies in Microsoft also say that both hardware and software are still a moving target, and we’ll have to look closely at the spec once it stabilises to see what it can be made to do.
However, even if MS is telling the truth and no new funtionality gets added, there is still going to be revocation functionality in the apps. So if Saddam had turned on the TC Office functionality now being advertised for Windows Server 2003, then this could be used to blacklist any machine or group of machines, and on a TCPA machine this would use the added strength of mechanism that the Fritz chip gives. It would be much more difficult to recover data that had been sealed using WS2003 keys and that was now formally unavailable because of the blacklisting.”
Today Microsoft already distributes certain software, such as Media Player and Service Pack 1 for Windows XP, where you have to agree to give Microsoft all rights to make changes to your computer and update it without your knowing it.
Professor Anderson: “This is part of the Palladium strategy, as is WS2003 and, I believe, even the relatively crude copy controls on the Xbox. Everything is moving in the direction of full TC lockdown. There are many components that need to be in place for it all to work, and the MS people are working hard to get them all there.”
What are the possibilities, that the US government could use this to distribute code to for example government computers in Iraq using Windows XP, that disables their systems?
Professor Anderson: “Current doctrine is that the US and UK governments are given quite assistance at exploiting security vulnerabilities that arise by accident during the time period between their discovery and their becoming well enough known that a patch gets shipped. It is supposedly against policy to create vulnerabilities specifically for the government. That at least was the deal done in 1999 or thereabouts as the key escrow initiative was called off. Microsoft, Intel, Northern Telecom have people who assist a special FBI unit at Quantico that develops and maintains exploit tools. This may all have changed since 9/11, of course.
Given an exploitable vulnerability in the other side’s PCs, telephone exchanges or whatever, you can of course get your code in and run it as you please.”