No NSA backdoor into Australian Parliament: Microsoft

No NSA backdoor into Australian Parliament: Microsoft

Summary: The Department of Parliamentary Services says Microsoft has reassured the government that there is no backdoor in Microsoft products used by parliamentarians.

SHARE:

The Australian Department of Parliamentary Services (DPS) has said that Microsoft has informed the department that parliamentarians should not worry about their data being accessed by the US National Security Agency (NSA), stating that there is no backdoor installed on Microsoft software suites used in the Australian parliament.

In a Senate Estimates hearing in November, Parliament CIO Eija Seittenranta faced a grilling from Greens Senator Scott Ludlam over the department's assessment of IT security in the wake of the leaks from NSA whistleblower Edward Snowden showing that the NSA claimed to have direct access to the systems of Microsoft, Google, Yahoo, and a number of other tech giants.

Seittenranta confirmed that most of the servers run on Microsoft software, but it is up to the government security agency, the Australian Signals Directorate (ASD), to provide advice on vulnerabilities and backdoors that might be in the software.

At the time, she said the department had not sought advice from the ASD, nor had it advised Australia's elected representatives that their data on the parliament servers might be vulnerable to NSA spying.

The department has since sought clarification from the ASD and Microsoft on the vulnerabilities posed by the allegations on the NSA spying program, and in a follow-up response (PDF) to Ludlam's questioning posted on the parliament website last week, the department said that the "speculation" about the backdoors relates to cloud products rather than software products for internal environments.

"DPS has not been provided with any specific advice that Microsoft products or any other products have been backdoored by foreign intelligence services," the department said.

"Microsoft has advised DPS that there is no backdoor within the Microsoft suite of products, nor [has Microsoft] attempted to source information from the parliamentary network or provide information to any other entity."

During the hearing in November, DPS assistant secretary of IT infrastructure and services Steve McCauley confirmed that all outbound traffic from the DPS network is routed via the ASD for inspection first for sensitive data.

The ASD is also a member of Microsoft's Government Security Program, which the company said gives governments controlled access to Microsoft source code.

The DPS also said that its intrusion and analysis tools were used after the Snowden leaks to determine whether there had been data leakage and could find no trace of any PRISM-related capability on the parliamentary networks.

Additionally, the DPS said the major risk with the PRISM program relates to data hosted in the cloud, and parliamentarian data is not stored in the cloud.

"We are taking all reasonable steps to prevent systems such as the alleged PRISM system compromising our ICT environment," the department said.

"Our security tools have not identified any evidence of this style of illicit data collection from the parliamentary network."

The ASD told the department that it is not able to provide commentary on the matter.

The DPS told Ludlam that questions on the backdoors in Microsoft products would be best directed to Microsoft, the Australian Signals Directorate, or the Reform Government Surveillance group started by Microsoft, Apple, Google, Facebook, and others to call for the US government to change its spying program.

It comes as last week, Foreign Minister Julie Bishop labelled Snowden's actions as "unprecedented treachery", while Communications Minister Malcolm Turnbull said Snowden's leaks have had a "profound" impact on US tech companies such as Cisco operating in Asia.

US President Barack Obama gave a speech earlier this month, where he outlined plans to change the way the NSA collects data, including ceasing the NSA from storing call records and other such metadata, and instead requiring US telcos to hand the data to a third agency, which will require the NSA to get judicial approval before gaining access to the data.

Topics: Security, Government, Government AU, Privacy, Australia

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • The NSA has been

    purposely weakening the encryption standards and random number generators that the US uses to make it easier for them to spy on all of us. Even if Microsoft genuinely thinks that there isn't a secret back door, I would take all of these companies assumptions (Microsoft, Oracle, Apple, Google, etc.) with a grain of salt. The NSA's new job is to spy on everyone around the world, and they seem to have infiltrated just about every aspect of our lives.
    archan127
    • Then maybe...

      ...you shouldn't use encryption standards maintained or endorsed by the NSA. There are, after all, other standards.
      John L. Ries
  • This is pointless.

    How could the answer to the question: "Are you secretly spying on us?" *ever* be "Yes"?

    "The ASD is also a member of Microsoft's Government Security Program, which the company said gives governments controlled access to Microsoft source code."

    This is pointless as well. How does the ASD know that the binaries it is running was compiled from the exact same source code that it has inspected? The only way to be *sure* is to compile the inspected source code itself using a trusted tool chain. Has the ASD done that?
    Zogg
  • Love the "controlled access to Microsoft source code"

    It immediately brings to mind...

    "... don't look over there - just this part. See, no back door".
    jessepollard
  • No Backdoor

    I would not believe the assurances; which may per MS policy and the best knowledge of upper management. It would be easy for the NSA to approach and payoff a mid level employee to insert the backdoor into the code. The problem for any large company is not the official policy nor the honest attempts to enforce it but the number of employees who must have access to key parts of the code. It is too difficult for upper management to monitor everyone at every level; they have to trust to some extent the lower levels to be honest.
    Linux_Lurker
  • "no backdoor installed on Microsoft software suites used in the Australian

    parliament"

    Why not just state that there is no backdoor installed on *any* Microsoft software? And by "installed on", also be clear that it includes "built-in" as subtle code changes could do the trick. For example:

    "An attempt to backdoor the [Linux] kernel
    November 6, 2003
    http://lwn.net/Articles/57135/

    And, btw, the attempt failed.
    Rabid Howler Monkey
  • MS

    Does anybody actually believe that MS didn't allow this?
    electric800
  • They are spying on everyone dude

    The NSA, dOD, ASIO, GCQ and partners are spying on nearly everyone, capturing most of the internet and mobile phone traffic around the world.

    Specific targets get even deeper treatment like backdoors on computers and wire taps on mobile and fixed phones, bugs in cars and residences and more.

    It's out of control and it's not just Gov't agencies it's also corporations vying for competitive advantage or to silence their critics. A few days ago I found inbound/outbound traffic to a series of dOD and whitehouse telelcom IP's on my PC.

    May I suggest your readers run a low level network capture/analyser like PRTG, they might be very surprised who you find is listening in!!
    valleywebdesign
  • Julie Bishop is Unprecidentedly Stupid

    How is it that Julie Bishop is able to abandon any vestige of concern about our national sovereignty and to blindly toe the US policy line by declaring this an "Unprecedentedly treachery" without now feeling completely stupid with US President Barack Obama's implicit acknowledgement that what NSA have been doing is immoral and fundamental wrong.

    When will our politicians get some backbone? Only when they have something other than the US to believe in I suspect.
    uandme314