X
Tech

Closed Microsoft inevitably leads to unclosable back doors: FSF

The foundation behind the promotion of free and open source software says it is impossible to have a true chain of trust without the ability for users to fix back doors themselves.
Written by Chris Duckett, Contributor

The Free Software Foundation has lashed out at announcements out of Microsoft yesterday that Redmond was committing itself to increased encryption of user data and legal transparency.

Last night, the software giant confirmed that by the end of 2014, it would have added 2048-bit encryption to the links between its data centres, and encrypted all user data that Microsoft stored.

John Sullivan, executive director of the Free Software Foundation, called the Microsoft announcements meaningless and added that the company had made promises on security before.

"Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure," he said in a statement.

"A lock on your own house to which you do not have the master key is not a security system, it is a jail."

Sullivan said that any system which does not allow for code review and modification, inevitably leaves itself open to back doors and privacy violations, and even questioned Microsoft's definition of a vulnerability.

"While the Microsoft announcement does promise "transparency" to reassure people that there are no back doors in Windows, this is no solution," said Sullivan.

"Microsoft has demonstrated time and time again that its definition of a 'back door' will not be the same as yours. Noticing that the back door is wide open will do you no good if you are forbidden from shutting it."

In its announcement yesterday, Microsoft said that many of its new security moves are already in place, and that the company would be using the courts to fight gag orders preventing the company from notifying customers when governments seek their data.

Writing in a blog post, Brad Smith, Microsoft general counsel and executive vice president, legal and corporate affairs, said that the company believes that governments should gain access to information and data in the same way it did before IT moved to the cloud, by going directly to Microsoft's customers, and that the company should only be propelled to disclose data in "the most limited circumstances".

Redmond's increased focus on encryption follows the public learning of the Muscular program conducted by the NSA and GCHQ that allowed the spy agencies to tap the traffic moving between Google and Yahoo data centres.

Google and Yahoo have already made similar encryption announcements.

Editorial standards