German government refutes Windows 'backdoor' claims
The German government says Windows 8 and TPM 2.0 chips, used in conjunction, can increase security but have the potential to reduce a user's control over software and hardware. The common-sense advice for government IT experts has been distorted by some observers into wild claims of "backdoors" or spying by the U.S. National Security Agency, or the Chinese.
"The so-called Trusted Computing is a back door for the NSA," wrote Zeit's Patrick Beuth on Tuesday, in reference to recent reports about the U.S. government's mass surveillance programs. According to a translated version of the Zeit article, Beuth wrote: "The operating system contains a back door in their [the German government's] view, [and] cannot be closed. This backdoor is called Trusted Computing and could have the effect that Microsoft can control any computer remotely. And thus the NSA."
Reports began to spread — albeit a little away from the mainstream media — following the German publication's story on Tuesday suggesting that a small "trusted computing" chip embedded in many modern computers can aid the U.S. government's surveillance efforts. As a result, the report claimed — citing an internal document from Germany's Office for Information Security (BSI) — that the latest version of Windows in certain circumstances could not be trusted in a government setting.
On Thursday, the BSI published an opinion walking back on the report's claims [PDF], while offering advice to the federal and civilian IT community on the matter.
The Zeit report suggested that German officials are specifically concerned about the Trusted Platform Module (TPM) technology. These hardware chips contain encryption keys that are used to verify the integrity of operating system and application files, preventing physical computer tampering and some types of malware, most notably rootkits.
These TPMs, which were developed by the Trusted Computing Group, a coalition of tech firms founded about a decade ago — including AMD, Cisco, HP, IBM, Intel, Microsoft, and others — require a compatible operating system in conjunction to work.
Simply put, the TPM stores encryption keys in hardware, until the software does something with it, and prevents operating systems being tampered with, by malware, such as a rootkit, or by a hacker who wants to modify the system for legitimate purposes.
The new specifications, dubbed TPM 2.0, will be activated by default, according to the BSI. While older versions of Windows use the older TPM 1.0 specification, Windows 8's security contains TPM 2.0 technology. The article's author wrote that Windows 7, as an existing alternative to Microsoft's latest operating system, can "be operated safely until 2020," the piece notes, referencing the time which Microsoft will no longer support the software, and will no longer issue security updates. Windows XP faces a similar fate this coming April.
According to an internal document from the Ministry of Economic Affairs (BMWI), dated in early 2012, that the German government will lose "full sovereignty" of its machines, concluding that, "the security objectives 'confidentiality' and 'integrity' is no longer guaranteed."
This is not the first time Microsoft and the NSA have been accused of collaborating on secret backdoors.
In 1999, similar allegations surfaced over an encryption key found in corporate versions of Windows, called NSAKEY. Claims were made that the U.S. government included code to assist state surveillance, a belief that is only held today in the farthest fringes of conspiracy swamps. Microsoft strenuously denied the claims.
"In the light of the Snowden revelations accordingly, it little imagination required to see TPM 2.0 and Windows 8 as a backdoor for NSA, just waiting to be opened," the author writes.
He uses just a "little imagination" to jump to a rather dangerous conclusion. He also notes that he "must assume" that because these TPM chips are developed in China, the Chinese government can compromise the chips — in much of the same way the NSA presumably can.
While it's not entirely clear from the article, the German government's general feeling is that it could be a barrier towards a wholly secure solution. The piece references a review by the BSI, stating that it was not possible to receive an "unconditional, complete confidence" in the platform.
No security solution is 100 percent secure. Not one. In fact, by stating this — whether it be an internal review, or a public statement — is good, honest practice on the part of the German authorities.
The article points to an "update," citing the BSI's opinion, published a day after the Zeit article was published, on Wednesday.
In the opinion (translated), the BSI "warns neither the public nor the [German] government prior to any deployment of Windows 8."
"The BSI is currently facing, however, some critical aspects related to specific scenarios in which Windows 8 is operated in combination with a hardware that has a TPM 2.0," it added.
The German federal agency notes that certain groups of users can use Windows 8 and a TPM chip that offer an "increase in safety."
It does, however, also reiterate that the use of Windows 8 in combination with a TPM 2.0 is accompanied by "accompanied by a loss of control over the operating system and the hardware used." It explains that for federal users and computers running critical infrastructure — such as water, electricity, and gas networks — may face "new risks." These computers should be one of, if not the most secure devices running in a country, as they control infrastructure critical to life and well being.
"Generally it should be possible [for] IT users to maintain a self-determined and autonomous dealing with information technology," the opinion read, which any IT professional will know is good, solid advice on the part of any reliable information security person or agency.
The opinion also explains that should Windows 8 or the TPM chip malfunction or become damaged in some way, it can lead to the conditions that "prevent further operation of the system."
The BSI is, essentially, talking about "bricking" computers. And it's right to. If there is a malfunction, it could lead to Windows 8 stopping working, and a situation where data may be lost. Worse, it could lead to the computer or hardware being "permanently withdrawn from use."
The opinion does state (translated): "In addition, the newly established mechanisms can also be used for sabotage by third parties."
We thought this was a little vague, so we sought independent clarification from the BSI.
BSI spokesperson Tim Griese said in an email to ZDNet: "There might be errors or bugs, originating from the OS vendor or the hardware vendor or even from the IT user itself, that by accident lead to a situation where the IT system is practically and permanently unusable. Such a situation is unacceptable for any user, as you might agree."
He added: "And if such a situation can occur by accident, it can all the same be caused intentionally by third parties."
The BSI is in this context talking about both accidental and deliberate damage, in efforts to remain fair and balanced, but also make users aware of the risks that federal and ordinary users face alike.
The German government, while mindful that its state enemies abroad and their intelligence services may wish to conduct espionage in the country, is not suggesting there are "backdoors" in Windows.
The only people left who really believe that Windows has a backdoor to the NSA are the same kinds of people who believe Facebook, Google, Apple, Yahoo, and the rest of the named seven major companies, gave "direct access" to their systems to the NSA — which they didn't, as they continue to fight in the courts to reveal documents that they know exonerates them from any allegations made by former NSA contractor Edward Snowden.