According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.
The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.
Its purpose is Digital Rights Management and computer security. The system decides what software had been legally obtained and would be allowed to run on the computer, and what software, such as illegal copies or viruses and Trojans, should be disabled. The whole process would be governed by Windows, and through remote access, by Microsoft.
Now there is a new set of specifications out, creatively dubbed TPM 2.0. While TPM allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.
It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers. NO, Microsoft would never do that, we protest. Alas, Microsoft, as we have learned from the constant flow of revelations, informs the US government of security holes in its products well before it issues fixes so that government agencies can take advantage of the holes and get what they’re looking for.
Experts at the BSI, the Ministry of Economic Affairs, and the Federal Administration warned unequivocally against using computers with Windows 8 and TPM 2.0. One of the documents from early 2012 lamented, “Due to the loss of full sovereignty over the information technology, the security objectives of ‘confidentiality’ and ‘integrity’ can no longer be guaranteed.”
Elsewhere, the document warns, “This can have significant consequences on the IT security of the Federal Administration.” And it concludes, “The use of ‘Trusted Computing’ technology in this form ... is unacceptable for the Federal Administration and for operators of critical infrastructure.”
Another document claims that Windows 8 with TPM 2.0 is “already” no longer usable. But Windows 7 can “be operated safely until 2020.” After that other solutions would have to be found for the IT systems of the Administration.
The documents also show that the German government tried to influence the formation of the TPM 2.0 specifications – a common practice in processes that take years and have many stakeholders – but was rebuffed. Others have gotten what they wanted, Die Zeit wrote. The NSA for example. At one of the last meetings between the TCG and various stakeholders, someone dropped the line, “The NSA agrees.”
Rüdiger Weis, a professor at the Beuth University of Technology in Berlin, and a cryptographic expert who has dealt with Trusted Computing for years, told Die Zeit in an interview that Microsoft wanted to completely change computing by integrating “a special surveillance chip” in every electronic device. Through that chip and the processes of Windows 8, particularly Secure Boot, “users largely lose control over their own hardware and software.”
But wouldn’t it contribute to higher levels of security? Certain aspects actually raise the risks, he said. For example, during production, the secret key to that backdoor is generated outside the chip and then transferred to the chip. During this process, copies of all keys can be made. “It’s possible that there are even legal requirements to that effect that cannot be reported.” And so the TPM is “a dream chip of the NSA.”
Perhaps even more ominously, he added: “The other realistic scenario is that TPM chip manufactures don’t sit within reach of the NSA, but in China....”
Apple phased out the surveillance chips in 2009. Linux doesn’t comply with the standards, and Linux machines cannot use the technology. Microsoft defended itself the best it could. The TPM is activated by default because most users accept defaults, it said. If users would have to activate the functions themselves, many users would end up operating a less secure system. And of course, government regulations that would require that users have the option to opt in or out would be unwise.
Instead, hardware manufactures could build machines with the chips deactivated, Microsoft said. If you want to have control over your computer, that’s what you’d have to buy. Another option would be to switch to Linux machines, something that the city government of Munich has started 10 years ago; the changeover should be complete before the year is up. This aspect of the NSA debacle cannot possibly be twisted into bullish news for Microsoft.
China is the promised land for our revenue-challenged tech heroes: over a billion consumers, economic growth several times that of the US, and companies splurging on IT. Layer the “cloud” on top, and China is corporate nirvana: a high-growth sector in a high-growth country. Or was nirvana, now that the NSA’s hyperactive spying practices have spilled out.