×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK Government Wants a Backdoor Into Windows

CmdrTaco posted more than 8 years ago | from the there-are-plenty-of-worms-available dept.

Windows 598

REBloomfield writes "The BBC is reporting that the British Government is working with Microsoft in order to gain backdoor access to hard drives encrypted by the forthcoming Windows Vista file system. Professor Anderson, professor of security engineering at Cambridge University, urged the Government to contact Microsoft over fears that evidence could be lost by suspects claiming to have forgotten their encryption key."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

598 comments

China & PGP (5, Informative)

eldavojohn (898314) | more than 8 years ago | (#14723740)

Well, to be fair, a few people do believe that Microsoft has a backdoor built into their OS [cnn.com] that would allow the United States Government to shut down all Chinese Government PCs running Windows.

Oh, and there are a few people who also consider encryption a matter of freedom of speech [wikipedia.org].

Funny the U.S. government targets Phil Zimmermann [philzimmermann.com] for three years but hardly raises so much as an eye when an encryption enabled OS is distributed. From Mr. Zimmermann's homepage:
Philip R. Zimmermann is the creator of Pretty Good Privacy, an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. This made Zimmermann the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread worldwide.
I think that his "criminal activity" was creating an encryption tool that allowed messages to be encrypted beyond what the United States government was capable of deciphering in a timely manner. Does anyone know if this is still enforced? Does anyone know what the max key length is now if it is? I think it was something like 128 bits (that the government could crack) around the time of PGP.

Re:China & PGP (4, Insightful)

rpjs (126615) | more than 8 years ago | (#14723777)

It wouldn't surprise me in the least if the US govt has had a back-door inserted into Vista. The problem for the UK govt is that clearly the US govt doesn't want to share it with them. And would the uS govt want to allow any other govt to have their own back-doors, with the potential to remotely access PCs running Vista in the US? Somehow I doubt it.

Re:China & PGP (4, Interesting)

iagreewithmichael (927220) | more than 8 years ago | (#14723944)

seems we may see the fragmenting of the OS market with each local government insisting that only a domestic version be sold within its borders all in the name of security.

Re:China & PGP (1)

Kolisar (665024) | more than 8 years ago | (#14723795)

Funny the U.S. government targets Phil Zimmermann [philzimmermann.com] for three years but hardly raises so much as an eye when an encryption enabled OS is distributed.


Perhaps the US government already has a backdoor into Microsoft's Operating Systems that allow the decryption of encrypted files. They may not be able to break PGP easily enough so they prohibit its export but, due to an "agreement" with Microsoft, exporting Microsoft's OSes is not a "problem".
Does anyone have any information that can confirm the existance of such a backdoor?

Re:China & PGP (4, Interesting)

OhHellWithIt (756826) | more than 8 years ago | (#14723977)

You may remember the "clipper chip". The idea, proposed during the first Bush administration, was that encryption technologies would have to include a back door for U.S. intelligence agencies and law enforcement. I forget whether this was just for export, or whether it included domestic products as well. The argument "pro" was that we could trust the U.S. government not to misuse the key; the argument "con" was that it would inhibit exports of U.S. products, because while Americans might trust their government with keys to their back door, why would anyone else? And there was also the issue that foreigners might be smart enough to come up with something that the NSA couldn't crack. I was disappointed to see the Clinton administration follow through on the idea. Ultimately, export controls were relaxed somewhat, but I'd be surprised if there weren't back doors and/or key cracking algorithms available in Fort Meade. (sp?)

It'll be interesting to watch this play out. I'm sure any resolution will disappear deep within the inner pages of the paper, if it is discussed at all.

Interesting Points (3, Insightful)

millahtime (710421) | more than 8 years ago | (#14723811)

US export restrictions for cryptographic software were violated when PGP spread worldwide.

This bring up an interesting point on ITAR and the US. Some encryption technologies could violate ITAR if they are done in the US and then exported to other countries. If I remember right, that was part of the reason encryption on OpenBSD was done in Canada.

Oh, and there are a few people who also consider encryption a matter of freedom of speech.

Some would, but how many governements and what is protected under the law. That is different everywhere. Others, also, consider it a privilege.

Some of these laws, in paticualr with the US, are actually there to protect it from other countries. Many people in the country may not want to protect the countires competitive edge but others do and that is part of what our government has been taked with for a long time.

US gov as precident? (0)

Anonymous Coward | more than 8 years ago | (#14723874)

Didn't the US government already negotiate this with Microsoft? They got let off of any antitrust punishment in exchange for granting US agencies or their representatives access to all encryption keys and remote access to the file system.

Re:China & PGP (3, Informative)

Your Anus (308149) | more than 8 years ago | (#14723963)

In the mid-to-late 1990's the US Government loosened the rules significantly. They recognized that strong encryption is already available outside the US, so export controls are useless. In fact, there is encryption built into the Linux kernel to handle ipsec among other things. The only requirement now is some sort of notice regarding where the encryption product is stored. I'm not sure about commercial products, but the PGP source is exempt under the same rules.

Truecrypt (5, Informative)

ivan kk (917820) | more than 8 years ago | (#14723741)

Let them try.
We have alternatives.
http://www.truecrypt.org/ [truecrypt.org]

Plausible deniability ... nice! (0)

Anonymous Coward | more than 8 years ago | (#14724091)

from the FAQ:

Plausible deniability. It is impossible to identify a TrueCrypt container or partition. Until decrypted, a TrueCrypt volume appears to consist of nothing more than random data (it does not contain any "signature"). Therefore, it is impossible to prove that a file, a partition or a device is a TrueCrypt volume and/or that it has been encrypted. To achieve plausible deniability, the format of the volume and the encryption process had to be significantly changed.

Why? (2, Interesting)

jjares (141954) | more than 8 years ago | (#14723744)

This simply doesn't make sense. What prevents an user, using a different tool without said backdoor?

Re:Why? (2, Interesting)

mustafap (452510) | more than 8 years ago | (#14723775)

Simply that the vast majority of users will use Windows defaults.

You would be surprised how dim some crooks can be, like thinking that swallowing a sim card will destroy the data. Or even snapping it in two - might break the bond pad connections, but not the die. Easy to fix.

Re:Why? (4, Insightful)

1u3hr (530656) | more than 8 years ago | (#14723781)

This simply doesn't make sense. What prevents an user, using a different tool without said backdoor?

Laziness, ignorance; the same that prevents them from using encryption now.

Re:Why? (3, Insightful)

arivanov (12034) | more than 8 years ago | (#14723902)

Err... You did not understand the target.

The problem UK govt is having and US govt will have the moment they realise what is going on is that any media files on Vista PCs when distributed correctly via the supplied Vista Windows Media frameworks will be immediately encrypted and locked down using the TPM module to the specific machine. On top of that this will be determined by the people who distribute the files, not the users. This makes the current approach of taking disks out and hooking them to a forensic environment unfeasible. They will have to be decrypted on the machine after the user has logged in. It is sufficient for the user to refuse to log in on the machine and the police is stuffed.

As a result any attempt to collect proof of child pr0n and b00tleg movies/music will run into some serious difficulties as long as the providers of illegal goods have done their job of using Windows Vista right.

Frankly, the UK govt should whinge elsewhere. MPAA and the TP group is a good start. Whinging at MSFT is not going to get them anywhere because it will be not just MSFT, it will be everyone implementing this on every device in 5 years time.

Re:Why? (2, Interesting)

CastrTroy (595695) | more than 8 years ago | (#14723981)

Couldn't they just brute force the password? Assuming that the password was under 15 characters (most cases), and the information was valuable enough, they could do it. A lot easier than brute forcing the 256-bit encryption or whatever it is they are using.

Re:Why? (0)

Anonymous Coward | more than 8 years ago | (#14723996)

This does make sense. They want to have this publically announced so they can then claim some privacy advocates (plants) complained. Then they will use this as proof they need laws making it a crime to forget your encryption password for any system you might use. Thus, they don't need the backdoor anymore, as you are a criminal just for having your hard drive (or any data) encrypted and not turning over the key to government when asked.

Suggestion (3, Funny)

saboola (655522) | more than 8 years ago | (#14723749)

They do a google search for "backdoor" and "windows", then just take their pick. Microsoft if nothing else, offers a variety of backdoors for your every need.

Backdoor action? (3, Funny)

Anonymous Coward | more than 8 years ago | (#14723753)

What good is encryption if your government can read it - before long half the criminals in the country know how to decrypt your files - especially they way the British Secret Service has been losing laptops lately....

Pfff (3, Insightful)

Arthur B. (806360) | more than 8 years ago | (#14723756)

Let bad guys use deniable encryption schemes and this won't even be a concern... Please, someone in the U.K. gov get a clue about encryption!

Re:Pfff (4, Interesting)

elrous0 (869638) | more than 8 years ago | (#14723824)

What bad guy would be stupid enough to trust any encryption or security scheme introduced by a major corporation to begin with? If you want encryption, you go with open source. With any corp that has to answer to the government, you'd might as well assume there WILL be a backdoor.

In the end, the bad guys will use real encryption and the backdoor won' effect them. It will only serve as a security risk for legitimate users.

-Eric

Re:Pfff (1)

dr_dank (472072) | more than 8 years ago | (#14723870)

Let bad guys use deniable encryption schemes and this won't even be a concern. Please, someone in the U.K. gov get a clue about encryption!

Doesn't seem likely. IIRC, its the law in Britain that you have to turn over your encryption key if lawfully ordered to. Even if you feed them keys for a RubberHose-type system of deniable encryption, I'm sure they'll detain you until it turns up something good. Law enforcement wouldn't buy that a sophisticated encryption system like that was set up solely for keeping cake recipes safe on your hard drive.

Re:Pfff (1)

Alioth (221270) | more than 8 years ago | (#14723909)

In that case, you have the deniable encryption system reveal details of something you would want to encrypt (say, an extra marrital affair or other thing you might want to hide from your family or friends) instead of what you really want to keep secret. Or use steganography - with a custom steganographic system and tens of thousands of music files and digital photographs, finding anything would be tough.

Re:Pfff (1)

Arthur B. (806360) | more than 8 years ago | (#14723930)

IIRC that law was not enforced in Britain when a group sent a judge encrypted content claiming it was evidence as part of an investigation, asking him to turn out the private key... Now, the point is, the law enforcement wouldn't even KNOW that you have encrypted content, it should look just like unformatted disk space... If they suspect you have, you can show them one layer etc... how many layers are they willing to go to? You can hide something that satisfies them in the first layer, say pron, mp3 or political criticism.... are they still doubtfull, ok you got it, the second layer has more dangerous things etc etc

Re:Pfff (1)

caluml (551744) | more than 8 years ago | (#14724088)

it should look just like unformatted disk space

Trouble is, if it looks like unformatted (I assume you mean unallocated) disk space to the police, it will look like unallocated disk space to the OS. And when something decides it needs it, it will be allocated.

It's been 4 minutes since you last successfully posted a comment

Re:Pfff (1)

caluml (551744) | more than 8 years ago | (#14724043)

Please, someone in the U.K. gov get a clue about encryption!

The UK has quite a clue about cryptography. Read up about Bletchley House, Enigma, and public key encryption, which was developed in GCHQ quite a few years before Messrs Diffie and Hellman did.

backdoor to windows (1)

rhade (709207) | more than 8 years ago | (#14723759)

A backdoor into hdd encryption... How do these people get into positions where their opinion is valued?

Obligatory!!! (-1, Redundant)

Sfing_ter (99478) | more than 8 years ago | (#14723761)

1) Why don't they use the ones that already exist?
2) They could use the Sony Rootkit...
3) ???
4) Profit... :)

What is the point of filesystem encryption? (2, Interesting)

autopr0n (534291) | more than 8 years ago | (#14723764)

If someone gets a hold of your whole computer, they can read files. If someone hacks your system, they can read your files.

About the only thing windows encryption seems to be able to do is prevent you from recovering your files if your PC ever dies.

Whats the point?

Re:What is the point of filesystem encryption? (0)

Anonymous Coward | more than 8 years ago | (#14723847)

"If someone gets a hold of your whole computer, they can read files. If someone hacks your system, they can read your files."

Actually no, they can't.

The entire point of encrypting a filesystem is that someone cannot just take the hard drive and read the plain text data from it. How will getting hold of the computer give them the password? It's not stored on the computer.

If physical access was enough, and the encryption was weak, there would be no need for a backdoor.

If someone had root on your system while you had the encrypted filesystem mounted and were reading it, or managed to install a keyboard logger to grab the password, then they could get the data. Otherwise, there is no way for them to get the key hidden in your little grey cells.

Re:What is the point of filesystem encryption? (4, Funny)

NickFitz (5849) | more than 8 years ago | (#14724060)

How will getting hold of the computer give them the password? It's not stored on the computer.

No, it's stored on the PostIt note on the monitor.

Re:What is the point of filesystem encryption? (0)

Anonymous Coward | more than 8 years ago | (#14723860)

The point is that if someone does not know the passphrase it is not possible to extract the files. Thus you can protect your data from the police etc by using encryption on your harddrive. Of course when the system is mounted someone could use your computer and read the files. Thats why you make it possible for you to kill your computer from the front door (or perhaps remote via mobile) if the police goes into your home.. :) Probably this is not necessary since the police is stupid anyways and just pull the computers without thinking about the consequences.

Then the police/law cannot gain any proof from your computer and you are released from suspicion. Then you get your computer back and everything is nice and good.

Of course you shold not use this to do any evil, but to protect your right to store information in a way that noone but you can read it. This right is IMO fundamental to a working democracy and should be defended by whatever means possible!

Obviously you have never used real encryption (4, Insightful)

brunes69 (86786) | more than 8 years ago | (#14723864)

You should not be able to read the files without logging into the computer with your password and/or other identification token.

After logging in, the files are accessable. But not before. Someone who just swipes your PC would boot into Windows but would be unable to read any data files, even with a seperate boot CD. That's the whole idea.

But if the government adds a backdoor, you can bet that a hacker (white or black hat) would find it as well, probably within a few weeks of the OS being out. Thus making the encryption useless.

The whole government complaint is useless anyway because for all they know people can be using deniable encryptionn schemes *today* and they'd never even know about it.

Re:What is the point of filesystem encryption? (1)

corbettw (214229) | more than 8 years ago | (#14723890)

If someone gets a hold of your whole computer, they can read files. If someone hacks your system, they can read your files.

Not if you're prompted for a passphrase during boot. Of course, this would require you to shutdown the computer when not in use, but how hard is that?

Re:What is the point of filesystem encryption? (1)

EzInKy (115248) | more than 8 years ago | (#14724020)


Not if you're prompted for a passphrase during boot. Of course, this would require you to shutdown the computer when not in use, but how hard is that?


Why in the world would they have to boot your computer simply to read your hard drive?

Re:What is the point of filesystem encryption? (4, Interesting)

Gadzinka (256729) | more than 8 years ago | (#14724080)

Why in the world would they have to boot your computer simply to read your hard drive?

Because all the sectors on my hard drive are encrypted on the fly. When you read it directly in other computer all you get is nearly random gibberish. There's not even a proper filesystem on it. Only after you mount it giving my long and convoluted passphrase the OS decrypts the sectors on the fly, so you can read the files. Switch the power off, reboot my machine or unmount the partition and there is no way to access my data again.

Is that easier to grok?

Robert

They just need to wait... (5, Insightful)

Arthur B. (806360) | more than 8 years ago | (#14723769)

... until the crack is published :) (sadly this is more insightful than funny)

Re:They just need to wait... (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#14724053)

Apparently the moderators disagree with you.

Let's be fair... (3, Insightful)

qwertphobia (825473) | more than 8 years ago | (#14723770)

\ They just want to play with the big boys. We all know the NSA, the CIA, and the FBI each have their own key! \

Re:Let's be fair... (0)

Anonymous Coward | more than 8 years ago | (#14723838)

That would be MI5 and MI6 for the UK then.

Heil Clarke (1, Insightful)

Kirth (183) | more than 8 years ago | (#14723773)

What, the Gestapo isn't happy that they might not be able to read the contents of your hard-drive? What a surprise.

Eh? (3, Funny)

squoozer (730327) | more than 8 years ago | (#14723779)

Why don't they just use one of the hundreds of backdoors that everyone else uses? Seems to me M$ are already complying with this request several times over.

Re:Eh? (1)

Billosaur (927319) | more than 8 years ago | (#14723976)

Why don't they just use one of the hundreds of backdoors that everyone else uses? Seems to me M$ are already complying with this request several times over.

Better yet, why don't they just hire hackers and phishers to help them. These folks get onto people's hard drives all the time to scoop up data with key loggers or spyware.

Re:Eh? (1)

scsirob (246572) | more than 8 years ago | (#14723995)

With a bit of luck if MS marketing picks up the opportunity, you can purchase your own backdoor some time soon...

"So, would you like a standard backdoor for just $49,95 or do you take advantage of this month's special, the Enterprise Secure BackDoor for just $299,99 ? If you really want to go all-out, our World-wide MultiSystem "GATES" BDK (Backdoor Development Kit) gets you access to every PC in existence..."

That's the point of encryption isn't it? (3, Insightful)

johnnywheeze (792148) | more than 8 years ago | (#14723784)

Pretty sure that's the point of encryption. Making sure that nobody but you and people you trust can read your data, and anyone else up to and including the government can't. Even if they really really want to.

When did a healthy mis-trust of government suddenly get you tin-foil hat status, and a visit from the FBI?

No worries.. (-1, Troll)

debest (471937) | more than 8 years ago | (#14723789)

"An unfortunate side effect from law enforcement is it would be technically fairly seriously difficult to dig encrypted material out of the system if it has been set up competently." (emphasis mine)

Well, I guess we can be sure that the UK has absolutely nothing to worry about!

Re:No worries.. (1)

maxwell demon (590494) | more than 8 years ago | (#14723901)

Well, if it has been set up competently, it surely won't use the built-in encryption, especially if it is well-known that it has a backdoor.

What's wrong with the front door? (0)

Anonymous Coward | more than 8 years ago | (#14723792)

Typical government action: total waste of money. No one else needs a back door to crack Windows.

I hope China gets the same privs (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14723797)

Seeing as they are talking to the UK about it I am sure they wll have no problem building a backdoor key into the sytem for each govenment without trouble... Right?

What about the RIP bill? (5, Insightful)

twoshortplanks (124523) | more than 8 years ago | (#14723799)

From TFS:
Professor of security engineering at Cambridge University, urged the Government to contact Microsoft over fears that evidence could be lost by suspects claiming to have forgotten their encryption key.
Then lock them up for that. It's a crime to not provide your key under the RIP bill [parliament.uk]. If the government is going to pass stupid legislation like that, then they shouldn't need these backdoors.

Re:What about the RIP bill? (2, Insightful)

kraut (2788) | more than 8 years ago | (#14723881)

> Then lock them up for that. It's a crime to not provide your key under the RIP bill.
Ah, but according to the article you the user don't actually have access to the key - it's inside a chip. Quoth:
The system uses BitLocker Drive Encryption through a chip called TPM (Trusted Platform Module) in the computer's motherboard.

It is partly aimed at preventing people from downloading unlicensed films or media.

"This means that by default your hard disk is encrypted by using a key that you cannot physically get at...

I doubt that even this government would try to lock you up for being unable to retrieve a key from a protected silicon chip. Then again, their stupidity seems to know no bounds, so I wouldn't be too surprised. On the upside, they can presumably get the key from the manufacturers anyway, so it's all a storm in a teacup.

I'd still like to hear how many successful prosecutions there have been under the RIP bill though. Methinks if it had netted them lots of child-molesting, money-laundering, drug-dealing terrorists we'd hear about it.

Re:What about the RIP bill? (1)

Tim C (15259) | more than 8 years ago | (#14723892)

That's exactly what I thought.

Then I thought a little longer, and thought that perhaps they think that despite having the RIP Act, it would be nice if they could still have the backdoor anyway. That way they can get at the data, and if it's clean but they're *sure* the guy's a wrong 'un, they can still lock him (or her) up under the provisions of RIP for witholding the key. Conversely, if they hit pay dirt, they can send the guy down for even longer (assuming the crime warrants it), perhaps even take down associates, etc.

At the time that RIP was proposed, I thought how stupid it was - anyone facing a serious charge would just go down for witholding their keys, laughing as they get 3 years rather than 10 or 20 or even life. Looks like perhaps the government has finally thought of that, and is trying to do something about it.

Re:What about the RIP bill? (1)

mallardtheduck (760315) | more than 8 years ago | (#14723894)

What we need is an encryption scheme where two possible keys yeild two different plaintexts and the existence of the second plaintext is (close to) impossible to prove.
Therefore you can give the "innocent" encryption key and all that is revealed is stuff that you might want to hide, but not of interest to the government (credit card records, personal finance detials, things like that) and keep the second key secret (which is the one that reveals your political speaches, government corruption evidence or whatever else they are trying to suppress).
Without a way to prove beyond reasonable doubt that the second key exists, you cannot be found guilty under RIP.

Anybody know of a system that works like that?

Re:What about the RIP bill? (2, Insightful)

corbettw (214229) | more than 8 years ago | (#14723943)

I don't think that law has as many teeth as you seem to think.

According to 49(5)(a), the max punishment for not disclosing your key is two years. Compare that to whatever the max punishment is for having kiddie porn on your PC, or plotting to assassinate the PM/Queen/visiting dignitary or whatever. Two years is likely going to be far less, and you'll end up with a much cleaner slate afterwards. Having to tell people "I was put in jail for standing up for privacy rights" sounds a lot better than "convicted sex offender/terrorist".

It seems topical to wonder (1)

toby (759) | more than 8 years ago | (#14723997)

Who was/will be the first person tortured by US or Britain to reveal their keys? - Since this is now apparently expected behaviour by these governments.

Not "lost" (4, Interesting)

ajs (35943) | more than 8 years ago | (#14723807)

This is that definition of "lost" that appeared in the late 20th century. It's akin to the money that the music industry is "losing" due to file sharing. The evidence is not lost, it is as yet, undiscovered, and in any civilized country, we would not assert that there WAS any evidence unless we could actually see it. In the U.K., however, they actually have a law that says that you have to reveal your secret keys to the authorities with no provision for simply not knowing them. You can be convicted of the crime of having white-noise on your disk that authorities assert is encrypted data to which you are refusing to reveal the key. Heck, you could be convicted of a crime for not divulging the key to /dev/random, which is clearly some secret message channel from an unknown party, since messages arrive from it in small bursts!

Re:Not "lost" (1)

mallardtheduck (760315) | more than 8 years ago | (#14723954)

From the act in question:

49. - (1) A person is guilty of an offence if-
(a) he fails to comply, in accordance with any section 46 notice, with any requirement of that notice to disclose a key to protected information; and
(b) he is a person who has or has had possession of the key.

Notice section (b). Both (a) and (b) will need to be proved beyond reasonable doubt in a court of law for a person to be convicted. If law enforcement cannot prove that you have or had prossession of the key then they canot convict you. Therefore you cannot be convicted for failing to disclose a key you do not know or that does not exist.

Re:Not "lost" (1)

1u3hr (530656) | more than 8 years ago | (#14723985)

I read it as meaning deliberately lost by the suspect. As in "Lose your gun after the hit"; "Lose your tail", etc.

Paper documentation (2, Funny)

CaptainFork (865941) | more than 8 years ago | (#14723809)

Blair would also like you to fax him a copy of everything you write on a paper in case you accidentlly-on-purpose shread that paper later on. Better start sending those faxes right away!

Non-issue, functional MRI can catch liars. (1, Funny)

dsmatthews (866278) | more than 8 years ago | (#14723828)

A suspect will not be able to get away with such a lie, because of advances in functional MRI.

Contempt of court (3, Interesting)

springbox (853816) | more than 8 years ago | (#14723831)

I often see arguments like this one [slashdot.org]. What's the point for some people to encrypt their files (other than temporary privacy) if you're going to get in trouble later in court anyway for not revealing your keys? Now this might actually be unlikely, but what if average windows user genuinely forgets their password? Seems kind of unfair.

Re:Contempt of court (1)

stubear (130454) | more than 8 years ago | (#14723872)

Which would you rather be charged with, tax fraud or contempt of court, destruction of evidence, and obstruction of justice?

Re:Contempt of court (1)

springbox (853816) | more than 8 years ago | (#14723932)

I get your point, but really, if I was in court I wouldn't want to get myself into any extra trouble unnecessarily. I guess being held in contempt is not bad if what you're protecting is actually valuable, but still. It seems like there's already a backdoor installed to the whole encryption thing.

Re:Contempt of court (0)

Anonymous Coward | more than 8 years ago | (#14723968)

tax fraud? what if it's something a bit more juicy - like a video evidence of some corrupt politician or something?

Re:Contempt of court (1)

Ibix (600618) | more than 8 years ago | (#14724051)

What's the point for some people to encrypt their files (other than temporary privacy) if you're going to get in trouble later in court anyway for not revealing your keys?

Courts aren't the only poeple who might want to read your data. What about business competitors? They can break into your office and copy your sensitive data, but they can't make you give up the encryption key[1].

I

[1] I'll assume you didn't write it on a post-it on the monitor.

Great! (4, Insightful)

1u3hr (530656) | more than 8 years ago | (#14723835)

If governments force a backdoor to be installed, it'll be for sale to crackers before the gold masters are pressed, and common knowledge a few weeks later. So "trusted computing" can be subverted using the govt master key. And anyone who actually wants to keep secrets will install somethng that works while not requiring a magic dongle on the mobo. The govt will be able to read data from clueless suspects as they do now. So a win all round. And who doesn't suspect MS would leave backdoors anyway?

Re:Great! (2, Insightful)

Anonymous Coward | more than 8 years ago | (#14724012)

What's really amazing is that the way the slashdot blurb was spun, we have the community here pouring scorn on the evil government that tries to put down encryption... even though what this is really about is the neutering of Treacherous Computing.

If this CS prof can play the terrorist card to get the UK government to mandate a backdoor to TPM, I for one can only applaud his ingenuity. Surely the same idea should be pushed in other countries as well! If you accept the "Trusted Platform" you are supporting the terrorists!

Inevitable (2, Insightful)

BenjyD (316700) | more than 8 years ago | (#14723850)

It was inevitable something like this would happen after the whole 90 day detention debacle. Labour kept using the excuse of "needing time to break encryption" for requiring 90 days of detention without trial. Anyone with half a brain told them that any decent encryption is going to take many years to break, so I guess this is their response.

What's the point when you have RIP? (5, Informative)

TheEvilOverlord (684773) | more than 8 years ago | (#14723852)

I don't really see why the need this anyway.

The government has the RIP Act [wikipedia.org] (Regulation of Investigatory Powers Act 2000) which allows them to detain you, with a press gagging order if you refuse to hand over the encryption key they need to decrypt your data. If you refuse or claim you have forgotton and they don't believe you, then it's two years in gaol for you sonny jim.

They only really got this into law because most people don't understand it. Oh and don't forget that since this government came to power the amount of time they can hold you, uncharged, under the terrorism act has gone from 7 to 28 days... and the police want 90! Yes ninety days, 3 months, 2160 hours!

Re:What's the point when you have RIP? (2, Insightful)

faloi (738831) | more than 8 years ago | (#14724040)

If you refuse or claim you have forgotton and they don't believe you, then it's two years in gaol for you sonny jim.

I'm not saying I like the idea of MS actually intentionally putting a back door in their OS, what with all the ones that are in it by accident. But I can see them trying to justify it. After all, depending on what you're likely to get busted for, two years locked up may be a cakewalk to what you'd get if they could get your data.

Of course this will only help catch stupid criminals. At least until it becomes a criminal offense to install encryption that doesn't have a nift key for concerned governmental authorities to use. Personally, I see it as a big overstep of government power. Privacy rights and all.

keyloggers (4, Interesting)

Barbarian (9467) | more than 8 years ago | (#14723859)

How about making governments install a keylogger before they seize the computer? Hardware or software, it would go in the old tradition of installing a telephone tap. It's not that hard either. Did the government demand that paper notebook makers supply a backdoor so they could decipher drug accounts written in code?

As usual, the wrong solution to the problem (2, Interesting)

seanellis (302682) | more than 8 years ago | (#14723879)

Anyone with something to really hide will use a third-party encryption system, and "lose" the keys to that instead.

Everyone else* will have a computer with a guaranteed back door, which I am willing to bet will be open to hackers on about Day 3 after Vista's launch.

* - Well, everyone else who's not running Linux, of course.

Power Grab (-1, Offtopic)

Paraplex (786149) | more than 8 years ago | (#14723895)

For the love of god, someone get these politicians a hobby. They have far too much time and money at their disposal.

I'd like to see Blair, Bush & Bin Laden settle this over a good old game of marbles and leave us out of it.

Who the hell are these twirps? Never met them, never heard a SINGLE intelligent thing come out of any of their mouths and day after day they affect my life. They sit there in these strange black outfits with these weird nooses around their necks arguing about things which are obviously issues of semantics, breaking every rule of intelligent debate & rationalisation and prompting the media beast to artificially inflate these "issues" so that the bored apathetic masses get up in arms and keep them voted in.

We're throwing away our freedoms so the media can make you pay for & drink sugar water.

The extreme views speak in loud, inflamatory soundbytes that serve to sell advertising to gullible viewers: "X is EVIL" "ALL Y DESERVE TO DIE" while the moderate, intelligent, rational view is obscured and diffused by its truthful verbosity and its inherent "unmarketability"

Sometimes I just bang my head against the wall at the complete insanity of it all.

Don't attribute.... (2, Interesting)

gmuslera (3436) | more than 8 years ago | (#14723897)

to idiocy what can be explained by malice. There are a lot of backdoors around, and Windows had functional ones for years (wmf anyone?) but the intentionality of them could have been in doubt. Now if is known, proved, and by design adding another backdoor, one that will not be removed by any hotfix because is a "feature", well, 2 things will probably happen: the bad guys will find how to exploit it making all backdoored windows a target, and the bad guys find know how to disable it, so the most harmed people will be the good ones that should not have anything to hide (and because of that, removing/disabling the backdoor would make them suspectful)

This is not a surprise (1)

KarmaOverDogma (681451) | more than 8 years ago | (#14723928)

when you consider the fact that the UK is very close to having a national ID card

http://en.wikipedia.org/wiki/British_national_iden tity_card [wikipedia.org]
and
http://news.zdnet.com/2100-1009_22-6039076.html [zdnet.com]
and
http://www.timesonline.co.uk/article/0,,2-2039223, 00.html [timesonline.co.uk]

this kind of thing, while dissapointing, should come as no surprise. The UK has been big on "security" for some time. Cameras are everywhere, especially in the larger cities. The plan to have a back door into windows boxes is dissapoining because of the hole it can leave for exploits and the fact that those who are very interested in keeping information on their computers hidden from prying eyes (e.g. actual terrorists - or at least the smarter ones) will be able to do so until the information is no longer useful (i.e. people are dead).

Welcome to another part of our brave new world.

Trusted computing? HAH (2, Insightful)

1001011010110101 (305349) | more than 8 years ago | (#14723929)

Why would anyone consider 'trusted computing' some binary program which you haven't compiled yourself is beyond my understanding.

since when... (5, Insightful)

revery (456516) | more than 8 years ago | (#14723955)

Since when does the government have a right to all evidence in any case? One aspect of English law that I thought existed, is that the people should be protected from the government (particularly from self-incrimination). One could reasonably argue that the average citizen needs the availability of government-inaccessible encryption, due to the decreased cost (in terms of time and manpower) required to search through computer records vs. paper records. Current computers, and the massive amounts of data that they store (internet cookies, browsing history, cache data, registry entries, etc.) make fishing expeditions much, much, easier on law enforcement than sifting through physical documents and interviewing co-workers and family.

"Forgetting" your key is an offense (2, Informative)

Colin Smith (2679) | more than 8 years ago | (#14723959)

Not turning over the key (for any reason) is an offense punishable by a couple of years in prison anyway.

 

Time to switch! (3, Interesting)

caveat (26803) | more than 8 years ago | (#14723994)

OS X FileVault...AES128 encryption of your home directory with no backdoors! (At least not that I know of). Ain't nobody reading your files without your key.

Building the backdoor into MS's FS encryption... (2, Insightful)

AusIV (950840) | more than 8 years ago | (#14723999)

Is akin to building the web browser into the operating system. I have no interest in encrypting my filesystem, but if I did, I wouldn't use Microsoft's tools to do it. I know I'm not the only one of the opinion that feels utilities that are so intertwined with the operating system create security risks. This strikes me as a big one.

For the same reasons that I use Firefox as a web browser and OpenOffice.org as an office suite, if I felt it necessary to encrypt my filesystem I'd use somebody else's tools to do it. (Even if I weren't aware of such a backdoor into my filesystem).

Hey Microsoft, (1)

Hoplite3 (671379) | more than 8 years ago | (#14724000)

While your at it, build a backdoor for me too.

I've always wanted to build an army of bots and extort money from gambling sites, but the difficulty of cracking MS Windows (or perhaps my conscience :-) has held me back! ...and when you build that backdoor, be sure you distribute a system tool complete with MS Office assistants to help me crack peoples computers. I want Clippy to tell me "have you tried putting 'password' for the password?"

That'd be awesome.

Encrypted filesystem (1, Insightful)

Anonymous Coward | more than 8 years ago | (#14724025)

I guess now when I go save the data from a Dell laptop with a linux live-CD I won't be able to because the data will be encrypted. I'm sure my friends and family will love to hear that I managed to save their picture collection, but the files are totally useless.

uk govt and microsoft and unholy alliance. (1)

shortstumpyone (953110) | more than 8 years ago | (#14724028)

lets be honest about this with both microsofts and british central governments past record. teh back door will be ready iin 2005 sometime will have cost 20 billion pounds. and will only work on sundays for anyone who isnt a governemtn department. now if gchq were involved i'd be a little more concerned.

Where will it end? (4, Informative)

NimbleSquirrel (587564) | more than 8 years ago | (#14724033)

Not that I would ever buy Windows Vista, but why would I want Microsoft deciding who gets backdoor keys to my machine?

I recall some years ago, someone found supposedly secret NSA backdoor keys buried in Windows98. I don't recall if it was actually proven, but I would not be surprised if the NSA already has backdoor keys in 98/ME/XP and now Vista. Now the British Government wants their turn. Where will it end? Once MS bows to the British, surely other governments will also demand backdoor keys. Who decides which of those governments get it?

Sooner or later, other organisations (like the RIAA and the MPAA) will also want their keys too (if they don't already have them thanks to their DRM chips). Where will MS draw the line? I highly doubt MS would be very open about how many different governments or other organisations really have backdoor keys.

It is easy for us to say that we'll never use it, or that there are other options out there, but I'm more worried for less computer savvy members of the public who think they are buying a secure system. I know most of those users will never use encryption, but this will set another precident that will further erode all of our rights.

Why use the back door...? (4, Insightful)

mikerich (120257) | more than 8 years ago | (#14724066)

When the front door is wide open?

Sorry, cheap jibe.

This is amazing - especially when the idea is being promoted by a 'Professor of Security Engineering' at a reputable university. How can adding a backdoor to security systems be anything other than a massive weakness just waiting to be exploited?

Imagine if this went ahead - the British government would want access to versions of Windows sold in this country, the American government to US copies of Windows, the German government ... and so on and so on... Would Microsoft allow the Chinese government access to their citizens' disks? The Chinese government are signed-up members of The War Against Terror - so they could claim they need access, and besides recent experience says that big businesses will always accommodate governments no matter how repressive.

And it gets worse. Microsoft would either have to make a single key that would open every machine in the World; or they would have to issue copies of all the keys to every government - the British government won't accept not being allowed into a suspected terrorist's (and we have a splendidly wide definition of 'terrorist' in this country) computer purely because the suspect happens to be foreign.

But it will all supposedly remain secure and not fall into the hands of wrong-doers.

The Home Office, IT and Microsoft - what an unholy trinity we have there. With this level of stupidity the legislation can't be far off.

Police weight problem? (1)

Phoenix823 (448446) | more than 8 years ago | (#14724086)

I don't know the law in the UK (or the US for that matter), but wouldn't it make logical sense to just have the police install a hardware keylogger on the computer in question? Why break open an operating and file system and make it vulnerable when they could JUST as easily record the key's passphrase when it is used?

Use open source encryption software (1)

massysett (910130) | more than 8 years ago | (#14724089)

Stories like these, along with the rumors of already-present Windows back doors, are perfect proof of why open-source encryption products are the only secure solution. No outside eyes have reviewed MS source code, so who knows what back doors are in there? Full review is the only assurance of true security.

GnuPG [gnupg.org] comes to mind as open-source encryption software. Are there any Windows or Linux solutions that offer the same relatively transparent, on-the-fly disk encryption that's built-in to XP Pro?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...