From Robalini's KONFORMIST DIGEST Number 688:
There are persistent reports that the National Security Agency (NSA)
has a hidden "back door key" into Windows-based computers. (See "How
To Abandon Microsoft," op. cit. See also, for further reference,
"Gates, Gerstner Helped NSA Snoop -- US Congressman")
"A recent report renews claims that the US National Security Agency
(NSA) secured the co-operation of IBM and Microsoft in gaining
access to encrypted data, and documentation seen by The Register
gives a fuller picture of how this may have taken place. In this
congressman Curt Weldon makes the astonishing claim that the US
military was able to see Saddam Hussein's orders before his
commanders did.
"According to Cryptography & Liberty 2000, published by the
Electronic Privacy Information Center (EPIC): 'On September 28, 1999,
Congressman CURT WELDON <of "Able Danger" fame>> disclosed that
high level deal-making on access to encrypted data had taken
place between the NSA and IBM and Microsoft.'"
("Gates, Gerstner Helped NSA Snoop -- US Congressman," op. cit.)
Only Speculation: That Bill Gates and his inner circle are a facet
of the national security state. Could this be why the mass media,
another facet, consistently praises a lousy operating system? Could
this be why anti-trust laws are not vigorously enforced against
Microsoft, Inc.?
----------------------------------
GATES, GERSTNER HELPED NSA SNOOP - US CONGRESSMAN
By Graham Lea
The Register (UK), 12th April 2000
A recent report renews claims that the US National Security Agency (NSA) secured the co-operation of IBM and Microsoft in gaining access to encrypted data, and documentation seen by The Register gives a fuller picture of how this may have taken place. In this congressman Curt Weldon makes the astonishing claim that the US military was able to see Saddam Hussein's orders before his commanders did. According to Cryptography & Liberty 2000, published last week by the Electronic Privacy Information Center (EPIC): "On September 28, 1999, Congressman Curt Weldon disclosed that high level deal-making on access to encrypted data had taken place between the NSA and IBM and Microsoft." The Register has seen an unofficial transcript of a luncheon meeting on Capitol Hill of the Internet Caucus Panel Discussion about the new encryption policy that provides some elaboration. Weldon is a senior member of the National Security Committee and chairman of the Military Research and Development Subcommittee. This has oversight of a $37 billion budget for all military R&D [much of it for the Pentagon's computer systems], and arranged a series of classified hearings and briefings from the NSA and CIA. At the meeting Weldon bragged that: "In Desert Storm... my understanding is that our commanders in the field had Saddam Hussein's commands before his own command officers had them, because of our ability to intercept and break the codes of Saddam's military. I want to make sure we have that capacity in the future. I responded in a very positive way to the argument that was being made by the CIA, the NSA and the DOD - and we took some every tough positions." Although Desert Storm took place long before NT was available, these remarks give further weight to arguments that the NSA is determined to have back doors. Weldon said that the deputy secretary of defense John Hamre had briefed him that "in discussions with people like Bill Gates and Gerstner from IBM that there would be... an unstated ability to get access to systems if we needed it. ... if there is some kind of tacit understanding, I would like to know what it is." Weldon's concern was that there was a need to document this policy for future administrations, and he said he wondered why access to systems couldn't be worked out formally with industry. "In fact, I called Gerstner and I said, .Can't you IBM people and... software people get together and find the middle ground, instead of us having to do legislation.'" Weldon continued: "I have advocated that we give significant new tax breaks to the encryption and software industry in this country to give them more incentive to stay in America and do their work here. ... I want to be absolutely certain that in terms of our ability to deal with intelligence overseas, to be able to have information dominance overseas, to be able to use the kinds of tools that the CIA and Defense Department needs in adversarial relationships that we are in fact providing..." Depending on their bravado to fact ratio, Weldon's remarks could give further legs to the allegation made last August by Andrew Fernandes of Cryptonym. These are detailed in the USA section of the EPIC report's country-by country review. Fernandes suggested that Microsoft might have included a key for the US National Security Agency in order to get approval for the export of NT. His clue is in service pack 5 for NT4, where it at least looks as though Microsoft forgot to remove information that identified the security components. The CryptoAPI in NT has a second backup key, and it has been suggested that this is in the possession of the NSA. Microsoft vigorously denies this, claims that it holds both keys, and says that the second key was a back-up for disaster-recovery purposes. This latter explanation would be consistent in view of Microsoft's record of opposing key escrow, but there are some additional nagging concerns. One enigma is the name of the back-up key - _NSAKEY. Microsoft says that "this is simply an unfortunate name" and that "the keys in question are the ones that allow us to ensure compliance with the NSA's technical review" and so became known at Microsoft as "the NSA keys". Fernandes makes several observations, including the suggestion that root keys should be symmetrically encrypted and cryptographically split to guard against loss - as happens in tamper-resistant hardware. Fernandes also noted that Microsoft has previously written poor software with the same weakness - in the Authenticode framework, for example. Fernandes also pointed out that there is a flaw in the way the crypto_verify function is implemented, because the NSA key can be eliminated or replaced easily. He produced a demonstration program to do this, which if used would remove the possibility of the NSA having export control. Replacing this NSA key would be commercially illegal, but if it is indeed a key owned by the NSA, the legality outside the USA of what is being done is an open question. There is a further possibility: it may be that the NSA did not in fact need a key as it had its own module between Windows and the encryption, which could of course specifically intercept just secure traffic. Microsoft cast further doubt on its explanation when it told the Washington Post that the _NSAKEY was "only a notation that conforms to technical standards set by the NSA". The snag with this explanation is that the NSA has no technical standards for publicly available cryptography, leaving Microsoft's claim looking very shaky. It is known that in 1996, IBM agreed with the NSA that in return for allowing Lotus Notes to be exported with 64-bit encryption, the NSA would get to have 24 of the bits, and so would only have to crack 40 bits, which was within the NSA's capability at that time.
----------------------------------
MICROSOFT COLLABORATING WITH US SPYMASTERS
By Thomas Greene
The Register (UK), 5th September 1999
There are few populations as eager as Americans to ascribe superhuman intelligence, incomparable organizational skills, and indefatigable malevolence to their government bureaucracies. It should surprise no one, then, that a newly-discovered crypto key in Windows 95, 98, 2000 and NT, unfortunately named NSAkey, has American conspiracy theorists rushing to arms. "NSA" might stand for anything, "New Slapdash Application", for example; but it is feared in this case to signify America's infamous international spook organization, the National Security Agency. The mystery key is one of two that ship with all editions of Windows and enable third parties to install security and software components without end-user authorization. The first is used by Microsoft; but until yesterday, no one knew what the second one was for, or who held the public portion of it. The mysterious second key is a back door for the National Security Agency to monitor Windows computers worldwide, according to Andrew Fernandes, chief scientist with security software outfit Cryptonym. The company believes not only this, but further that the NSA has had Windows crypto keys all along. We never knew it because, according to Fernandes, Microsoft has stealthily re-named the NSA keys before products containing them were released. But when Fernandes reverse-engineered a recent Win-NT service pack, he found the smoking gun: NSAkey in all its nefarious glory. The file name, he reckons, had slipped past the watchful eyes of the Microspies, thereby accidentally revealing the key's true identity and purpose to an American public who have always suspected as much. The NSA operates Echelon, a global network able to intercept most forms of electronic communication. The agency's charter forbids it to monitor US citizens on US soil; but it does spend a good deal of time monitoring the communications of foreign governments, embassies and corporations. This offshore orientation, combined with the secrecy normally attending most espionage operations, has left the agency open to deep suspicion and wild speculation among the American citizenry. The NSA is suspected of everything from the overthrow of foreign governments to negotiating the repatriation of hostages abducted by aliens. The agency does not grant telephone interviews, The Register discovered with some disappointment. Microsoft replied to Fernandes' charges by pointing out that all crypto software intended for export must be submitted to the National Security Agency for review. The name NSAkey merely indicates that the key passed muster with US export regulators. Microsoft claims to be the key's only holder. Fernandes has a different view. He believes that NSA holds the key, has always held the key, and uses it with impunity to modify Windows code in various foreign quarters. "It is tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system," he says. Indeed, the second key would enable a third party to modify the Windows OS code with a simple application. With that in mind, Cryptonym has posted detailed instructions on its web site to defeat would-be exploiters of NSAkey. And not a moment too soon, we are sure. Whether or not the NSA has any designs on the key, we know plenty of hackers who have.
