--- begin forwarded text From: "Dan S" <[EMAIL PROTECTED]> To: "isml" <[EMAIL PROTECTED]> Subject: IP: Microsoft Letting Government Snoop Date: Fri, 3 Sep 1999 20:33:46 -0400 Sender: [EMAIL PROTECTED] Reply-To: "Dan S" <[EMAIL PROTECTED]> >From http://www.news-real.com/apnews/19990903/21/01/5687004_st.html - Microsoft Letting Government Snoop Associated Press WASHINGTON (AP) -- [ Microsoft Corp. ] sought to assure consumers Friday that it did not insert a secret backdoor in its popular Windows software to allow the U.S. government to snoop on their sensitive computer data. The sensational charge of a quiet alliance between Microsoft and the U.S. National Security Agency came after a Canadian programmer stumbled across an obscure digital "signing key" that had been labeled the "NSA key" in the latest version of Microsoft's business-level Windows NT software. An organization with such a signature key accepted by Windows could theoretically load software to make it easier to look at sensitive data -- such as e-mail or financial records -- that had been scrambled. The flaw would affect almost any version of Windows, the software that runs most of the world's personal computers. Microsoft forcefully denied that it gave any government agency such a key, and explained that it called its function an "NSA key" because that federal agency reviews technical details for the export of powerful data-scrambling software. "These are just used to ensure that we're compliant with U.S. export regulations," said Scott Culp, Microsoft's security manager for its Windows NT Server software. "We have not shared the private keys. We do not share our keys." The claim against Microsoft, originally leveled by security consultant Andrew Fernandes of Ontario on his Web site, spread quickly in e-mail and discussion groups across the Internet, especially in those corners of cyberspace where Microsoft and the federal government are often criticized. Culp called Fernandes' claims "completely false." An NSA spokesman declined immediate comment. Bruce Schneier, a cryptography expert, said the claim by Fernandes "makes no sense" because a government agency as sophisticated as the NSA doesn't need Microsoft's help to unscramble sensitive computer information. "That it allows the NSA to load unauthorized security services, compromise your operating system -- that's nonsense," said Schneier, who runs Counterpane Internet Security Inc. "The NSA can already do that, and it has nothing to do with this." Fernandes, who runs a small consulting firm in Canada, said he found the suspiciously named "NSA key" -- along with another key for Microsoft -- while examining the software code within the latest version of Windows NT. The existence of the second key was discovered earlier by other cryptographers, but Fernandes was the first to find its official name and theorize about its purpose. "That (the U.S. government) has ... installed a cryptographic back door in the world's most abundant operating system should send a strong message to foreign (information technology) managers," he warned on his Web site. But Fernandes seemed less worried Friday in a telephone interview. "I don't know that they have reason to lie," he said. "The main point is, you can't really trust what they're saying. They've been caught with their hand in the cookie jar. In fact, I think they're being fairly honest, but you don't know what else is in Windows." Publication Date: September 03, 1999 Powered by NewsReal's IndustryWatch -- Dan S ********************************************** To subscribe or unsubscribe, email: [EMAIL PROTECTED] with the message: (un)subscribe ignition-point email@address ********************************************** <www.telepath.com/believer> ********************************************** --- end forwarded text ----------------- Robert A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'