Microsoft denies it built 'backdoor' in Windows 7

Don't worry, company tells users; NSA involved only in security compliance standards

Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system.

"Microsoft has not and will not put 'backdoors' into Windows," a company spokeswoman said, reacting to a Computerworld story Wednesday.

On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 "to enhance Microsoft's operating system security guide."

Echoing earlier concerns, Marc Rotenberg, the executive director of the Electronics Privacy Information Center (EPIC), questioned the wisdom of letting the NSA participate in OS development. "The key problem is that NSA has a dual mission, COMPUSEC, computer security, now called cyber security, and SIGINT, signals intelligence, in other words surveillance," Rotenberg said in an e-mail.

Yesterday, he raised the issue, which isn't new, of whether the NSA pressures companies like Microsoft to craft so-called "backdoors" into their code that would let the agency track users and intercept users' communications. Rotenberg called it an "obvious concern," and added that it might be difficult for major software makers to turn down NSA "suggestions" because the U.S. federal government is an important customer.

Today's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. "The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit," said the spokeswoman.

The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system.

The compliance management toolkit provides a set of security configurations that address additional levels of risks beyond those addressed out of the box, as well as tools to deploy these configurations and monitor what Microsoft calls "configuration drift." The toolkit is aimed at enterprises, government agencies and other large-scale organizations.

Microsoft's rejection of the idea that it's hidden a backdoor in Windows came as no surprise to security researchers, who yesterday expressed doubt that the company would put its reputation at such risk. "I can't imagine NSA and Microsoft would do anything deliberate, because the repercussions would be enormous if they got caught," Roger Thompson, the chief research officer of antivirus vendor AVG Technologies, said yesterday.

John Pescatore, an analyst with Gartner Research, agreed. "[The concerns] are way overstated," he said today in an e-mail. "NSA worked with Microsoft and others, like Cisco, on security configuration standards for [their] products."

Cisco, in fact, has built "lawful intercept" capabilities into its products, including its Internetworking Operating System (ISO) and its VoIP (Voice over Internet Protocol) lines. The term describes the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications under authorization, such as electronic wiretap orders.

Rotenberg still questioned NSA involvement. "The key point is that the NSA is not the right agency to promote computer security in the private sector," he argued. "The risks to end users are real -- the original NSA key escrow proposal, 'Clipper,' was a terrible idea -- and there is too little transparency about these arrangements."

The Clipper chip Rotenberg referred to was a project first proposed in 1993 that would offer ultra-strong encryption, but would allow access to encrypted data by law enforcement. The NSA proposal, however, raised a firestorm of protest and the idea was ultimately dropped.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftWindows 7nsa

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?