Microsoft denies it built 'backdoor' in Windows 7

Don't worry, company tells users; NSA involved only in security compliance standards

Microsoft today denied that it has built a backdoor into Windows 7, a concern that surfaced yesterday after a senior National Security Agency (NSA) official testified before Congress that the agency had worked on the operating system.

"Microsoft has not and will not put 'backdoors' into Windows," a company spokeswoman said, reacting to a Computerworld story Wednesday.

On Monday, Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security that the agency had partnered with the developer during the creation of Windows 7 "to enhance Microsoft's operating system security guide."

Echoing earlier concerns, Marc Rotenberg, the executive director of the Electronics Privacy Information Center (EPIC), questioned the wisdom of letting the NSA participate in OS development. "The key problem is that NSA has a dual mission, COMPUSEC, computer security, now called cyber security, and SIGINT, signals intelligence, in other words surveillance," Rotenberg said in an e-mail.

Yesterday, he raised the issue, which isn't new, of whether the NSA pressures companies like Microsoft to craft so-called "backdoors" into their code that would let the agency track users and intercept users' communications. Rotenberg called it an "obvious concern," and added that it might be difficult for major software makers to turn down NSA "suggestions" because the U.S. federal government is an important customer.

Today's categorical denial by Microsoft was accompanied by further explanation of exactly how the NSA participated in the making of Windows 7. "The work being discussed here is purely in conjunction with our Security Compliance Management Toolkit," said the spokeswoman.

The company rolled out the Windows 7 version of the toolkit late last month, shortly after it officially launched the operating system.

The compliance management toolkit provides a set of security configurations that address additional levels of risks beyond those addressed out of the box, as well as tools to deploy these configurations and monitor what Microsoft calls "configuration drift." The toolkit is aimed at enterprises, government agencies and other large-scale organizations.

Microsoft's rejection of the idea that it's hidden a backdoor in Windows came as no surprise to security researchers, who yesterday expressed doubt that the company would put its reputation at such risk. "I can't imagine NSA and Microsoft would do anything deliberate, because the repercussions would be enormous if they got caught," Roger Thompson, the chief research officer of antivirus vendor AVG Technologies, said yesterday.

John Pescatore, an analyst with Gartner Research, agreed. "[The concerns] are way overstated," he said today in an e-mail. "NSA worked with Microsoft and others, like Cisco, on security configuration standards for [their] products."

Cisco, in fact, has built "lawful intercept" capabilities into its products, including its Internetworking Operating System (ISO) and its VoIP (Voice over Internet Protocol) lines. The term describes the process by which law enforcement agencies conduct electronic surveillance of circuit and packet-mode communications under authorization, such as electronic wiretap orders.

Rotenberg still questioned NSA involvement. "The key point is that the NSA is not the right agency to promote computer security in the private sector," he argued. "The risks to end users are real -- the original NSA key escrow proposal, 'Clipper,' was a terrible idea -- and there is too little transparency about these arrangements."

The Clipper chip Rotenberg referred to was a project first proposed in 1993 that would offer ultra-strong encryption, but would allow access to encrypted data by law enforcement. The NSA proposal, however, raised a firestorm of protest and the idea was ultimately dropped.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags MicrosoftWindows 7nsa

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?