Last week, a Canadian programmer stumbled upon an obscure digital “signing key” labeled “NSA Key” in the latest version of Microsoft’s NT software. The discovery led him to accuse Microsoft of putting in a secret “back door” that allows the National Security Agency to snoop into the files of unsuspecting PC users.
Microsoft immediately denied the charges, explaining that it called the function an “NSA Key” because it is the NSA that reviews technical details for the export of powerful encryption software. The NSA declined immediate comment.
For the sake of argument, if any government agency were given such a signature key, security experts say it would be able to load software enabling that agency to look at sensitive data. The information could include e-mail, financial records or any personal documents that had been encrypted — or not.
Microsoft’s Secrets Breed Distrust
Ontario, Canada-based security consultant Andrew Fernandes originally posted his concerns about the “NSA Key” on his Web site at www.cryptonym.com. On the site, Fernandes repeated the charges that Microsoft and the NSA were working in tandem.
“The U.S. government is currently making it as difficult as possible for ‘strong’ crypto to be used outside of the U.S. That they have also installed a cryptographic back door in the world’s most abundant operating system should send a strong message to foreign IT managers,” Fernandes warned on his Web site.
Paranoia or Legitimate Concern?
Meanwhile, some security experts are pooh-poohing Fernandes’ claims by implying that his charge is simply another fit of paranoia in a world already filled to the brim with unfounded conspiracy theories. To back up this notion, experts point out that the NSA’s spying abilities are so sophisticated that it is already capable of tapping into any computer without the aid of such a back door.
But their ridicule and explanations offer little solace to Fernandes and thousands of others like myself who remain unconvinced. After all, while it is probably true that the NSA already has the resources to snoop on individual PCs, such a back door would just make the job that much easier. In addition, Microsoft’s history of being a company that is diametrically opposed to full disclosure does little to douse the flames of this latest conspiracy theory.
Fernandes drove this point home by saying that Microsoft had done little to earn trust and only admitted the existence of the “NSA Key” after it had been caught with its hand in the cookie jar.
I agree with him. If there’s nothing to this charge, Microsoft and the NSA should hold a joint news conference and let security experts like Fernandes have the information that would convincingly prove there is no such “back door.”
Otherwise, the issue remains unresolved.
What do you think? Let’s talk about it.