NSA helped with Windows 7 development - Uh oh!
2009-11-21 0:00

By Gregg Keizer | ComputerWorld.com

Privacy expert voices 'backdoor' concerns, security researchers dismiss idea.

The National Security Agency (NSA) worked with Microsoft on the development of Windows 7, an agency official acknowledged yesterday during testimony before Congress.

"Working in partnership with Microsoft and elements of the Department of Defense, NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft's operating system security guide without constraining the user to perform their everyday tasks, whether those tasks are being performed in the public or private sector," Richard Schaeffer, the NSA's information assurance director, told the Senate's Subcommittee on Terrorism and Homeland Security yesterday as part of a prepared statement.

"All this was done in coordination with the product release, not months or years later during the product lifecycle," Schaeffer added. "This will improve the adoption of security advice, as it can be implemented during installation and then later managed through the emerging SCAP standards."

Security Content Automation Protocol, or SCAP, is a set of standards for automating chores such as managing vulnerabilities and measuring security compliance. The National Institute of Standards and Technologies (NIST) oversees the SCAP standards.

This is not the first time that the NSA has partnered with Microsoft during Windows development. In 2007, the agency confirmed that it had a hand in Windows Vista as part of an initiative to ensure that the operating system was secure from attack and would work with other government software. Before that, the NSA provided guidance on how best to secure Windows XP and Windows 2000.

According to Marc Rotenberg, the executive director of the Electronics Privacy Information Center (EPIC), the NSA's involvement with operating system development goes back even farther. "This battle goes back to at least the crypto wars of the early '90s," said Rotenberg, who remembered testifying about the agency's role in private sector computer security standards in 1989.

But when the NSA puts hands on Windows, that raises a red flag for Rotenberg, who heads the Washington, D.C.-based public interest research center. "When NSA offers to help the private sector on computer security, the obvious concern is that it will also build in backdoors that enables tracking users and intercepting user communications," Rotenberg said in an e-mail. "And private sector firms are reluctant to oppose these 'suggestions' since the US government is also their biggest customer and opposition to the NSA could mean to loss of sales."

Rotenberg's worries stem from the NSA's reputation as the intelligence agency best known for its eavesdropping of electronic messaging, including cell phone calls and e-mail.

Andrew Storms, the director of security operations at nCircle Security, didn't put much credence in the idea that Microsoft would allow the NSA to build a hidden entrance to Windows 7. "Would it be surprising to most people that there was a backdoor? No, not with the political agenda of prior administrations," said Storms. "My gut, though, tells me that Microsoft, as a business, would not want to do that, at least not in a secretive way."

Roger Thompson, chief research officer at AVG Technologies, agreed. "I can't imagine NSA and Microsoft would do anything deliberate because the repercussions would be enormous if they got caught," he said in an interview via instant messaging.

"Having said that, I think we should understand that there is every likelihood that certain foreign governments are constantly looking for vulnerabilities that they can use for targeted attacks," Thompson continued. "So if they're poking at us, I think it's reasonable to assume that we're doing something similar. But I seriously doubt an official NSA-Microsoft alliance."

The NSA's Schaeffer added that his agency is also working on engaging other major software makers, including Apple, Sun and Red Hat, on security standards for their products.

"More and more, we find that protecting national security systems demands teaming with public and private institutions to raise the information assurance level of products and services more broadly," Schaeffer said.

Microsoft was not immediately available for comment on the NSA's participation in Windows 7's development.

Article from: ComputerWorld.com

Related Articles
China joins supercomputer elite
Glenn Beck: Cars.gov Allows Government to Takeover your Computer (Video)
Europe's fastest supercomputer unveiled in Germany
Barack Obama's 'Black Widow' : The Super Spy Computer
Russian hackers penetrate Pentagon computer system in cyber attack
Hackers claim thereís a black hole in the atom smashersí computer network
Air Force Aims for 'Full Control' of 'Any and All' Computers
Computer hackers 'may be behind Hillary Clinton's shock new Hampshire victory'
Napolitano Says Americans Have a Responsibility to Spy On Each Other
Cable TV Workers Trained To Spy On Citizens
Internet ad tracking system will put a 'spy camera' in the homes of millions, warns founder of the web
CIA and Google Team Up Again For More Spying
NSA to spy on 38% of world telecom traffic
Is your firewall spying on you?
Microsoft, Google, PayPal all want to share your ID
Microsoft & Google don't Deny Participation in NSA Program
Microsoft Vista and the Death of Internet Freedom

Latest News from our Front Page

Sweden to give over 8 million euros to Turkey for "refugee deal" - Europe to give three billion euros total
2015-12-01 1:44
Prime Minister Stefan Löfven announced on Sunday that Sweden would contribute to a joint action plan agreed by nine EU nations designed to limit the number of refugees arriving in Europe via Turkey. The deal came after the German Chancellor Angela Merkel held a surprise summit in Brussels involving the leaders of nine countries including Sweden, France and the UK. The European ...
Swedish woman raped by "refugee" refuses to report it because she feels sorry for him
2015-12-01 0:12
Victim sympathized with rapist's "difficult situation" A Swedish woman who was raped by an Iraqi ‚Äúrefugee‚ÄĚ on a train initially refused to report the incident to police because she ‚Äėfelt sorry‚Äô for her attacker. The incident occurred on a night train between Ume√• and Sundsvall back in October. The Iraqi refugee was traveling back to Sweden because he was unhappy with the ...
ISIS Oil Trade Full Frontal: "Raqqa's Rockefellers," Bilal Erdogan, KRG Crude, And The Israel Connection
2015-11-30 21:56
"Effectively, we have been financially discriminated against for a long time. By early 2014, when we did not receive the budget, we decided we need to start thinking about independent oil sales‚ÄĚ --  Ashti Hawrami, Kurdistan‚Äôs minister for natural resources In June of 2014, the SCF Altai (an oil tanker) arrived at Ashkelon port. Hours later, the first shipment of Kurdish ...
Prosecutors ban Soros Foundation as 'threat to Russian national security'
2015-11-30 21:04
The Russian Prosecutor General’s Office has recognized George Soros’s Open Society Institute and another affiliated organization as undesirable groups, banning Russian citizens and organizations from participation in any of their projects. In a statement released on Monday, prosecutors said the activities of the Open Society Institute and the Open Society Institute Assistance Foundation were a threat to the foundations of Russia’s ...
Israeli Colonel Caught with Islamic State (IS) Pants Down
2015-11-30 21:11
This was definitely not supposed to happen. It seems that an Israeli military man with the rank of colonel was ‚Äúcaught with IS pants down.‚ÄĚ By that I mean he was captured amid a gaggle of so-called IS‚Äďor Islamic State or ISIS or DAESH depending on your preference‚Äďterrorists, by soldiers of the Iraqi army. Under interrogation by the Iraqi intelligence ...
More News »