Feeds

No backdoor for Vista - MS

'Nonsense', scoffs developer

High performance access to file storage

Microsoft developers have stepped forward to dismiss suggestions that the next versions of Windows might feature backdoor features to allow police access to encrypted files which might other be impossible to access.

A BBC report last month suggested the Home Office was in talks with Microsoft over ways to overcome any obstacles Windows Vista's wider use of encryption might pose to criminal investigations. Vista is due to feature hardware-based encryption, called BitLocker Drive Encryption, which acts as a repository to protect sensitive data in the event of a PC being either lost or stolen.

Speaking before a Commons home affairs select committee hearing, Professor Ross Anderson reportedly urged the government "to look at establishing 'back door' ways of getting around encryptions". Pro-active stuff but, as previously reported, a careful review of the rest of Anderson's comments reveal he has talking about the challenge posed to police forensic investigations by hard disk encryption. Not too much should be read into one particular phrase.

A Microsoft spokeswoman told The Register: "Windows Vista is engineered to be the most secure version of Windows yet. It is our goal to ensure enterprise users have full control over information on their PCs Microsoft has not and will not put 'backdoors' into Windows, its BitLocker feature, or any other Microsoft Products."

Just to make assurance twice sure, a Microsoft developer has waded into the debate. The idea that Microsoft is working with governments to create a back door into BitLocker-encrypted data would only happen "over my dead body", Niels Ferguson writes on the Microsoft System Integrity Team Blog titled Back-door nonsense.

"In the unlikely situation that we are forced to by {include a back door] law we'll either announce it publicly or withdraw the entire feature. Back doors are simply not acceptable. Besides, they wouldn't find anybody on this team willing to implement and test the back door," he added.

Microsoft is talking to various governments about Vista, but only in the context of becoming end users of the technology. It is also helping law enforcement organisations in preparing for the introduction of the technology. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.