2013/08/25

By Wolf Richter, Testosterone Pit.com: German Government Warns Key Entities

Not To Use Windows 8 Links The NSA. According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper but sales challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA, and in an unintended ironic twist, perhaps even to the Chinese. The backdoor is called "Trusted Computing," developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together. Its purpose is Digital Rights Management and computer security. The system decides what so had been legally obtained and would be allowed to run on the computer, and what software, such as illegal copies and Trojans, should be disabled. The whole process would be governed by Windows, and through remote access, by Microsoft. Now there is a new specifications out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way. Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Window 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time. It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers. NO, Microsoft would never do that, we protest. Alas, Microsoft , as we have learned from the constant flow of revelations, informs the US government of security holes in its products well before it issues fixes so that government agencies take advantage of the holes and get what they are looking for. Experts at the BSI, the Ministry of Economic Affairs, and the Federal Administration warned unequivocally against using computers with Windows 8 and TPM 2.0. One of the documents from early 2012 lamented, "Due to the loss of full sovereignty over the information technology, the security objectives of 'confidentiality' and 'integrity' can no longer be guaranteed." Elsewhere, the document warns, "This can have significant consequences on the IT security of the Federal Administration," And it concludes, "The use of 'Trusted Computing' technology in this form is unacceptable for the Federal Administration and for operators of critical infrastructure." Another document claims that Windows 8 with TPM 2.0 is "already" no longer usable. But Windows 7 can "be operated safely until 2020." After that other solutions would have to be found for the IT systems of the Administration. The documents also show that the German government tried to influence the formation of the TPM 2.0 specifications, a common practice in processes that take years and have many stakeholders, but was rebuffed. Others have gotten what they wanted, Die Zeit wrote. The NSA for example. At one of the last meetings between the TCG and various stakeholders, someone dropped the line, "The NSA agrees."         

No comments: