Microsoft Friday denied rumors that have been circulating all week that it had put hidden “back doors” into Windows 7 at the federal government’s request. But that still leaves some wondering, who can you really trust?
The rumors began Tuesday, when Richard Schaeffer, director of the National Security Agency’s (NSA) Information Assurance Directorate told a Senate panel that NSA has a “longstanding relationship” with Microsoft (NASDAQ: MSFT) to shore up the operating system and software that runs on government computers, and praised the security features in the recently released Windows 7.
The hearing focused on how to protect the nation’s computing and communications infrastructure from terrorist attacks, but the tone of Schaeffer’s comment sparked concerns with at least one privacy watchdog.
“The central question is whether it’s a good idea for the NSA to be involved in software standards,” Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), told InternetNews.com. “Invariably, it looks for ways to build in back doors.”
As an example, Rotenberg pointed to a lawsuit against AT&T filed by another digital-rights organization, the Electronic Frontier Foundation (EFF), in 2006 after whistle blowers alerted the public to collaboration between the security agency and the telecommunication carrier.
The EFF accused NSA of not just monitoring international calls and e-mail traffic, but also went after the agency for illegally monitoring domestic communications.
“A lot of people have expressed concerns about the NSA’s path into the [domestic] phone system,” EPIC’s Rotenberg added.
In his written testimony, Schaeffer told the Senate panel that NSA had been working with Microsoft, as well as the branches of the military and other groups “to build consensus on common security configurations for Microsoft Operating systems such as XP, Vista, Internet Explorer and firewalls.”
Schaeffer also said that NSA had worked with Microsoft to develop the security configuration guide that followed the recent released of Windows 7.
Little wonder then that the questions about new versions of Microsoft’s Windows having such back doors that would give the NSA or Department of Homeland Security easy and secret access to any user’s computer have been a perennial rumor. The same concerns have arisen with earlier releases, and have generally been deemed paranoid.
The company responded with a vehement denial that anything of the sort is going on.
“Microsoft has not and will not put ‘back doors’ into Windows,” a Microsoft spokesperson said in a statement e-mailed to InternetNews.com
The underlying message in Microsoft’s statement is that the collaboration that Schaeffer referenced in the Senate panel was about protecting users, not about helping to hijack their bits.
“This work is purely focused on standardizing industry best practices for hardening systems against common attacks and is freely available for download, review and usage on TechNet,” the spokesperson said, referring to Microsoft’s online portal for IT professionals.