Monday, March 06, 2006

When is a back door not a back door?

Key Microsoft staff have been keen to stifle the story that they've been in discussions with Government Agencies over a backdoor into BitLocker, the new drive encryption method for Vista. The story was first published by BBC News in February.

Niels Ferguson from the BitLocker team explained that whilst they have been talking to Government Agencies, it has been about their own data security. He then leaves it wide open again by saying "[law enforcement agencies]... foresee that they will want to read BitLocker-encrypted data, and they want to be prepared". So, despite absolute statements about there being NO back doors, Microsoft's position remains muddy.

Are we, therefore, looking at a potential cat flap? Side door perhaps? Keys under the doormat anyone?

I could be reasonably thought of as broadly a supporter of Microsoft so I'm not raising this because I believe they have malicious intent. Far from it, I just find this discussion interesting from a definitions point of view. A back door suggests something about access. Well, to allow the law enforcement agencies to do their job, they don't need to go the whole way to providing access to Microsoft's clients' PCs. But if MS were to share encryption algorithms and techniques with forensic infosecs, would that technically be a back door?

What if that information was also publically available. Or to a lesser degree of detail? Or the knowledge released to officials first? What shade of grey is this back door?

Tags: , , ,

No comments: