Helping to Improve the Quality of Information in Northwest Florida
"Improving the Quality of Information in Northwest Florida..."



Be one of the thousands that have helped BeachBrowser keep on delivering the news.
!!DONATE HERE!!
 

Microsoft Denies Helping Government Snoop

By TED BRIDIS
04:50 AM ET 09/04/99

WASHINGTON (AP), Microsoft Corp. says it's not conspiring with the federal government to allow a spy agency to read what's on your personal computer. The claim against the maker of the popular Windows software was originally brought by security consultant Andrew Fernandes of Mississauga, Ontario, on his Web site.

It spread quickly in e-mail and discussion groups across the Internet, especially in those corners of cyberspace where Microsoft and the federal government are often criticized.

The charge of the alliance between Microsoft and the federal National Security Agency came after Fernandes stumbled across an obscure digital ``signing key'' that had been labeled the ``NSA key'' in the latest version of Microsoft's business-level Windows NT software.

An organization with such a signature key accepted by Windows could theoretically load software to make it easier to look at sensitive data, such as e-mail or financial records, that had been scrambled. The flaw would affect almost any version of Windows, the software that runs most of the world's personal computers.

Microsoft forcefully denied that it gave any government agency such a key, and explained that it called its function an ``NSA key'' because that federal agency reviews technical details for the export of powerful data-scrambling software.

``These are just used to ensure that we're compliant with U.S. export regulations,'' said Scott Culp, Microsoft's security manager for its Windows NT Server software. ``We have not shared the private keys. We do not share our keys.''

The claim against Microsoft, originally leveled by security consultant Andrew Fernandes of Mississauga, Ontario, on his Web site, spread quickly in e-mail and discussion groups across the Internet, especially in those corners of cyberspace where Microsoft and the federal government are often criticized. Culp called Fernandes' claims ``completely false.''

An NSA spokesman declined immediate comment.

Bruce Schneier, a cryptography expert, said the claim by Fernandes ``makes no sense'' because a government agency as sophisticated as the NSA doesn't need Microsoft's help to unscramble sensitive computer information.

``That it allows the NSA to load unauthorized security services, compromise your operating system, that's nonsense,'' said Schneier, who runs Counterpane Internet Security Inc. ``The NSA can already do that, and it has nothing to do with this.''

Fernandes, who runs a small consulting firm, said he found the suspiciously named ``NSA key'', along with another key for Microsoft, while examining the software code within the latest version of Windows NT.

The existence of the second key was discovered earlier by other cryptographers, but Fernandes was the first to find its official name and theorize about its purpose.

``That (the U.S. government) has ... installed a cryptographic back door in the world's most abundant operating system should send a strong message to foreign (information technology) managers,'' he warned on his Web site.

But Fernandes seemed less worried Friday in a telephone interview.

``I don't know that they have reason to lie,'' he said. ``The main point is, you can't really trust what they're saying. They've been caught with their hand in the cookie jar. In fact, I think they're being fairly honest, but you don't know what else is in Windows.''

Top of Page