LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

UK holds Microsoft security talks (BBC)

UK holds Microsoft security talks (BBC)

Posted Feb 16, 2006 8:01 UTC (Thu) by jd (guest, #26381)
Parent article: UK holds Microsoft security talks (BBC)

IANAL, so the remainder of this post is pure and wild speculation. Imbibe plenty of sodium chloride when reading.

Although the Government is permitted access to data for national security reasons, under UK law, Microsoft is NOT permitted to install backdoors without the user's knowledge and consent. For the installer or upgrader to add such a backdoor, it would necessarily be conducting unauthorized activity on the user's computer, which would violate the Computer Misuse Act. Any such backdoor would need to be publicly declared and openly agreed to. Under the Data Protection Act, Microsoft would also be barred from holding any information that might associate a backdoor key with the user's personal information. Nor can such information be exported to Microsoft, as the EU bans the trade of personal information to countries that lack privacy laws (such as the US).

Also, backdoors might constitute a picklock. In the ruling of the case involving a hacker breaking into Prince Philip's PRESTEL mailbox, the court ruled that a digital key that existed for a fraction of a second (the hacker used a password guesser, I believe) was not a picklock, so by guessing keys, he was not "breaking and entering". A backdoor is essentially permanent, so that defense would not apply.

Although the UK Government couldn't realistically be touched for requesting such a backdoor, there MAY be ways Microsoft could be legally vulnerable if they supplied one, but even if they were, it would take a genius of a lawyer to pull off a stunt like that.

A different line of attack might be to put pressure on Euro MPs regarding the current Microsoft lawsuits. The more the EU hurts Microsoft now, the less likely Microsoft is to play ball with ANY European state on legal or security requirements. Besides which, they'd be less likely to risk further entanglements with the EU as a whole, no matter what any one member state wanted.

(Log in to post comments)

UK holds Microsoft security talks (BBC)

Posted Feb 16, 2006 19:18 UTC (Thu) by copsewood (subscriber, #199) [Link]

"Microsoft is NOT permitted to install backdoors without the user's knowledge and consent. For the installer or upgrader to add such a backdoor, it would necessarily be conducting unauthorized activity on the user's computer, which would violate the Computer Misuse Act."

The last time I actually read the Microsoft clickthrough agreement this was couched in terms that gives the user's consent to Microsoft to do whatever it likes. Sony selling a CD to play music with no or unclear information on the CD or packaging it comes with that installs a rootkit if an attempt is made to play the CD using a computer is another matter entirely.

The prestel exploit...

Posted Feb 18, 2006 17:20 UTC (Sat) by dps (subscriber, #5725) [Link]

Last time I heard about it there was a less well publicised telephone number that corresponded to a prestel test system. This, without any exploitation or prompting, told you the prestel administrator's user name and password. This was an early example of security through obscurity not working.

I suspect if the UK government does get a back door into windows vista that the law will be changed to allow it. I also suspect that there is no backdoor, or other key recovery/bypass technology, that is safe from abuse by criminals.

P.S. Last time I head about it not having the keys, and therefore being unable to decrypt the incriminating data, *is* a good enough excuse for neither doing it nor giving the authorities the required keys.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds