About those alleged backdoors in Microsoft products...

Scott Charney, of Microsoft's Trustworthy Computing, said the government has "never" asked for a backdoor in Microsoft products. Yet a former engineer working on BitLocker claimed the government does ask, but those requests are “informal.”

Hartwig HKD (Creative Commons BY or BY-SA)

Four of Microsoft's offices in Beijing, Shanghai, Guangzhou and Chengdu, China, were raided as part of an official government investigation. Microsoft China spokeswoman Joan Li confirmed that Investigators of the State Administration for Industry and Commerce were investigating the company and that Microsoft would “actively cooperate”’ with the Chinese government. The South China Morning Post reported that the investigation may involve antitrust matters.

In May, China cited computer security concerns and banned Windows 8 from being installed on government PCs. After China claimed Microsoft had backdoors in the OS to allow for U.S. government spying, Microsoft issued the following five statements:

  1. Microsoft has never assisted any government in an attack of another government or clients.
  2. Microsoft has never provided any government the authority to directly visit our products or services.
  3. Microsoft has never provided any so-called "Backdoor" into its products or services.
  4. Microsoft has never provided the data or info of our clients to the U.S. Govt. or National Security Agency.
  5. Microsoft has never concealed any requests from any government for information about its clients.

Regarding the raid on Microsoft offices, a Microsoft spokeswoman told NDTV, "We aim to build products that deliver the features, security and reliability customers expect and we're happy to answer the government's questions."

About those alleged backdoors…

Last week, attorneys for the NSA, CIA and DNI joined Microsoft’s Scott Charney, Corporate Vice President for Trustworthy Computing, in “Striking the Right Balance between Security and Liberty,” a panel discussion at the Aspen Institute moderated by the Washington Post’s Greg Miller.

When asked if the government compelled Microsoft to add a backdoor to Skype, Charney replied that the government had “never done that” and that Microsoft “would fight it tooth and nail in the courts.”

The government can use FISA to compel companies “to provide technical assistance,” but if the government said “put in a backdoor,” then Microsoft “would fight it all the way to the Supreme Court.” Charney added, “If the government did that, and I really don’t think they would, it would be at the complete expense of American competitiveness. Because if we put in a backdoor for the U.S. government, we couldn’t sell anywhere in the world, not even in America.”

Yet in September 2013, The New York Times reported the NSA worked with Microsoft “officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service. Microsoft asserted that it had merely complied with ‘lawful demands’ of the government, and in some cases, the collaboration was clearly coerced.”

Mashable followed up these claims by asking the FBI if it had ever asked for backdoors in Microsoft products. Although the feds denied it, Peter Biddle, the head of the engineering team working on BitLocker in 2005, claimed that the government makes “informal requests” for backdoors. Allegedly after making claims about “going dark,” the FBI “informally” asked Microsoft for a backdoor in BitLocker.

A request for a backdoor, whether informal or not, is still a request for a backdoor. That’s quite a bit different than the government having “never done that,” but perhaps the feds didn’t request backdoor access directly from Charney?

If you take what Microsoft's General Counsel Brad Smith says at face value, then in this post-Snowden era, Microsoft is working hard on transparency and surveillance reforms…especially to “protect Microsoft’s enterprise customers regarding government surveillance.”

Yet you might be wise to recall that Caspar Bowden, the man formerly in charge of Microsoft's privacy policy for 40 countries, claims he no longer trusts Microsoft or its software; he added that Microsoft's corporate strategy is to grind down your privacy expectations and that the company's transparency policies are nothing more than "corporate propaganda."

Copyright © 2014 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)