Posted by Kevin on December 30, 2015.
A leopard does not change its spots. The Microsoft that sells Windows 10 devices today is the same Microsoft that failed to adequately explain the existence of the NSAKEY in its code, discovered by Andrew Fernandes in 1999. The only thing that has changed in the intervening years is that politicians and politicians’ servants have become cleverer at, well, politicking. Microsoft’s encryption for devices is just a new example.
An article in The Intercept this week explained that,
if you are like most users and login to Windows 10 using your Microsoft account, your computer automatically uploaded a copy of your recovery key – which can be used to unlock your encrypted disk – to Microsoft’s servers, probably without your knowledge and without an option to opt-out.
In security terms, your device encryption is worthless because you do not have control of the key. Given current US law that means that the US government (and probably a lot of other governments) will have access to your encrypted files by confiscating your computer (easily done) and demanding (and inevitably getting) the decryption key from Microsoft. You may think that MS is one of the good guys for giving you encryption, but in fact it is not because it did not.
It is an example of the increased subtlety of those watching us, similar to Microsoft and other tech giants opening up European data centers. If European data never leaves Europe we automatically believe it is safe from US government. This is wrong. Back in March 2015 Alexander Hanff commented (EU Data Centers are not safe from US Surveillance):
But where I have a problem is the fact that this trend serves one purpose and that purpose is to mislead European consumers, politicians and corporations – it is sleight of hand. By making these announcements that they are moving EU data into EU Data Centers, these global tech giants are attempting to mitigate some of the damage the Snowden revelations have done to the US cloud industry – but it is absolutely false.
Surveillance remains absolute and remains absolutely dangerous. The Founding Fathers understood. They created a Constitution designed to limit the power of government simply because government, any government, cannot be trusted. Government is not and never has been about protecting the people – it is about controlling the people. Now, today, we are simply allowing government to take total control over us. It already, through a combination of legal and illegal practices, has full access to everything we write, view or discuss on the internet – unless we encrypt it. Free speech and freedom of thought is a fallacy. As Lord Justice Laws wrote in 2012 (cf. The Good Constitution of Lord Justice Laws):
freedom of expression; and this is a right which is inherent in the autonomy of the individual, the very basis of the morality of law. Along with Article 9, freedom of thought and religion, it is integral to one of the law’s core principles – the presumption of liberty… And I think it is under threat.
Encryption is our only remaining safeguard for freedom of expression, our last defense against totalitarian government. This is why, for the last 30 years, governments have been seeking to ban or subvert the people’s encryption. Microsoft’s so-called encryption is an example of subversion.
In pretending to protect us from losing our data by retaining a recovery key for us, Microsoft is simply disguising the fact that we don’t really have encryption. It is doing what it has always done – pretending to be on its customers’ side while actually doing the bidding of government. A leopard does not change its spots – it just pretends to.Submitted in: Expert Views, Kevin Townsend's opinions |