Did Microsoft cooperate with the National Security Agency on a key through which the NSA could theoretically make what you think are private computer files or correspondence unprivate?
No one knows - yet. But as if Microsoft wasn't having enough software or program security trouble of late, now there's said to be a back door which allows the NSA to enter systems using one of the operating Microsoft versions.
Microsoft denies that there's even a back door for the NSA to slip into. And the NSA is prohibited by law from eavesdropping on American citizens.
This at a time when there is skittishness over federal government attempts to make it easier to break into personal computers at home and in business for alleged security and criminal protection reasons.
But at a recent conference in Santa Barbara, cryptology expert Andrew Fernandes says Windows products use two keys, one belonging to Microsoft (allowing them to load cryptography services securely) and one to the NSA - meaning the NSA can also load cryptography services onto your machine securely "and without your authorization."
That bombshell prompted Zero-Knowledge Systems chief scientist Ian Goldberg to say the discovery "highly suggests" the NSA has a key it can use to get into encrypted systems on anyone's Windows system, including Win95, Win98, Win2000, and WinNT4.
CNN says Zero-Systems, in fact, is about to release a security product built specially to make such security flaws impossible.
The network also says it's not exactly clear why - or if - Microsoft cooperated with the NSA on the key to its CryptoAPI, the standard interface to its cryptography services.
"The key is a Microsoft key - it is not shared with any party, including the NSA," says Scott Culp, who manages Windows NT security for Microsoft, to Wired. "We don't leave back doors in any products." He says the key was added to indicate it passed NSA encryption standards.
But Fernandes has issued a program on his Web site which will disable the key.
The NSA hasn't commented yet. Wired says the agency did not answer a request for comment via fax - the only way the NSA communicates with media inquiries.
The NSA does operate Echelon, a global eavesdrop network which is said to be able to intercept "just about any form of electronic communications" internationally, Wired says.
