Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Government Wants a Backdoor Into Windows

Posted by CmdrTaco on from the there-are-plenty-of-worms-available dept.

REBloomfield writes "The BBC is reporting that the British Government is working with Microsoft in order to gain backdoor access to hard drives encrypted by the forthcoming Windows Vista file system. Professor Anderson, professor of security engineering at Cambridge University, urged the Government to contact Microsoft over fears that evidence could be lost by suspects claiming to have forgotten their encryption key."

8 of 598 comments (clear)

  1. China & PGP by eldavojohn · · Score: 5, Informative
    Well, to be fair, a few people do believe that Microsoft has a backdoor built into their OS that would allow the United States Government to shut down all Chinese Government PCs running Windows.

    Oh, and there are a few people who also consider encryption a matter of freedom of speech.

    Funny the U.S. government targets Phil Zimmermann for three years but hardly raises so much as an eye when an encryption enabled OS is distributed. From Mr. Zimmermann's homepage:
    Philip R. Zimmermann is the creator of Pretty Good Privacy, an email encryption software package. Originally designed as a human rights tool, PGP was published for free on the Internet in 1991. This made Zimmermann the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread worldwide.
    I think that his "criminal activity" was creating an encryption tool that allowed messages to be encrypted beyond what the United States government was capable of deciphering in a timely manner. Does anyone know if this is still enforced? Does anyone know what the max key length is now if it is? I think it was something like 128 bits (that the government could crack) around the time of PGP.
    --
    My work here is dung.
  2. Truecrypt by ivan+kk · · Score: 5, Informative

    Let them try.
    We have alternatives.
    http://www.truecrypt.org/

  3. They just need to wait... by Arthur+B. · · Score: 5, Insightful

    ... until the crack is published :) (sadly this is more insightful than funny)

    --
    \u262D = \u5350
  4. What about the RIP bill? by twoshortplanks · · Score: 5, Insightful
    From TFS:
    Professor of security engineering at Cambridge University, urged the Government to contact Microsoft over fears that evidence could be lost by suspects claiming to have forgotten their encryption key.
    Then lock them up for that. It's a crime to not provide your key under the RIP bill. If the government is going to pass stupid legislation like that, then they shouldn't need these backdoors.
    --
    -- Sorry, I can't think of anything funny to say here.
  5. What's the point when you have RIP? by TheEvilOverlord · · Score: 5, Informative

    I don't really see why the need this anyway.

    The government has the RIP Act (Regulation of Investigatory Powers Act 2000) which allows them to detain you, with a press gagging order if you refuse to hand over the encryption key they need to decrypt your data. If you refuse or claim you have forgotton and they don't believe you, then it's two years in gaol for you sonny jim.

    They only really got this into law because most people don't understand it. Oh and don't forget that since this government came to power the amount of time they can hold you, uncharged, under the terrorism act has gone from 7 to 28 days... and the police want 90! Yes ninety days, 3 months, 2160 hours!

  6. since when... by revery · · Score: 5, Insightful

    Since when does the government have a right to all evidence in any case? One aspect of English law that I thought existed, is that the people should be protected from the government (particularly from self-incrimination). One could reasonably argue that the average citizen needs the availability of government-inaccessible encryption, due to the decreased cost (in terms of time and manpower) required to search through computer records vs. paper records. Current computers, and the massive amounts of data that they store (internet cookies, browsing history, cache data, registry entries, etc.) make fishing expeditions much, much, easier on law enforcement than sifting through physical documents and interviewing co-workers and family.

  7. Plausible deniability ... and continued access by Anonymous Coward · · Score: 5, Interesting

    It's worth noting that harm can come not only from data being revealed under coercion, but also from data becoming unavailable.

    If terrorists or an oppressive government take your computer and hard drives away, anyone who depends on that data is very much out of luck.

    For this reason, local encrypted filestores and plausible deniability are only part of the puzzle. Quite a lot more is required, in particular cryptographic online distribution.

    A comprehensive solution will need to use a large population of fixed size raw dataspaces spread across the net, instead of local disks. Quite likely, it would be stored steganographically 1:<large-N>:1 so that (for example) changing webcam images could be used as repositories. And it will need cryptographically-random access for site selection and dataspace selection and to individual bits in the dataspaces. And it'll need huge redundancy since the online storage will be inherently unreliable, yet without laying the scheme open to pretty simple differential cryptoanalysis.

    That's a very tall order.

  8. Backdoor code by d_54321 · · Score: 5, Funny

    You know what the secret code for the backdoor to encrypted data on a harddrive running Vista is gonna be, don't you?

    Up-Up-Dn-Dn-Lt-Rt-Lt-Rt-A-B-A-B-Ctrl-Enter

    --
    Support the FairTax