Wired: Debate flares over MS 'Spy Key'Sep 06, 1999, 21:03 (8 Talkback[s])
(Other stories by James Glave)
"Questions lingered Friday over whether or not security experts overreacted to a scientist's charge that Microsoft built a backdoor in Windows for a US spy agency to enter. Microsoft vehemently denied the claims of Andrew Fernandes, chief scientist for security software company Cryptonym."
"But Fernandes stood his ground. 'Some of the things [Microsoft said] make sense, some of them don't,' he said. ...'Their story only kind of makes sense,' he added. 'If that is in fact true, it means their crypto protocol is poor, there is no other word for it.' Crypto expert Marc Briceno did have another word for it: 'feeble.'
'I must say I do not believe Microsoft's present explanation that the presence of the _NSAKEY corresponds to standard practices in software development,' said Marc Briceno, director of the Smartcard Developer Association. 'There is no technical reason for Microsoft to include a second security module verification key in their operating system ... to mark the passing of export requirements,' Briceno said."
"But John Gilmore, a co-founder of the Electronic Freedom Foundation, said that the case was far from clear. Gilmore quoted Microsoft's Scott Culp, who said in a previous Wired News story that the _NSAKEY was only in place 'to ensure that we and our cryptographic partners comply with United States crypto export regulations.' Gilmore said that the crypto community has always wondered what exactly the deal was between NSA and Microsoft that allows the company to plug strong crypto into software that is sold worldwide."
" 'This key was part of the quid-pro-quo that NSA extracted to issue the export license. Let's hear what the whole quid-pro-quo was and what the key is *actually* used for,' Gilmore wrote."