TechWeb: Privacy Groups Dismiss Microsoft NSA DenialSep 06, 1999, 23:43 (9 Talkback[s])
(Other stories by Guy Middleton)
[ Thanks to theHippo for this link. ]
"Microsoft moved swiftly on Friday to deny allegations that it included an NSA (U.S. National Security Agency) back door into the Windows operating system..."
"The software company said the key was labeled NSA because the NSA acted as the review body for the restricted export of encryption technology from the U.S., and that key was designed to be compliant with U.S. export laws. Microsoft said the NSA-labeled key was simply a "back-up" for the one used by Microsoft to allow it to update cryptography components (labeled "KEY")..."
"Microsoft said the back-up key was there should the original ever be lost due to a natural disaster. The company also acknowledged the name of the key was "unfortunate."
"I don't believe them -- what kind of natural disaster are they talking about? A meteor destroying all the earth's structures?" said Privacy International director general, Simon Davies."Microsoft's argument is inconsistent with its operating procedure -- it could hold a single key in multiple locations, that is a standard security procedure." He added that to compromise user security, "it's not necessary to share access with the NSA -- simply complying with their requirements will do that."