I’ve been wondering about Pentagon backdoors into personal computers for quite some time. Now we know. According to the German government, who had people in the room when the Windows 8 backdoor system was designed, Window 8 machines with the “Trusted Computing” chip are not to be trusted. They contain hardware and software that give anyone — including potentially the NSA and even the Chinese — with the embedded “control key” complete access to your system.
From a translation of the original German article (my emphasis and adjustments to the translation):
Windows 8 is an unacceptable security risk for companies and authorities, experts warn the government. [S]o-called Trusted Computing is [said to be] a back door for the NSA.
(“Windows 8 ist ein inakzeptables Sicherheitsrisiko für Behörden und Firmen, warnen Experten der Regierung. Das sogenannte Trusted Computing sei eine Hintertür für die NSA.”)
Looks straightforward to me. Have you bought your PC from the Pentagon? If you bought Windows 8, and if Microsoft is in bed with the NSA, you have.
Wolf Richter at Business Insider, reporting on an article in the German-language newspaper Die Zeit, has the story (h/t the Naked Capitalism links page; my emphasis and some reparagraphing everywhere):
According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor.
Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.
The backdoor is called “Trusted Computing,” developed and promoted by the Trusted Computing Group, founded a decade ago by the all-American tech companies AMD, Cisco, Hewlett-Packard, IBM, Intel, Microsoft, and Wave Systems. Its core element is a chip, the Trusted Platform Module (TPM), and an operating system designed for it, such as Windows 8. Trusted Computing Group has developed the specifications of how the chip and operating systems work together.
Its purpose is Digital Rights Management and computer security. The system decides what software had been legally obtained and would be allowed to run on the computer, and what software, such as illegal copies or viruses and Trojans, should be disabled. The whole process would be governed by Windows, and through remote access, by Microsoft.
Now there is a new set of specifications out, creatively dubbed TPM 2.0. While TPM [1.0] allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it in any way.
Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. In short, users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.
It would be easy for Microsoft or chip manufacturers to pass the backdoor keys to the NSA and allow it to control those computers.
No kidding. And would Microsoft actually do that? You know the answer is yes, because they’re already in bed with the Pentagon. They may have even developed the spy-chip in the first place at the request of the Pentagon — sorry, NSA — and simply ladled Digital Rights Management on top of it — either as a property-rights cover story, or a property-rights wet dream, or both.
A few more data points, then your takeaways. The hardware heart of the backdoor is the “Trusted Platform Module (TPM)” — some Orwellian genius named it perfectly. The original TPM (1.0) chip is opt in–opt out. The TPM 2.0 chip, on the other hand, turns on by default the first time you boot the machine. I know I quoted this above, but it bears memorization:
While TPM [1.0] allowed users to opt in and out, TPM 2.0 is activated by default when the computer boots up. The user cannot turn it off. … Windows governs TPM 2.0. And what Microsoft does remotely is not visible to the user. … [U]sers of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on for the first time.
Anyone with the “control key,” which is generated and added to the chip during production, can control the machine:
[D]uring production, the secret key to that backdoor is generated outside the chip and then transferred to the chip. During this process, copies of all keys can be made. “It’s possible that there are even legal requirements to that effect that cannot be reported.” And so the TPM is “a dream chip of the NSA.”
Perhaps even more ominously, he added: “The other realistic scenario is that TPM chip manufactures [factories] don’t sit within reach of the NSA, but in China….”
The China comment is sourced to this interview, also in German.
Are you stunned? I am. Are you surprised? Frankly, I’m not; I’ve been waiting for this. Now let’s ask Apple if they’re doing the same thing. After all, Apple is an arm of the Pentagon too.
This is blockbuster stuff, folks. The takeaways are simple:
■ This is real. Unless Die Zeit is wrong, this is the German government, who was party to the design meetings and negotiations, talking.
■ Do NOT buy a Windows 8 machine. The article says that Windows 7 will be good through 2020. One benefit of this action — Microsoft is a collaborator with Pentagon spying (because, folks, the NSA is the Pentagon), and it’s vulnerability is money. Windows 8 sales are in the tank. Kicking Windows 8 while it’s down sends a message to Microsoft and also to the Pentagon. (Yes folks, you too can “send a message.”)
■ Give this information to all of your friends. The enemy is Windows 8 and “Trusted Computing” hardware and software, as well as “Secure Boot” (see the article for that). Tell all of your friends that “Trusted” means the opposite of what it actually is — like “Clean Coal” or “Hope & Change.”
Tell them that “Trusted Computing” means “Don’t Trust This Computer”. Tell them that “Secure Boot” means “Insecure Boot”. Tell them that Microsoft works for the Pentagon, because it does. Repeat until you run out of people to tell.
■ If you already have Windows 8 with “Trusted Computing”, your system and everything it does is wide open to the NSA and potentially, to any Chinese manufacturers of the chip (see above). Consider buying something else, smaller perhaps and with Windows 7. If you can’t do that, just be careful. You never know when you’ll run afoul of an algorithm — like googling “pressure cooker” and “backpack” in the same day — that puts you (and your entire search history) on their active watch list.
■ Be glad. The spy-and-muscle arm of the state is really overreaching — has really overreached — and each of these revelations verifies the last revelation. This is a storm — some call it the Snowden effect — and it’s blowing in their faces, not yours.
■ Ask Apple if they’re doing the same thing? It’s the obvious next question, right?
The state is advertising its brutality; you can help them
Tim DeChristopher, Chelsea (formerly “Bradley”) Manning, Julian Assange, Ed (“We promise not to kill him“) Snowden — the punishment of these men is brutal, over the top, and intended to intimidate, to send a thuggish message.
Well, message sent; and worse for them, message sent to the world.
They’ve already lost Rachel Maddow, and in general, she’s not entirely unhappy with military doings. Their need to be brutal is our lever. Use it by waking people up. After all, you’re just telling the same truth they’re telling. Help make it “Message delivered.” It’s the least you could do (literally), and it’s easy.
More as it develops. When awareness of this Windows 8 backdoor hits widely in the U.S., it will hit big. More than half the country has an NSA (sorry, Microsoft) computer. Who will want Windows 8 if they know this?
UPDATE: I discussed Glenn Greenwald, Edward Snowden, The Guardian and the global security state at some length recently with radio host Arnie Arnesen. The MP3 file of that interview is at the link. Start listening at the 30-minute mark. Thanks.
To follow or send links: @Gaius_Publius