Security

No Back Doors: Microsoft Opens Windows Source Code to EU Governments

No Back Doors: Microsoft Opens Windows Source Code to EU Governments

Responding to years-old complaints that its Windows operating systems may include secret “backdoors,” Microsoft this past week opened a Transparency Center in Brussels and invited EU governments to analyze its source code. The aim is simple: Establish that such rumors are wrong and lets governments confirm the safety and security of Windows and other Microsoft products.

“We hope that this facility will help us build trust in the online world,” Microsoft vice president of security Matt Thomlinson says. “In addition to the opportunity to review source code at our Transparency Centers, the program allows participants to access important technical documentation about our products and services, as well as cybersecurity threat and vulnerability information.”

The new center is already popular, with 42 law enforcement agencies from 23 countries participating in Microsoft’s Government Security Program. And the EU Transparency Center is the second such Microsoft facility: the software giant opened its first Transparency Center in its home town of Redmond, Washington last year. And it plans future sites in South America and Asia too.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

But with increasing fear, uncertainty and doubt—FUD—being spread about software systems in the wake of the Edward Snowden revelations, attention has turned, as it does cyclically, to persistent rumors that Microsoft is secretly working with the US government to create backdoors in Windows and other systems so that they can aid in law enforcement requests, bypassing encryption and performing other dastardly deeds.

The latest round of stupidity comes courtesy of an alarmist article by The Intercept, which breathlessly explains that “a great many people, particularly in information security circles” simply don’t trust Microsoft software, especially the BitLocker encryption technologies, which are “meant to distract people from the company’s cozy relationship with the government.” (I’m so naïve I thought BitLocker was about protecting customer data.)

Worst, the guileless Intercept article quotes respected security expert Bruce Schneier, who, amazingly, recommends a rival proprietary encryption technology over Microsoft’s because, get this, he “has met people at the company and [has] a good feeling about them.” After all, security is “all about trust,” he notes. Wow.

As proof of Microsoft’s “cozy” relationship with governments, in particular the US government, The Intercept notes that Microsoft has “reportedly” worked “hand-in-glove with the government to provide early access to bugs in Windows and to customer data in its Skype and Outlook.com products.” BitLocker “is known” to have been backdoored by government spies. And that a technology Microsoft removed from BitLocker because of performance and FIPS compliance concerns was in fact done specifically to make BitLocker less secure.

Yes, it’s insane. But like any reputation issue, things that aren’t true can be repeated and become true in the minds of others. This is how all good conspiracy theories work, after all. It just sounds too good not to be true. Of course Microsoft works with the US government. Of course it does.

So now Microsoft is working with EU governments too. Just not in the way that “a great many people, particularly in information security circles,” would believe: it is allowing their technology experts to access the source code for Windows and other products and determine that they’re safe—or not—on their own.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at Thurrott.com, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: