Responding to years-old complaints that its Windows operating systems may include secret “backdoors,” Microsoft this past week opened a Transparency Center in Brussels and invited EU governments to analyze its source code. The aim is simple: Establish that such rumors are wrong and lets governments confirm the safety and security of Windows and other Microsoft products.
“We hope that this facility will help us build trust in the online world,” Microsoft vice president of security Matt Thomlinson says. “In addition to the opportunity to review source code at our Transparency Centers, the program allows participants to access important technical documentation about our products and services, as well as cybersecurity threat and vulnerability information.”
The new center is already popular, with 42 law enforcement agencies from 23 countries participating in Microsoft’s Government Security Program. And the EU Transparency Center is the second such Microsoft facility: the software giant opened its first Transparency Center in its home town of Redmond, Washington last year. And it plans future sites in South America and Asia too.
But with increasing fear, uncertainty and doubt—FUD—being spread about software systems in the wake of the Edward Snowden revelations, attention has turned, as it does cyclically, to persistent rumors that Microsoft is secretly working with the US government to create backdoors in Windows and other systems so that they can aid in law enforcement requests, bypassing encryption and performing other dastardly deeds.
The latest round of stupidity comes courtesy of an alarmist article by The Intercept, which breathlessly explains that “a great many people, particularly in information security circles” simply don’t trust Microsoft software, especially the BitLocker encryption technologies, which are “meant to distract people from the company’s cozy relationship with the government.” (I’m so naïve I thought BitLocker was about protecting customer data.)
Worst, the guileless Intercept article quotes respected security expert Bruce Schneier, who, amazingly, recommends a rival proprietary encryption technology over Microsoft’s because, get this, he “has met people at the company and [has] a good feeling about them.” After all, security is “all about trust,” he notes. Wow.
As proof of Microsoft’s “cozy” relationship with governments, in particular the US government, The Intercept notes that Microsoft has “reportedly” worked “hand-in-glove with the government to provide early access to bugs in Windows and to customer data in its Skype and Outlook.com products.” BitLocker “is known” to have been backdoored by government spies. And that a technology Microsoft removed from BitLocker because of performance and FIPS compliance concerns was in fact done specifically to make BitLocker less secure.
Yes, it’s insane. But like any reputation issue, things that aren’t true can be repeated and become true in the minds of others. This is how all good conspiracy theories work, after all. It just sounds too good not to be true. Of course Microsoft works with the US government. Of course it does.
So now Microsoft is working with EU governments too. Just not in the way that “a great many people, particularly in information security circles,” would believe: it is allowing their technology experts to access the source code for Windows and other products and determine that they’re safe—or not—on their own.