As the astonishing news that the NSA spent $250M/year on a sabotage program directed against commercial security systems spreads, more details keep emerging. A long and interesting story on Mashable includes an interview with Peter Biddle, an ex-Microsoft security engineer who worked extensively on BitLocker, a full-disk encryption tool with a good reputation that was called into question by the latest leaks. Biddle (disclosure: a friend of mine) describes how he was approached to add a backdoor to BitLocker, and how he rebuffed various government agencies.
In the case of Microsoft, according to the engineers, the requests came in the course of multiple meetings with the FBI. These kinds of meetings were standard at Microsoft, according to both Biddle and another former Microsoft engineer who worked on the BitLocker team, who wanted to remain anonymous due to the sensitivity of the matter.
"I had more meetings with more agencies that I can remember or count," said Biddle.
Biddle said these meetings were so frequent, and with so many different agencies, he doesn't specifically remember if it was the FBI that asked for a backdoor. But the anonymous Microsoft engineer we spoke with confirmed that it was, in fact, the FBI.
During a meeting, an agent complained about BitLocker and expressed his frustration.
"Fuck, you guys are giving us the shaft," the agent said, according to Biddle and the Microsoft engineer, who were both present at the meeting. (Though Biddle insisted he didn't remember which agency he spoke with, he said he remembered this particular exchange.)
Biddle wasn't intimidated. "No, we're not giving you the shaft, we're merely commoditizing the shaft," he responded.
Did the FBI Lean On Microsoft for Access to Its Encryption Software? [Lorenzo Franceschi-Bicchierai/Mashable]
(Image: BitLocker Drive Encryption, a Creative Commons Attribution (2.0) image from jeffwilcox's photostream)
Motherboard has retracted this story: “Correction: This piece was based on the premise that a new piece of WannaCry ransomware spread in the same manner as the one that was responsible for widespread attacks on Friday, and that it did not contain a so-called kill switch. However, after the publication of this article one of […]
For more than a decade, the Electronic Frontier Foundation has been suing the NSA over its extraordinarily broad interpretation of its powers under Section 702 of the FISA Amendments Act — a law that the NSA says gives it the power to spy on Americans any time they mention a foreigner.
The Intercept publishes a previously-unseen set of Snowden docs detailing more than $500,000,000 worth of secret payments by the Japanese government to the NSA, in exchange for access to the NSA’s specialized surveillance capabilities, in likely contravention of Japanese privacy law (the secrecy of the program means that the legality was never debated, so no […]
If you don’t want to get stuck footing the bill for a hit and run, this dashboard-mounted camera offers up to 2K resolution to make sure you always have a reliable witness, and it’s available in the Boing Boing Store for 30% off it’s usual price.The PapaGo mounts unobtrusively to your windshield to see everything […]
While some people still maintain that everything in Apple’s walled garden “just works” and is immune to the rampant malware of the Windows world, the reality is different. The Mac’s growing market share has made it a much more viable target for malicious actors, and its built-in tools aren’t always enough to fix things. Drive […]
Boasting an IPX6 waterproof rating, the Trakk Bullet Ultra Compact Waterproof Bluetooth Speaker resists dust and heavy rainfall. It’s currently available in the Boing Boing Store.The Trakk Bullet offers the same wireless convenience as other portable speakers, but few are built as tough as this one. Its utilitarian construction is designed to be a totally low-maintenance […]