How the feds asked Microsoft to backdoor BitLocker, their full-disk encryption tool



As the astonishing news that the NSA spent $250M/year on a sabotage program directed against commercial security systems spreads, more details keep emerging. A long and interesting story on Mashable includes an interview with Peter Biddle, an ex-Microsoft security engineer who worked extensively on BitLocker, a full-disk encryption tool with a good reputation that was called into question by the latest leaks. Biddle (disclosure: a friend of mine) describes how he was approached to add a backdoor to BitLocker, and how he rebuffed various government agencies.

In the case of Microsoft, according to the engineers, the requests came in the course of multiple meetings with the FBI. These kinds of meetings were standard at Microsoft, according to both Biddle and another former Microsoft engineer who worked on the BitLocker team, who wanted to remain anonymous due to the sensitivity of the matter.

"I had more meetings with more agencies that I can remember or count," said Biddle.

Biddle said these meetings were so frequent, and with so many different agencies, he doesn't specifically remember if it was the FBI that asked for a backdoor. But the anonymous Microsoft engineer we spoke with confirmed that it was, in fact, the FBI.

During a meeting, an agent complained about BitLocker and expressed his frustration.

"Fuck, you guys are giving us the shaft," the agent said, according to Biddle and the Microsoft engineer, who were both present at the meeting. (Though Biddle insisted he didn't remember which agency he spoke with, he said he remembered this particular exchange.)

Biddle wasn't intimidated. "No, we're not giving you the shaft, we're merely commoditizing the shaft," he responded.


Did the FBI Lean On Microsoft for Access to Its Encryption Software? [Lorenzo Franceschi-Bicchierai/Mashable]

(Thanks, Peter!)

(Image: BitLocker Drive Encryption, a Creative Commons Attribution (2.0) image from jeffwilcox's photostream)