Is Windows 8 a Trojan horse for the NSA? The German Government thinks so
Leaked documents lay bare TPM 2.0 worries
The German Government is now deeply suspicious that the Trusted Platform Module (TPM) technology built into a growing number of Windows 8 PCs and tablets is creating a gigantic back door for NSA surveillance, leaked documents have suggested.
Documents from the German Ministry of Economic Affairs obtained by German title Zeit Online uncover the alleged unease of officials at the direction of version 2.0 of the standard being developed under the auspices of the multi-vendor Trusted Computing Group (TCG).
TPM has been marketed as a security and Digital Rights Management (DRM) technology since its appearance in 2006, but version 2.0 would embed a chip on every PC that has complete control over which OS software can and can’t run, a setting not designed to be over-ridden under Windows 8. The chip is also where the cryptographic data is stored for Windows BitLocker and it enables remote administration.
Related Articles on Techworld
Windows 8 security going forward will be founded on TPM 2.0 and the ability to access or break it would be of huge value to any intelligence service.
During TCG meetings, German officials appear to have expressed concern about the potential for abuse but were “rebuffed,” Zeit claims. The documents also refer to the NSA having representation at the meetings and the statement “the NSA agrees” in the context of leaving the technology in its current (presumably unreformed) state.
The full context of this reference is not clear from the Zeit article but the implication is disturbing; the NSA thinks that TPM 2.0 does not offer a barrier to its operations.
German officials, including members of the Federal Office for Information Security (Bundesamt für Sicherheit or BSI) concluded that "the use of trusted Computing technique in this form ... is unacceptable for the federal administration and the operators of critical infrastructure," and would represent a “loss of full sovereignty over information technology."
A second document expresses the belief that TPM 2.0 under Windows 8 is no longer usable while Windows 7 “be operated safely until 2020,” after which alternatives will need to be sourced.
Is the story overblown Teutonic paranoia or a valid concern about the growing power of state surveillance? Until recently, the presumption might have been to the former - TPM offers a number of security benefits after all - but the Snowden affair changed the dimensions of the debate.
The NSA has if not the capability then certainly the ambition to eavesdrop on every communication event on the Internet, and the willingness of large US firm to go along with that, or not, has generated huge controversy. Meanwhile, allegations that Microsoft has co-operated with the NSA to bypass the encryption used in some of its services are a matter of public record.
For cost reasons, TPM is rarely built into consumer PCs although the advent of Windows 8 is supposed to extend version 2.0 to all PCs over time. Newer devices such as Windows 8 tablets and some phones are likely to have a TPM although getting precise data on this is not easy. Linux supports Intel’s TPM 1.0, although unlike 2.0 this can be loaded and unloaded from the endpoint.
Ironically, an expert quoted in the Zeit article goes on to worry that the Chinese Government as well as the NSA might be able to access data through TPM 2.0; many TPM chips are manufactured in the country.
After years of low-level discussion among security experts, worries over surveillance backdoors have suddenly become a mainstream topic. Last month an Australian report claimed that intelligence services in the ‘five eyes’ alliance (the US, UK, Canada, Australia and New Zealand) had refused to use PCs made by Chinese-founded Lenovo over concerns about “backdoor hardware and firmware vulnerabilities.”
Update 25 August: The German BSI subsequently published a statement significantly downplaying the claims made in the Zeit Online article, referring merely to worries over a potential techncial loss of control.