Windows 8 could be NSA Trojan, German government warns

The German government has claimed Windows 8 could, when combined with a particular piece of hardware, provide spy agencies with a way into users' machines.

The allegations have been made on German website Zeit Online, which claims to have received a copy of internal documents from the German Ministry of Economic Affairs that voice concern over version 2.0 of the Trusted Platform Module (TPM) that is being developed by the Trusted Computing Group (TCG).

TPM is a specification for a secure cryptoprocessor that can store cryptographic keys and is also used to refer to the chips the specification applies to.

According to Zeit Online, version two of the processor is being built into a growing number of Windows 8 PCs and tablets, meaning it may soon be unavoidable for users not to get a PC with both elements present.

TPM was first introduced in 2006 and is primarily intended to protect against external threats such as hacking, and also provides full disk encryption, as well as password protection.

However, for some time there have been concerns about its privacy protection procedures, particularly from the University of Cambridge.

It is also alleged TPM can be used as a method of digital rights management (DRM) and software license protection and enforcement.

The concerns raised in Zeit Online around TPM 2.0 flag the fact the Trusted Computing functions it delivers are no longer an opt-in, meaning it is no longer possible to disable the TPM, should users wish.

It is also feared the TMP can be used to give the owner of the operating system, in this case Microsoft, control over the machine.

It would appear that the German government's concerns arise not only from the fact this back door exists, but that all choices regarding the way the TMP operates have been taken away from the user.

The documents from the Ministry of Economic Affairs, which date back to 2012, also reportedly suggest the German government attempted to influence the future standards of TPM, but were "simply rebuffed".

However, the NSA was allegedly more successful. Zeit reports that at the last meeting of the TCG and other stakeholders before the document was written, the participants "should be as the NSA agrees'".

Zeit quotes a cryptography expert who has "dealt with trusted computing for many years", who said that, given these revelations, the new TPM standard made computer systems operating under TCG specifications vulnerable on at least three levels.

He also said that given the information brought to light in the Snowden papers "one must assume the NSA could easily compromise the computer ... as could the Chinese if the TPM chips were made in China".

A Microsoft spokesperson told IT Pro: "Since the adoption of the Trustworthy Computing Initiative over 10 years ago, Microsoft has focused relentlessly on the security and privacy of IT users. In (sic) is also important to remember that one cannot have privacy without good security.

"In support of these efforts, Windows has made a fundamental bet on trustworthy hardware and TPM 2.0 is a key component. Based in no small part on lessons learned in the TPM 1.2 timeframe, TPM 2.0 is designed to be on by default with no user interaction required. Since most users accept defaults, requiring the user to enable the TPM will lead to IT users being less secure by default and increase the risk that their privacy will be violated. We believe that government policies promoting this result are ill-advised."

The software giant added that it was also important to note that concerns users have about TPM 2.0 can be addressed. "The first concern, generally expressed as lack of user control,' is not correct as OEMs have the ability to turn off the TPM in x86 machines; thus, purchasers can purchase machines with TPMs disabled (of course, they will also be unable to utilize the security features enabled by the technology). The second concern, generally expressed as lack of user control over choice of operating system, is also incorrect.

"In fact, Windows has been designed so that users can clear/reset the TPM for ownership by another OS of they wish. Many TPM functions can also be used by multiple OSes (including Linux) concurrently," the spokesperson added.

IT Pro was also pointed in the direction of a blog post by Brad Smith, general counsel and executive vice president of the corporate and legal affairs division of Microsoft, by the spokesperson.

The post states: "Microsoft does not provide any government with direct and unfettered access to our customer's data. Microsoft only pulls and then provides the specific data mandated by the relevant legal demand."

IT Pro approached the German Federal Government for comment but had received no response at the time of publication.

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.