Not-So-Trusted Computing: German Government Worried About Windows 8 Risks

Microsoft’s “trusted computing platform.”

Microsoft’s “secure boot” technology.

The doublespeak almost writes itself these days. Whose “trusted computing”? Whose “platform”? And whose “secure boot”?

At least one government has expressed concerns in internal documents, buttressed by an unusual public statement in response to reports about the leaked documents.

According to German news outlet Die Zeit, internal documents from the Bundesamt fur Sicherheit in der Informationstechnik (Germany’s Federal Office for information Security – BSI) warn that Microsoft Windows 8’s Trusted Computing Platform poses a security risk.

The BSI issued a response, the first paragraph of which acknowledges the news reports; it also refers to an internal paper by the Bundeswirtschaftsministeriums (Germany’s Federal Ministry of Economics and Technology – BMWi) advising caution in using the Trusted Computing Platform. This may not be the first cautionary communication by the BMWi as it is not clear whether the paper referenced by the BSI today is the same internal paper issued on the subject in early 2012.

In the second paragraph, BSI denies it has issued any warning to private or public sector users, though this announcement doesn’t deny a warning might be warranted since government agencies are warning each other internally.

The third paragraph says that the Win 8 TCP (using Trusted Platform Module TPM 2.0) might offer improved security for some groups, though transparency should be offered by the manufacturer.

But the kicker is the fourth paragraph:

“From the BSI’s perspective, the use of Windows 8 combined with TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. As a result, new risks arise for the user, especially for the federal government and for those providing critical infrastructure. In particular, on hardware running Windows 8 that employs TPM 2.0, unintentional errors of hardware or the operating system, but also errors made by the owner of the IT system, could create conditions that prevent further operation of the system. This can even lead to both the operating system and the hardware employed becoming permanently unusable. Such a situation would not be acceptable for either the federal authorities or for other users. In addition, the newly-established mechanisms can also be used for sabotage by third parties. These risks must to be addressed.”[1]

“Loss of control over the operating system” isn’t a minor trifle. This suggests that any and all computers with this “feature” could go rogue and operate in contravention to the owners’ instructions, at the direction of some unseen entity on a network or by injection of an application through thumb drive, disk drive, CD, etc.

This also suggests that a Win 8 system using TPM 2.0 might well reject any attempts to use an alternative operating system — a so-called “secure boot” might cut off any application other than Win 8. For all intents and purposes, a machine with Win 8 and TPM 2.0 will operate to Microsoft’s orders and to the orders of whomever is ordering Microsoft these days. It’s not out of the question that Win 8 systems lacking valid TPM 2.0 might be prevented from accessing the internet or any other network.

Which begs the question: if Windows 8 and TPM 2.0 are installed, whose computer is it?

One of the security risks is exposure to the U.S. National Security Agency’s monitoring programs; yet another risk is the possibility of Stuxnet-like software injections, keeping in mind that Microsoft’s vulnerabilities enabled Stuxnet’s design. BSI does not mention the NSA, but the statement issued is in direct response to media reporting in which Win 8 TPM 2.0 is cited as a backdoor for the NSA.

Yet one more risk is the possibility of exposure to Chinese intelligence; cryptographic expert Professor Rüdiger Weis of Beuth University of Technology in Berlin, noted that all TPM manufacturing resides in China.

The Trusted Computing Platform — originally developed in concert with other technology firms through the Trusted Computing Group — and Microsoft’s Windows Genuine Advantage technology have been questionable all along. What once looked like legitimate verification of legally licensed applications, updates of firmware and driver software, and the ability to push security patches once a month or on an urgent, as-needed basis now looks like a vector for pushing NSA monitoring scripts, among other possibilities.

What information security entities have been checking line-by-line through Microsoft’s monthly Patch Tuesday code for intelligence gathering content? How many users ever bother to ask about the validity of patches, updates, or upgrades, including those which demand driver updates on non-Microsoft peripheral devices? How many users simply accept default settings in any Microsoft application because doing otherwise is a complicated headache, or sets their system up for an application conflict?

Microsoft and in turn the NSA have relied on the inconvenience of questioning anything but default ubiquity to ensure propagation of their technology. With the use of Win 8 TPM 2.0 as a standard for manufacturing, both Microsoft and the NSA may be assured systemic compliance based on unified conformity.

There’s one more avenue for systemic compliance with Win 8 TPM 2.0, as noted in the recent rejiggering of Microsoft’s business structure. With all hardware platforms now reporting to a single Windows manager, all systems will conform to the same standard — all personal computers, netbooks, tablets, and cell phones running the same operating system.

The only questions remaining: when will Microsoft’s Xbox platform migrate to the same Windows standard with regard to TPM 2.0, and how long thereafter will it take the gaming community to begin to walk away from Xbox.

[1] Translated paragraph via Glyn Moody at ComputerworldUK.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.
33 replies
  1. Peasantparty says:

    Thanks, Rayne!

    “With all hardware platforms now reporting to a single Windows manager, all systems will conform to the same standard — all personal computers, netbooks, tablets, and cell phones running the same operating system.”

    That sentence answers part of the questions I had this morning before this news hit. I’m still wondering if the NSA via Microsoft and others, along with cell providers have a different section for foreign communications. I just can’t fathom the Google searches from China being lumped into a big “world” search that day. Maybe it is, maybe it’s not, but NSA should know.

    Oh, and BTW Russia ordered their people to stop using computers all together and go back to typewriters!

  2. lefty665 says:

    “The Trusted Computing Group, the developers of the specification, has faced resistance… The concerns include the abuse of remote validation of software (where the manufacturer — and not the user who owns the computer system — decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.[10]

    In simple words, it removes user’s ability to control the hardware he owns, reducing the device to hardware maker’s stealthy agent.

    It is “Trusted” to hardware manufacturer, but, the same makes it “uncontrollable” for the user – making the user dependent on trust to the manufacturer, or whatever government or authority there is at particular location.” https://en.wikipedia.org/wiki/Trusted_Platform_Module

    A TPM is in almost every notebook built since 2006.

    See also VPro and AMT on Intel based machines that allow out of band (computer turned off) remote access and tools similar to, but more extensive and invasive than, TPM.

    We have been had in many ways. A tip of the hat to all those !@#$%^ Libertarians in the tech business.

  3. earlofhuntingdon says:

    Use a version of Linux. As this comment suggests, do it from a h/d that does not also contain a Windows OS. Be sure that other system components, such as a hardware modem, not a useless Windows software only modem, will work with it.

  4. Rayne says:

    @earlofhuntingdon: Yup. I have Ubuntu installed as a dual-boot on some devices, a Debian-like distro on another, and Ubuntu on thumbdrives.

    Have been wondering if Google will do more with Chromecast as well as Chrome OS in response to this mess.

  5. lefty665 says:

    Rayne, This walk back was published today.
    http://www.bmi.bund.de/SharedDocs/Downloads/DE/Themen/OED_Verwaltung/Informationsgesellschaft/trusted_computing_eng.pdf?__blob=publicationFile

    Regardless, I sure agree, TPM is a stinker. “Trusted Computing Group, a coalition of tech firms founded about a decade ago — including AMD, Cisco, HP, IBM, Intel, Microsoft, and others” (from ZDNet). What’s not to trust in that group?

    We know Microsoft was building in NSA access as far back as Win 95. Getting down to the hardware level with a TPM or Intel AMT/VPro lets them bypass OS. It’s the kind of hack the engineers like.

  6. Rayne says:

    @lefty665: LOL a walkback issued by downloaded PDF? I’ll open it on my compromised Win PC later.

    Germany’s walking both sides carefully, trying not to piss off NSA while telling the public about the threat. Who “leaked” the internal documents so a carefully worded confirmation could be issued? Of course there’d be a walkback later after the truth had been disclosed.

  7. Dredd says:

    Microsoft’s “trusted computing platform.”

    Microsoft’s “secure boot” technology.

    The doublespeak almost writes itself these days. Whose “trusted computing”? Whose “platform”? And whose “secure boot”?

    LOL!

    Unix and VMS afficionados used to think theirs was the heavenly OS.

    Then a hippie astronomer at Lawrence Livermore Labs handed them their reality when he showed them that the source code to VMS had been stolen and they were unaware of it, and an easy way to become super user in Unix was what a certain hacker was doing to them at will.

    The CIA, military bases, NSA, etc. were hacked like rotten bamboo.

    He got a national medal of honor but they learned very little.

    Free link to the book “The Cuckoo’s Egg” which tells the true story that is still true:

    http://blogdredd.blogspot.com/2013/06/a-tale-of-coup-cities-4.html

  8. lefty665 says:

    @Rayne: At least the PDF was written in english. Dunno by whom.

    Don’t kid yourself, everything you’ve got is compromised. Your OS won’t protect you. All you can do is make your gear marginally harder to hack. Remember, NSA’s predecessors were working with ATT/Bell Labs before Unix was a pup. Do you really believe Ubuntu is secure?

    I don’t like Microsoft any better than you do, and always keep a Linux variant box around. But I’ve got no illusions that it (or anything short of renouncing technology) really isolates me. VPro on xBridge based Intel machines gets you even when it is “turned off” regardless of OS. Your browser will bite you too. I presume you saw the zero day exploit they used on Firefox recently. It appears TPM will let apps drive as well as OS. If you’ve got a notebook, TPM hardware is on board.

    NSA has a lot of very bright folks tasked with a mission and with the money to accomplish it. One of the values in Snowden is that we begin to see the breadth, extent and depth of what they have accomplished. They have gone after it all, hardware, software, comm, web. I do not have to like it to be somewhat in awe of the technical accomplishments. Figuring they can be outwitted technically is a mugs game.

    Our hope is to point them back outward, to restore their foreign focused mission and to leave us alone domestically. That is a political process. It has a chance of success.

  9. Rayne says:

    @lefty665: Adobe-format PDFs, no matter the language of the content, are vectors. A download signals more than passing interest. Clearly the walkback was intended to say something through its medium since the original statement was in HTML.

    Linux, whether Ubuntu/Debian/Gentoo/Mandriva/etc. is open; if something gets modded, people will see it, unlike the proprietary walled gardens of MSFT and AAPL. It’s not a cure, only a temporary fix–I have absolutely no illusions about this at all, earned from my years working in corporate sector IT. It does offer additional frustration to anyone poking around who shouldn’t be.

    I am not at all in awe of their accomplishments. They have squandered their resources and used them exactly how? We’ve seen all manner of risks and losses revealed not by intelligence gathering but by accident, attack, or journalism, which means they are not doing the job they have been tasked to do by the public. So what the fuck are they doing? Stealing from us? Still not impressed; the hedge fund guys fucked us for billions and trillions–unless this is the true intent, enabling the masters of the universe so they can continue to fuck our economies into dust.

    We are dealing not with legitimate entities any longer but with criminals who still scurry a little like cockroaches when the lights are flipped on. But they don’t scurry much or they’d never have been so flipping obvious in their persistent attempts to intimidate whistleblowers and their loved ones.

    There is no one solution to this. Every head we cut off the hydra, another grows back. We’re simply going to have upgrade quickly from virtual axes to chainsaws and then water jet.

  10. orionATL says:

    u.s. vs microsoft:

    “… Settlement

    On November 2, 2001, the DOJ reached an agreement with Microsoft to settle the case. The proposed settlement required Microsoft to share its application programming interfaces with third-party companies and appoint a panel of three people who will have full access to Microsoft’s systems, records, and source code for five years in order to ensure compliance.[20] However, the DOJ did not require Microsoft to change any of its code nor prevent Microsoft from tying other software with Windows in the future.

    On August 5, 2002, Microsoft announced that it would make some concessions towards the proposed final settlement ahead of the judge’s verdict.

    On November 1, 2002, Judge Kollar-Kotelly released a judgment accepting most of the proposed DOJ settlement. Nine states (California, Connecticut, Iowa, Florida, Kansas, Minnesota, Utah, Virginia and Massachusetts) and the District of Columbia (which had been pursuing the case together with the DOJ) did not agree with the settlement, arguing that it did not go far enough to curb Microsoft’s anti-competitive business practices.[citation needed]

    On June 30, 2004, the U.S. appeals court unanimously approved the settlement with the Justice Department, rejecting objections that the sanctions were inadequate.[citation needed]

    The dissenting states regarded the settlement as merely a slap on the wrist. Industry pundit Robert X. Cringely believed a breakup was not possible, and that “now the only way Microsoft can die is by suicide.”[21] Andrew Chin, an antitrust law professor at the University of North Carolina at Chapel Hill who assisted Judge Jackson in drafting the findings of fact, wrote that the settlement gave Microsoft “a special antitrust immunity to license Windows and other ‘platform software’ under contractual terms that destroy freedom of competition. Microsoft now enjoys illegitimately acquired monopoly power in the market for Web browser software products.”[22][23][24]

    Eben Moglen noted that the way Microsoft was required to disclose its APIs and protocols was useful only for “interoperating with a Windows Operating System Product”, not for implementing support of those APIs and protocols in any competing operating system.[25]

    Microsoft’s obligations under the settlement, as originally drafted, expired on November 12, 2007.[26] However, Microsoft later “agreed to consent to a two-year extension of part of the Final Judgments” dealing with communications protocol licensing, and that if the plaintiffs later wished to extend those aspects of the settlement even as far as 2012, it would not object. The plaintiffs made clear that the extension was intended to serve only to give the relevant part of the settlement “the opportunity to succeed for the period of time it was intended to cover”, rather than being due to any “pattern of willful and systematic violations”. The court has yet to approve the change in terms as of May 2006.[27]…”

    need more be said?

    courtesy of miss wiki

  11. john francis lee says:

    “Linux, whether Ubuntu/Debian/Gentoo/Mandriva/etc. is open; if something gets modded, people will see it, unlike the proprietary walled gardens of MSFT and AAPL.”

    Yes. It amazes me that apple and google have got people buying their own taps !

    Are they selling self-tapping screws ? or self-screwing taps ?

    Functionally no difference. And people are lining up for ’em !

  12. lefty665 says:

    et tu Ubuntu?

    “…the October release of Ubuntu version 12.10 last October, which features integrated Amazon search within its Dash desktop search bar. As part of that integration, Ubuntu now collects data on its user’s desktop search activity and forwards this to Amazon, a move that prompted Stallman to accuse the OS of “spying on its users”.

    Canonical, the company that develops Ubuntu, has been heavily criticized for integrating the ‘feature’, despite its protestations that all user data is anonymized before being sent to Amazon. The developer says that people can choose to opt out of the service, but nevertheless dozens of angry Ubuntu users have complained that they are now being bombarded by Amazon ads in response to general desktop queries.” http://siliconangle.com/blog/2013/03/25/richard-stallman-slams-ubuntu-over-amazon-integration-calls-it-spyware/

    You can trust your choice of OS right up until you can’t. Canonical and other Linux vendors are just as subject to pressure as everyone else NSA has leaned on, in addition to selling you out for profit.

  13. Rayne says:

    @orionATL: No surprise at all why Groklaw, which covered MSFT’s legal entanglements extensively, pulled the plug, huh?

    @lefty665: I’m a contributor here. How many degrees of separation do you think that is from whatever point the NSA feels it must follow? Dream on? Bah. I dream just before my WinPC decides to power itself on out of the blue at 3:30 am (funny how the Linux box doesn’t do that). I’m not naive. Just angry and disgusted, particularly when there’s more effort spent on pontificating futility than actually doing something constructive like building an alternative mesh network or designing and building “free” devices. Thanks, though, for another fine “resistance is futile” message. Now lead, follow, or get out of the way.

    @john francis lee: There’s virtually nothing untapped. Can you think of something to which you connect a network which isn’t? Consumers are left to pick the tap they prefer; given a choice of Apple, Google, Microsoft, or Facebook, which would anyone choose? I go with the one that uses the most open source software, knowing it’s a matter of picking the lesser of nothing but evils.

  14. Bill Michtom says:

    @lefty665: What you said.
    I’ve long (decades) been working under the assumption that the USG can track everything.Just have to keep trying to change it. Snowden has helped.

  15. Bill Michtom says:

    “which might” … “which might” … “which might”
    Which might NOT!

    I would never count on a system which proclaims it can be trusted (the check is in the mail!), but you’re doing the same thing from the opposite direction. Please don’t go off into the blue without evidence.

    Thanks.

  16. lefty665 says:

    @Rayne: I’m not pontificating on anything, and certainly not advocating futility in all things.

    You’re clearly a very bright bulb, but as I remarked above, trying to beat the NSA at its own game is foolish. You don’t have the resources, and you choose to participate in areas (like this) where NSA can rule the roost. We are all pwnd, and in lots of ways (that’s the awe part).

    Go ahead, sneer about your OS’s superiority. Your favored Ubuntu has sold out your privacy to Amazon, and perhaps to someone else who does not let you know by pestering you with ads. HTML will not make you safe. Do you really believe they do not know how to write tags or inject things into HTML streams at Ft. Meade? You haven’t clicked on anything that includes that pretty NSA seal have you?

    We have recently seen a variety of methods that NSA has used to collect information. You can bet we have not seen them all. So go ahead, build alternate mush networks or “free” devices. What will get you then is something you did not understand was a vulnerability. That is NSA’s stock in trade.

    NSA’s tools were turned inward as a matter of policy after 911. Previous generations of NSAers and Senator Church warned us that is the path to tyranny. That must change, and the way it can change is through legislation and the courts. It will not happen by us geeks laboring feverishly in our basements or over keyboards to outwit NSA.

    What I have said repeatedly is that the issues and solutions are political, not technical. Technical helps us understand what has happened to us and how, political why.

    A decade of laboring in the bowels of the Democratic Party convinced us (wife and I) that change was not going to come from within the Party. We quit and are trying another way. That includes supporting organizations that advocate things we believe in, the ACLU for example, and independent journalists like EW and Consortium News.

    I hang out here because of the bright folks, interesting lawyers, general awareness of the way the political process works, and scarcity of flame wars. Informed discussions in places like this can help create the opportunity for change. That is the opposite of the “resistance is futile” message you wrongly ascribe to me.

    If you look back at my posts over several years you will see that the majority relate to issues of state collection of information and invasions of privacy that have been in the headlines this summer. I can get my head up my ass, but most postings are pretty straight.

    I reject your forced choice. I am not arrogant enough to fancy myself a leader, but I am not following, nor am I in the way of rational discussion.

    What I am here for is an informed and informative dialog with bright folks about the unconstitutional actions we face and constitutional ways to redress them. Differing opinions are the essence of “informative”. We don’t learn much from preaching to the choir.

    You have lots of good things to say, and I read your posts with interest. However, when you veer off from productive commentary into geeky pipe dreams it is not constructive.

  17. lefty665 says:

    @Bill Michtom: What you said back atchya.

    We owe Snowden a huge debt. How huge is demonstrated by things like that the PRISM slides can’t be circulated or discussed openly in Congress because they are classified.

    @earlofhuntington. You’re right. It is amazing how many points have been compromised isn’t it? Firewalls in small modems/routers can easily be hopped. Someone (you?) was discussing the other day that the larger device makers like Cisco are in cahoots. That could be a good thing if the switch was in Kabul rather than Cincinnati.

  18. Mack says:

    There’s a lot going on here and some (IMO) overly simplistic analysis based on personal distrust.
    The main point I took away from the German press release is that user misconfiguration can render the system completely inoperable. As an IT pro with 30+ years experience with multiple operating systems and enough knowledge of network security and encryption, *my* interpretation is that the German government is (likely correctly) lacking in confidence in their key management systems and needs a back door to access data for which the keys have been lost.
    The better your locks, the more you need to make certain you have the keys.
    Anyone who thinks Open Source is more secure without the personal ability to analyze all the code and build their systems from source code is merely making an empirical decision to trust dozens of people they do not know with the keys to their data as opposed to a corporation. Being that they then send that data over a public network most often protected with SSL which is at best moderately ‘secure’… MEH
    The problems and solutions are not technical – they are societal.
    Transparency in our government and the realization that electronic transmissions are inherently insecure are essential for any kind of real ‘privacy’.
    The NSA has been impinging on the 4th Amendment for as long as electronic communications have existed. The real problem is that the legislature has failed any semblance of oversight, and the public is willing to cede privacy for another kind of ‘security’; security theater.
    No matter what technology you choose, you need to be aware of the larger issues. Never send anything in an email you wouldn’t put on a post card. And never send anything encrypted by SSL that you wouldn’t enclose in a paper envelope with water soluble adhesive.
    And if you play with stronger encryption technologies, make certain you know how to manage the keys, because they are orders of magnitude harder to recover.
    If you cannot develop your own encryption technology – you are going to have to trust someone else’s.

  19. Badtux says:

    Unlike a lot of people here, I actually work in the technology industry and furthermore have a) published encryption software and b) worked in the computer security industry. I furthermore was part of the group that opposed President Clinton’s “Clipper” spy chip, which would have put a NSA back door into every device on the Internet. What I see in this thread is a lot of misunderstanding.

    First of all: There is no NSA backdoor in Windows 8. None. Zero. Zilch. The NSA learned their lesson with the Clipper chip where we proved to them that if they put a back door into software and devices, we *would* find it, and if we found it, foreign governments were 100% certain to find it. The NSA isn’t in the business of handing our nation’s commercial secrets to foreign governments, which is what the effect would be of them forcing a NSA backdoor into Windows. They know this. They know it quite well, to their chagrin. We had to force that knowledge up their rear with a 2×4, but they learned.

    So what is the German government’s *REAL* issue with Trusted Computing? Simple. Any software that runs with the trusted computing module enabled must be signed by Microsoft. Microsoft won’t sign viruses, so for us consumers, that means that *finally* we don’t have to worry about viruses taking over our Windows computers, for the first time in known history. But wait. Let’s say you’re a government. You’re a government that has a spy agency. Said spy agency writes a bunch of top secret software. *THAT SOFTWARE WON’T RUN ON WINDOWS 8!* Well, not unless it’s sent to Microsoft to be signed. Which, from the point of view of a top secret spy agency, is no different from posting it on Pirate Bay for the whole world to download, given that the NSA probably has 100% access to anything that Microsoft receives to be signed.

    That’s the real reason why the German government warns their departments against running Windows 8. It’s got nothing to do with a back door that allows the NSA to access your computer — there isn’t one. It has everything to do with the fact that Windows 8 won’t allow them to run their secret squirrel software. Not to mention the possibility of the signing keys somehow being destroyed, which would eventually brick every Windows 8 system on the planet, but that would give them plenty of warning time to switch to whatever arose to replace Windows. But divulging their top secret software to Microsoft? Nuh-uhn. Not happening.

    Finally, regarding whether Linux is secure or not — Linux can be secured quite well. In fact, the NSA runs Linux internally in a locked down mode (note — don’t ask me my source for that, I can’t tell you). What *is* true is that the default configuration of many Linux distributions is not particularly secure. There are network services that should be running in jails that are not running in jails, and there are firewall rules that should be enabled that are not enabled. What *is* true, however, is that the NSA has not put a back door into Linux. Because the source code is available it’s too easy for competent security professionals to check and find one, and there are plenty of us out here in the World who are eager to do just that (because it would be the dumbest, stupidest thing they ever did — we already proved that to them before — and we’d rub their nose in it *again*, in a very public and obnoxious manner).

    And that’s the real story, from someone who’s been on the front lines of the crypto wars (on the side of the angels, not of the government). Take it as you will.

    _BT

  20. Mack says:

    @badtux 99% agree, except for the part where Microsoft won’t sign viruses. Certificates can be stolen/misappropriated (stuxnet anyone?) and Microsoft has been owned in recent memory (through their IOS development area teeheehee)
    But you are spot on as to the real areas of concern.

Comments are closed.