Vista's encryption could vex investigators

Encryption features in Microsoft's upcoming OS release, Windows Vista, could pose tricky challenges for criminal investigators, a Cambridge University professor has told British lawmakers.

Professor of security engineering, Ross Anderson, claimed Trusted Platform Module (TPM) chipsets were used to restrict the downloading of copyright movies and music. But the technology could also lock up data on computers.

TPM chipsets have been widely endorsed by both hardware and software manufacturers to tighten the noose on piracy. Microsoft has said Windows Vista has features that take advantage of TPM chipset capabilities, including full encryption of a computer hard drive. TPM chipsets can store keys, passwords and digital certificates associated with files and content.

"But an unfortunate side effect of this from the point of view of law enforcement is that it's going to be technically fairly seriously difficult to take encrypted material out of the system," Anderson said.

His testimony came during a committee hearing concerning the length of pretrial detention of criminal suspects. Supporters of extended pretrial detention have pointed to the varied times needed to extract evidence from a computer.

Anderson said Microsoft could produce a version of Vista for law enforcement that would allow investigators to view any documents that have been assigned restrictive viewing rules by a user.

Another option would be to include backdoor keys that would allow access to encrypted documents, he said.

Microsoft said it would not put any backdoors into Windows Vista or any of its software.

"The whole point about Vista is that everything's always encrypted all the time because that enables you to enforce all these rights management rules," Anderson said. "The idea behind rights management is that the rules are no longer set by the person who owns the computer, but by the person who owns the document."

For example, a cocaine dealer could assign rules to an Excel spreadsheet with details of his December sales that only allow the document to be read by a select few. He could also set an expiration date for the document.

When the keys in the TPM chip expired, the document could theoretically never be available again, Anderson said.

He hadn't examined the latest beta of the Vista OS that had BitLocker Drive Encryption, the feature that would be on the enterprise version of the OS and allows for full encoding of the hard drive. During the committee hearing, Anderson recommended that the Home Office should talk with Microsoft about encryption issues.

According to a report by the British Broadcasting Corporation, the Home Office said it is working with Microsoft on the issue.

In response, a Microsoft spokesperson said the company was working with UK law enforcement to help them understand Vista's security features, but did not give further information.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email Computerworld
• Follow Computerworld on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark