A computer forensics expert and retired federal agent is trying to convince the U.S. government that Windows XP is a threat to national security and its distribution should be postponed.
Michael Anderson, president of New Technologies, says data "scrubbing" features in Windows XP Professional will make it impossible for federal agents and law enforcement to find and reconstruct digital evidence buried on computers, particularly those seized from terrorists.
While Anderson concedes that XP's data "scrubbing" and encrypted file system features are desired by law enforcement and others for keeping data secure, he says the timing of XP is bad.
"This is an intelligence issue," says Anderson, who provides computer forensics training, software and consulting to military and law enforcement agencies. "The government and Microsoft need to think this thing through."
Some security experts are unconvinced, however.
"This may be going a little too far," says Charles Kolodgy, an analyst with market research firm International Data Corp. "Do you ban shredding, burning of paper?" Kolodgy also says the argument is ironic given that Microsoft is often criticized for leaving so many security features disabled by default. Others say privacy is also an issue.
But Anderson, who retired in 1996 from the U.S. Treasury, where he was a special agent, says the government should force Microsoft Corp. to postpone the release of the Professional version of XP in light of the Sept. 11 terrorist attacks. Windows XP launches Oct. 25, ironically, at an event in New York City.
Anderson, whose business is based in Oregon, has detailed his concerns in letters to his state's congressional representatives in Washington, D.C.
A spokesman for Sen. Ron Wyden (D-Ore.), a member of the Select Committee on Intelligence, says the senator was forwarding Anderson's letter to Attorney General John Ashcroft. "We are asking the Justice Department to take a look. We think it is their issue," the spokesman says.
Chuck Guzis, president of Sydex, which develops data conversion and emulation software, also has written to Congress.
"We just need to delay this software," he says. "We don't have the [forensics] tools or methodology in place to combat XP."
Anderson's concerns stem from the fact that even when data is deleted from a computer it still resides on the hard drive for a period of time. This is known as ambient data. Experts can reconstruct ambient data to recover files and e-mails. Such work was done to produce evidence in the trial of Iran-Contra figure Gen. Oliver North and in the Monica Lewinsky scandal.
Windows XP Professional has a feature called data recovery. By default, that mechanism is turned off, meaning that ambient data is "scrubbed" from the hard drive. Anderson says that means terrorists could use it to hide their digital tracks.
"XP will slam the door on all that forensics work," Anderson says. But Microsoft says security in XP as in other Microsoft products isn't created in a vacuum.
"We work with others in the industry and government agencies to develop security policies that take into account law enforcement concerns," says Jim Desler, the corporate spokesman for Microsoft.
He acknowledges that savvy terrorists can use third-party tools, such as Evidence Eraser by Mad Hornet, to stifle forensics work but says Windows XP makes it available by default to anyone buying XP Professional.