Vista’s encryption could vex investigators

News

Feb 17, 20063 mins

EncryptionEnterprise ApplicationsMicrosoft

Encryption features in Microsoft’s upcoming operating system release, Windows Vista, could pose tricky challenges for criminal investigators, a Cambridge University professor told British lawmakers earlier this week.

Ross Anderson, professor of security engineering, told Members of Parliament on Tuesday that Trusted Platform Module (TPM) chipsets are used to restrict the downloading of copyright movies and music. But the technology could also lock up data on computers, he said.

TPM chipsets have been widely endorsed by both hardware and software manufacturers to tighten the noose on piracy. Microsoft has said Windows Vista has features that take advantage of TPM chipset capabilities, including full encryption of a computer hard drive. TPM chipsets can store keys, passwords and digital certificates associated with files and content.

“But an unfortunate side effect of this from the point of view of law enforcement is that it’s going to be technically fairly seriously difficult to take encrypted material out of the system,” Ross told lawmakers.

Ross’ testimony came during a committee hearing concerning the length of pretrial detention of criminal suspects. Supporters of extended pretrial detention have pointed to the varied times needed to extract evidence from a computer.

In an interview Friday, Ross said it remains to be seen if Microsoft will include “backdoor” keys that would allow law enforcement to view documents that have been assigned restrictive viewing rules by a user.

“The whole point about Vista is that everything’s always encrypted all the time because that enables you to enforce all these rights management rules,” Ross said. “The idea behind rights management is that the rules are no longer set by the person who owns the computer, but by the person who owns the document.”

A cocaine dealer could assign rules to an Excel spreadsheet with details of his December sales that only allow the document to be read by a select few. He could also set an expiration date for the document. When the keys in the TPM chip expire, the document could theoretically never be available again, Ross said.

That is unless Microsoft has built backdoor key features into Vista, Ross said. So far, it’s not clear if Vista will have those capabilities, he said.

Ross said he has not examined the latest beta of the Vista OS that has BitLocker Drive Encryption, the feature that will be on the enterprise version of the OS and allows for full encoding of the hard drive.

During the committee hearing, Ross recommended that the Home Office should talk with Microsoft about encryption issues. According to a report by the British Broadcasting Corp., the Home Office said it is working with Microsoft on the issue.

A Microsoft spokeswoman said Friday the company is working with U.K. law enforcement to help them understand Vista’s security features, but did not give further information.