35 comments

[ 4.1 ms ] story [ 76.7 ms ] thread
Who needs "nefarious" backdoors, when Microsoft can just present them as "features" for users, that law enforcement can use just as easily, if not more so than a backdoor?

I'd love for Microsoft to do out-of-the-box encryption while keeping the keys in the TPM, in all Windows 10 laptops, just like Android 5.0 and iOS 8.0, but it's not going to happen. Microsoft has too much of a cozy relationship with law enforcement to do something like that.

It's not just a coincidence that it is the first company to join PRISM, or that Skype was added to PRISM not when it was owned by the Swedish, not when it was owned by eBay, but the same month Microsoft announced its acquisition.

http://upload.wikimedia.org/wikipedia/commons/c/c7/Prism_sli...

So just two be clear, BitLocker has (at least) two modes of operation, normal mode where you yourself/your company are responsible for managing your encryption keys and passive "device encryption" mode which is enabled by default on many consumer devices (e.g. Surface 3, Surface RT, Windows Phone, etc).

http://en.wikipedia.org/wiki/BitLocker#Device_encryption

So the complaint is essentially, an encryption mode which is a freebie on many devices which traditionally would have no drive encryption at all is somehow spying for the NSA by uploading decryption keys.

But the problem I have with that line of thinking is: Without device encryption many devices wouldn't have drive encryption at all and therefore the NSA (with possession of the device) could trivially retrieve that data.

If you really want NSA-secure BitLocker encryption then why the heck don't you just set up BitLocker yourself instead of using Microsoft's "feature-limited" device encryption mode? The key won't be put on OneDrive in that situation.

Also if Microsoft did enable full BitLocker on many consumer devices, do you really trust your average person to keep their keys safe? Or explain that there is no forgotten password feature, that their family photos are just "fucking gone" [0].

[0] https://www.youtube.com/watch?v=GWxC8ezE4Dk

The problem is that Microsoft gives users a false sense of security. Marketing speak for this feature is "Your device is always automatically encrypted", which results in users thinking their data is safe. The content is then automatically backed up to Microsoft servers, to which users will not have much of an objection since it's encrypted anyway. But then behind their backs, Microsoft not only stores the encryption keys as a backup but also immediately shares them with the NSA that has full access to those backups.

So basically they fucked up three times: 1. Marketing encryption while it's not safe, 2. Storing accessible backups of your data on their servers and 3. Actively sharing those backups with the NSA.

Out of those, #1 would be an excusable thing that many companies do, #2 is a reason to mistrust them and #3 is a reason never to store anything with Microsoft ever again. It's just not acceptable to take my data, promise me it is encrypted, then lie about it and freely share my data with the NSA whenever they want.

I think you are misunderstanding here.

BitLocker is a full disk encryption system. Under the "device encryption" scheme discussed here, the recovery key is stored on Microsoft servers, but the content remains on the physical device.

I assume if a user was to backup their data using one of Microsoft's other services (e.g. OneDrive), that data would be encrypted under a different regime.

The BitLocker arrangement does provide users with some degree of security, in that an adversary would need access both to the physical device and the recovery keys on Microsoft servers to retrieve a user's data.

PRISM (or NSL, or similar) + ANT (or 0 day hack or other) == compromised drive
I don't understand- how they are lying exactly?

Don't they explicitly ask you if you want to backup your recovery key to the cloud?

Is it really that hard to read prompts and change the default setting to manage your own key backup?

If checking a single radio button is all it takes to NSA-proof your device, I'd say we are in pretty good shape. What is everyone complaining about?

Yes, it is. It is well known that the battleground in all these areas is over what should be "default" settings because most people can't be bothered.
> Without device encryption many devices wouldn't have drive encryption at all and therefore the NSA (with possession of the device) could trivially retrieve that data.

This argument gets to the heart of mass surveillance vs. targeted/individualized surveillance. I personally prefer a world where someone would have to do something like steal my device to gain access to my data to a world where everyone's data is compromised by default all of the time. Maybe that makes me an outlier, but if I had owned one of these devices, I'd be pretty outraged...not unlike some were in the midst of the recent iCloud brouhaha.

Nope, you're not an outlier. If someone steals your device, be it random theft or FBI/NSA storm your home, at least you know exactly what was taken and when and you probably know why(fair or otherwise). Much better for your state of mind to know for sure whether or not your data has been taken rather than what we have now - a constant state of paranoia because none of us really know what the NSA is up to. For the most part, I just assume any internet-capable device is compromised. One thing I still suspect is outside of NSA's wide-sweeping data collecting is proper usage of Steganography.

http://en.wikipedia.org/wiki/Steganography

>>For example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it.

I cannot comprehend that the NSA is scanning every image on the internet looking for patterns like that. If I were planning on some anti-establishment action, that's what I'd do. It would also be pretty cool for someone to make a tool that does this automatically. For regular people who just want plain privacy, keep on whistleblowing, keep on naming and shaming, keep on making the NSA's strategies not work by posting more and more tools & techniques to render their surveillance useless.... until we reach some kind of critical point that even the average-joe can't ignore.

(comment deleted)
(comment deleted)
> I personally prefer a world where someone would have to do something like steal my device to gain access to my data to a world where everyone's data is compromised by default all of the time.

That's a blatant strawman as that isn't what is being discussed here at all.

In BOTH cases (with device encryption or without) the data is held on your device and only on your device. If you choose to upload it to OneDrive/iCloud/Google Drive/etc then that is your business but outside the scope of this "issue."

> Maybe that makes me an outlier, but if I had owned one of these devices, I'd be pretty outraged...not unlike some were in the midst of the recent iCloud brouhaha.

This issue is nothing like that issue. The fact you seem to think it is means you don't really understand this issue or that issue or both.

This issue is that device encryption encrypts your drive, it then backs up your key by default to OneDrive. The data itself is still held on the device encrypted (unless you saved it to OneDrive or copied it into that virtual filesystem).

The iCloud "issue" was that iCloud allowed infinite password guesses against an account without warning the owner or imposing a limit on the number of wrong attempts. iCloud is opt-in (during iOS setup), so people opted to have files stored there.

no. fwiw wrt icloud, i was referring to yosemite uploading certain pieces of user data outside many users' default assumptions about icloud's behavior to draw a general parallel in that some users may feel their trust has been violated when they don't know or understand how these systems behave and then find that out from someone else. i never claimed the systems behaved similarly in a technical sense--only that people might feel similarly.
Microsoft would still be able to access the data on your device remotely without this copy of the key. They would just need to push an update to your phone that pulls the data out when you unlock it yourself.
yes but even in that scenario, someone would presumably need to target my phone. and if large numbers of people were attacked in such a fashion, presumably the chances of detecting such an attack would also go up.

and sure, phones have a huge attack surface in general, but changing defaults in this way makes certain attack scenarios easier, even if it also happens to be convenient for other users.

My point is that the process is basically the same regardless of whether or not you have the key... unless the phone is stolen, of course. That's the case you claim not to be worried about, though.
depends on your counterfactual. for some commenters on this thread, that seems to be storing data in plaintext. for me, the more reasonable counterfactual is a recovery key that i have sole control over, or perhaps an encrypted backup onto a disk i have sole control over.

i think we agree that encrypting data at rest isn't sufficient for keeping private data private, but it may be necessary and is probably beneficial.

for some users, keeping keys in microsoft's cloud may be a good option, but i think that hinges on whether they know and understand the implications of sending their recovery keys to microsoft.

for example, maybe you lose your phone and some pickpocket doesn't grab your data very easily, but maybe the local police force gets your recovery key from microsoft and finds nude photos of your significant other before returning your phone to you. i'd be pretty displeased in that case, even if it helped me get my device back.

i suspect many people storing recovery keys with microsoft don't know that this is happening, and might have made different choices if they knew that and understood some of the implications.

Right, I was trying to speak only to the possibility of getting data off the phone without physically obtaining the device. Those scenarios don't care if the storage is encrypted, and have nothing to do with scenarios where someone else has your phone.
I'm not sure I understand the argument here. Several manufacturers have now implemented on-by-default device encryption with no backdoor. This is not only feasible (in a business and technical sense) but is rapidly becoming the standard. Microsoft's approach is now an outlier. It almost certainly provides a much more vulnerable form of encryption than, say, Apple's and Google's.

You're correct that Microsoft's device encryption is "free" to some extent, and it certainly is more secure than plaintext. That still doesn't mean it's ok to compromise it. At least with plaintext you avoid the performance overhead and associated risks of device encryption. With Microsoft's solution, you oay all the overhead -- and still get a much more limited form of protection.

> Several manufacturers have now implemented on-by-default device encryption with no backdoor.

Both Apple and Google's schemes are predicated on the assumption that you'll have a full phone backup stored in the "cloud." They also offer photo backup and sync other key data.

The whole setup is meant to make an individual phone (and Chromebook) completely hardware agnostic. You lose your old phone? You buy a new one, sign in, wait a bit and like magic it is all set and ready to go.

Windows (and OS X) aren't really designed with that model in mind, so if you lose your keys you may not have your data stored elsewhere (and indefinitely data loss due to a HDD/SSD failure is extremely common).

> With Microsoft's solution, you oay all the overhead -- and still get a much more limited form of protection.

In this context "much more limited" is against: almost every government in the world, private individuals, and against private companies. So, what, like 98%+ of the world's population?

You make it sound like Microsoft's device encryption scheme uses ROT13. Instead they're using industrial strength encryption and your only real criticism is that either someone with a court order or the NSA can potentially gain access.

That's still a huge win for day to day security. If someone breaks into my apartment and steals my laptop, I will be a bit less concerned about potential identity theft as it is reasonable to assume that your average street thief isn't an NSA agent.

Since when can I do a full backup with Google/Android? Let alone store it in some cloud? If this is really possible, how do I do it? There is a backup api that backups stuff the developer of the individual app thinks about storing. And there is adb backup which does backup some stuff of apps that allow it. There are full backup solutions but they are not by Google and they require an unlocked bootloader to install them in the recovery partition or root.

So if you know a full backup solution by Google for Android that does not require root or an unlockes bootloader I'd be interested to hear about it.

> Since when can I do a full backup with Google/Android?

Since at least 4.0? Maybe earlier? I have three full phone backup providers installed by default, Google, Samsung, and one by AT&T (ick).

> Let alone store it in some cloud?

That's the default way to do backups on Android. Look in the "Backup & Reset" sub-menu in settings.

> If this is really possible, how do I do it?

Here's an article from 2012:

http://www.techhive.com/article/248984/how_to_back_up_your_a...

I'm talking about the first style of backup that backs up more than the data types listed in this 2012 article.

Do you realize his questions were mostly rethorical?

> There is a backup api that backups stuff the developer of the individual app thinks about storing. And there is adb backup which does backup some stuff of apps that allow it.

"thinks about storing", "some stuff"... he's criticizing the fact that the backup solution that most Android users rely upon aren't really backing up everything

(The same thing happened years ago with Time Machine on MacOsX, not sure if it improved)

I also realized at restore-time that my backups weren't really comprehensive... so I understand if people are bitter about the currrent state of things

Both Apple and Google's schemes are predicated on the assumption that you'll have a full phone backup stored in the "cloud."

What utter rubbish. You do not need to turn on iCloud backups to use any of the encryption features.

You call it utter rubbish then make a correction to a point I never made. I won't argue with a point I never made. Good day.
> Both Apple and Google's schemes are predicated on the assumption that you'll have a full phone backup stored in the "cloud." They also offer photo backup and sync other key data.

I wouldn't grant that. The whole context of this discussion is related to Microsoft's SkyDrive, which is a free cloud service offered to MS customers. It even provides photo and document backup if you want it. I suppose it may not be as developed as iCloud (for iOS devices) but I don't see a principled difference in the two systems.

Moreover, the purpose of the recovery key doesn't seem to be related to data backup. If your disk fails or you lose your device then there are two cases:

1. You backed up your data, either to the cloud or to an external backup disk. In this case the device encryption and recovery keys become irrelevant. That's because device encryption is only applied to data on internal drives.

2. You didn't back up your data. In this case your recovery keys are useless, since you don't have the data.

So it seems like the use-case for recovery keys is primarily for situations where the user has forgotten his/her password. Saying that Apple/Google don't need to care about this because they have cloud backup (and implicitly MS doesn't) seems like a bit of a cop out.

> In this context "much more limited" is against: almost every government in the world, private individuals, and against private companies. So, what, like 98%+ of the world's population?

Much more limited against someone who can get your computer/tablet/phone and guess a password or some security questions. Don't jump straight to the NSA when your threat model is adequately met by someone who knows that your password is 'Kitty123'.

> Saying that Apple/Google don't need to care about this because they have cloud backup (and implicitly MS doesn't) seems like a bit of a cop out.

No, what people are saying is the average user doesn't store a lot of data on their phone except what they have backed up through a cloud service.

The average user has a ton of data that isn't on the cloud on their local machine, losing all of that because they forgot their password isn't something that the user expects so adding encryption with no backdoor hurts the average user more than it helps.

Bitlocker doesn't back up the keys anymore than you ask it to and it easily enabled if you care about the NSA being able to get ahold of them.

> Much more limited against someone who can get your computer/tablet/phone and guess a password or some security questions. Don't jump straight to the NSA when your threat model is adequately met by someone who knows that your password is 'Kitty123'.

If they know your password no amount of device encryption will protect you, that is why he is ignoring them.

> If they know your password no amount of device encryption will protect you, that is why he is ignoring them.

I can set a 128-bit equivalent password on my computer. I don't know how to ensure that Microsoft's cloud provides equivalent security, given the existence of password recovery mechanisms (SMS, email, security questions and social engineering of MS customer service reps).

But I'm not that familiar with Microsoft's cloud operations. If there is a way, let me know.

Then you shouldn't be using the built in passive method. Turn on bitlocker for real.
OS X's FileVault prompts you to upload your decryption key to Apple in case you lose it when you turn it on. It may be more transparent about it, but I can't speak for how the MS solution actually works.
(comment deleted)
This is a wonderful example of NSA meddling. With one hand, Microsoft gives everyone out-of-box encryption, which it can use to demonstrate how well it's protecting consumers. With the other hand, by virtue of a 'feature' to assist consumers, it's providing access to the NSA via SkyDrive copies of encryption keys. Everyone's happy!

Best of all, enterprise customers don't have a reason to complain, because the SkyDrive backup 'feature' shouldn't apply to their deployment scenarios. The only people with a complain are those that use the default option.

We should keep vigilant for these security 'features' that are undermined by implementation. The NSA has years of practice at this, and we're playing catchup.

So Onedrive isn't safe? Should I stop using it if I value my privacy?
yes. If you value your privacy...stop using anything by Microsoft. Outlook.com as well. Windows is backdoored NSAKEY