Microsoft denies handing law enforcement 'backdoor' keys

Some bloggers this week are suggesting that Microsoft is handing out "backdoor keys" to Windows security to police officers. Although Microsoft is denying the bulk of the rumors, a full explanation still seems a bit elusive.

In a statement to BetaNews this afternoon, a Microsoft spokesperson denied that a technology unveiled at a law enforcement conference in Seattle on Monday would be used to equip officers and investigators with "backdoors" into Windows systems, as various blogs and news sources have since speculated.

"COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means," reads Microsoft's explanation to BetaNews today.


During that Monday conference, a Microsoft executive introduced attendees to a new tool called the Computer Online Forensic Evidence Extractor (COFEE), saying that Microsoft has distributed the USB drive to about 2,000 law enforcement officers in 15 countries since its introduction last June.

According to a transcript of the talk at the Law Enforcement Technology Conference 2008, posted on Microsoft's Web site, Brad Smith, Microsoft VP and general counsel, described COFEE as "a Swiss Army knife [for] law enforcement officers."

Smith went on to say that the USB fob contains 150 software tools aimed at helping police with the job of forensics, or crime investigation.

"It can be programmed to do all of the work automatically, in which case it can do what it needs to do in about 20 minutes, instead of four hours. But we also designed it to be a platform, if you will, so you are your colleagues can customize it further, if you like," according to the general counsel.

On Tuesday, the Seattle Times published an article based on an interview between Smith and Benjamin J. Romano, a technology reporter at the newspaper.

"The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer," Romano wrote in his article.

Soon afterward, a blogger for Techdirt posted an entry, evidently based on an e-mail from a Techdirt reader, which seemed to blow COFEE's capabilities out of proportion.

"Apparently, they're giving out special USB keys that simply get around Microsoft's security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop," wrote Techdirt's Mike Masnick. He went on to refer to the pathway Microsoft was allegedly making available to law enforcement as a "backdoor," adding that the fact that it's giving law enforcement a key to this door is validation that such a door exists.

"Now you have more evidence as to why trusting Microsoft's 'security' isn't such a good idea," Masnick added.

The key presumption here was that the security which Microsoft was helping law enforcement officials to break through, was Microsoft's own security rather than to the dozens of other possible password caches in third-party Windows software.

Others then jumped on the "backdoor" bandwagon. "The security specialists at Microsoft, not satisfied with just how insecure their operating systems have turned out, have unveiled a USB dongle that plugs into a computer, bypasses any Windows passwords or encryption, and quickly downloads sensitive data such as your Web browsing history," according to a posting in Valleywag.

But although Romano did mention password decryption in his Seattle Times article, he didn't say anything about any other type of encryption or decryption -- such as the BitLocker encryption included in Vista for encrypting users' hard drives -- or anything specifically about a "backdoor." Nor did Romano talk about a "backdoor."

Similarly, Microsoft's Smith didn't touch specifically on encryption or decryption in his speech to the police. He did bring up "backdoors," but with regard to online criminal exploits rather than anything law enforcement would use.

According to Smith, new exploits are being produced consisting of "a mixture of Web 1.0 and Web 2.0 technologies as people create new sorts of efforts to create backdoors, to drop code onto people's PCs, and to keep those backdoors there, and then use other Web sites to send instructions to people's machines. [This is] also leading to new forms of phishing, if you will."

In more recent updates to his article in the Seattle Times, Romano tried to cut through some of the confusion. "Today's story on a Microsoft device that helps law enforcement gather forensic evidence from a crime suspect's computer has garnered lots of attention and raised questions about [exactly how] it works and what it is able to do," he wrote.

"It sounds to me that like the device doesn't do anything that a trained computer forensics expert can't already do. This just automates the execution of the commands for data extraction," according to Romano.

Romano further updated his story with excerpts from a written statement he received from a Microsoft spokesperson, which reportedly stated that "COFEE is a compilation of publicly available forensics tools, such as 'password security auditing technologies' used to access information 'on a live Windows system.' It 'does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means.'"

Today, Microsoft sent BetaNews another statement, which similarly denies both a "backdoor" and any circumvention of BitLocker encryption. But the statement given to BetaNews contains no mention of the kinds of "password security auditing technologies" that might conceivably be used to recover (or uncover?) user passwords.

When asked by BetaNews for comment on the use of password auditing technologies in COFEE, the spokesperson said only that Microsoft would be "back in touch when there is more information to share" on this question.

Presented to BetaNews as Microsoft's most current word on the subject of COFEE, the statement reads as follows:

COFEE (Computer Online Forensic Evidence Extractor) is a framework for first-responders to customize a set of common forensic tools. It is a framework that law enforcement can use to leverage publically available forensic tools to access information on a live Windows system operating from a USB storage device. The tool allows law enforcement to run over 150 commands on a live computer system and save the results for later analysis, preserving information that could be lost if the computer had to be shut down and transported to a lab.

COFEE is designed for use by law enforcement only with proper legal authority. COFEE is not new forensic tools, but rather the creation of an easy to use, automated forensic tool at the scene. It's the ease of use, speed, and consistency of evidence extraction that is key.

COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means.

53 Responses to Microsoft denies handing law enforcement 'backdoor' keys

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.