There have been rumours going around that Microsoft has been cooperating with the US government to build secret backdoors into the upcoming edition of Windows known as Vista to allow easy government access to all of your private data. Well, Arstechnica yesterday did what I think is a pretty good job of putting that particular rumour to rest, primarily with this quote from one of Microsoft’s cryptography programmers.
Over my dead body.
Well, maybe not literally-I’m not ready to be a martyr quite yet-but certainly not in any product I work on. And I’m not alone in that sentiment. The official line from high up is that we do not create back doors. And in the unlikely situation that we are forced to by law we’ll either announce it publicly or withdraw the entire feature. Back doors are simply not acceptable. Besides, they wouldn’t find anybody on this team willing to implement and test the back door.
If you stop and think about it, it’s really a rather absurd idea for Microsoft to add a “feature” like that. It would provide them with no business advantage, since they’re already going to achieve high market penetration based on other features, without having to agree to the NSA’s Big Brother demands.
Now, on the other side we have China. Last year this brief article was published.
Lenovo Group on Monday in Beijing released China’s first security chip – “Hengzhi” which has been approved by the State Encryption Administration and independently developed by the company.
It means that China’s information security-sensitive departments in the government, military and research institutions can now purchase safe PCs independently developed and controlled by Chinese.
According to relevant regulations the design, development and manufacture of China’s encryption chips must rely on independent domestic ability and are forbidden from using relevant foreign products.
Safe Lenovo PCs installed with Hengzhi chips will provide security-sensitive departments in the government, military and research institutions with PC terminals completely developed and controlled by Chinese.
As learned Lenovo will officially launch safe PCs installed with Hengzhi security chips within this year.
You may remember Lenovo as the company that now own’s what was formerly IBM’s popular Thinkpad brand of notebook PCs. What you have probably never heard of, however, is the State Encryption Administration. Unfortunately, little information is avaliable in English about China’s encryption regularions (and I wouldn’t be surprised if much of it isn’t even publicly avaliable in Chinese.) We do know, however, that this group was first created in 2000, and while specifics are unclear, the basic framework implemented by the law was as follows:
Import into the PRC: The import of foreign encryption products will only be permissible if approval has been obtained from the State Encryption Administration
Sale/distribution: Encryption products can only be sold or distributed within the PRC by entities which have acquired special permits. Such permits are unlikely to be granted to non-PRC entities such as foreign invested enterprises.
Manufacture: Restrictions also apply to the type of entities which can manufacture encryption products, and such products will require approval.
End-users: Users of foreign encryption products, in use prior to the introduction of the new law, must have registered such use with the State Encryption Administration by last January 31 2000 in order to continue using such equipment. In addition, unlike PRC entities, foreign users must also obtain approval for the use of encryption products.
What this basically means is that any encryption product imported to, or sold in China requires government approval, and I think it is fairly safe to assume that said approval requires a backdoor of the very same type as the rumoured Microsoft one.
In a wonderful bit of double-speak, another news tidbit describes the hengzhi chip as a “significant breakthrough in the field of trusted computing technology.” I presume that the breakthrough in “trusted computing” would be knowing in advance that you cannot trust your own hardware to protect your secrets no matter what procedures you implement. Clearly this does, in the most pedantic sense, represent a breakthrough of a kind.
This article, also referenced by Ars, has a little more to say.
“Lenovo ships a lot of PCs inside China with a Chinese government chip instead of the TPM,” he says. “We don’t know what it does.”
The obvious fear is that the chip gives the Chinese government the ability to access any encrypted communications, something that seems particularly sinister in light of the recent allegations that American technology companies (in particular Yahoo) have helped the Chinese government locate dissidents. But Anderson emphasizes that these machines are only sold within China. “They’re completely unsuitable for the American market,” he says.
The last part is important. While many of are computers are assembled in China, I don’t think that there is any significant danger that secret Chinese spy chips are installed in your Dell, Apple, or even Lenovo computer. Were such a thing discovered, it would immediately trigger the highest level sanctions against the Chinese government, and probably cripple their subcontracted manufacturing industry overnight. However, it seems to be certain that any new computer you buy inside China will most likely have this chip installed, and even a moderately lower price is not, in my mind, enough to make up for inviting the secret police into your secret documents. It may sound paranoid, but I would strongly caution anyone to reconsider a decision to buy computer hardware in China, and if you want to get a cheaper but well made notebook PC, just save your money for a nice Taiwanese Asus or BenQ .