Two weeks ago BBC News published an article speculating about a possible “back door” in BitLocker (http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm). The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data.
Over my dead body.
Well, maybe not literally---I’m not ready to be a martyr quite yet---but certainly not in any product I work on. And I’m not alone in that sentiment. The official line from high up is that we do not create back doors. And in the unlikely situation that we are forced to by law we’ll either announce it publicly or withdraw the entire feature. Back doors are simply not acceptable. Besides, they wouldn’t find anybody on this team willing to implement and test the back door.
We are of course talking to various governments; we want them to buy Vista and use BitLocker for their own security. We get the typical questions you always get: ease of use, performance, security, etc. We also get questions from law enforcement organizations. They foresee that they will want to read BitLocker-encrypted data, and they want to be prepared. Like any security technology BitLocker has its avenues of attack and law enforcement should know about them. For example, if they search a house and find a computer, they should also take all USB thumb drives, as these might contain a BitLocker key. This information is not secret; our users need to have the same information when they make the security vs. convenience tradeoff of choosing a key-protection option (TPM only, USB key, TPM + USB key, etc.) We plan on having a KB article with the details when Vista ships.
- Niels Ferguson (developer & cryptographer)