Vista's encryption could vex investigators

IDG News Service - Encryption features in Microsoft Corp.'s upcoming operating system release, Windows Vista, could pose tricky challenges for criminal investigators, a Cambridge University professor told British lawmakers earlier this week.
Ross Anderson, professor of security engineering, told Members of Parliament on Tuesday that TPM (Trusted Platform Module) chip sets are used to restrict the downloading of copyright movies and music. But the technology could also lock up data on computers, he said.
TPM chip sets have been widely endorsed by both hardware and software manufacturers to tighten the noose on piracy. Microsoft has said Windows Vista has features that take advantage of TPM chip set capabilities, including full encryption of a computer hard drive. TPM chip sets can store keys, passwords and digital certificates associated with files and content.
"But an unfortunate side effect of this from the point of view of law enforcement is that it's going to be technically fairly seriously difficult to take encrypted material out of the system," Ross told lawmakers.
Anderson's testimony came during a committee hearing concerning the length of pretrial detention of criminal suspects. Supporters of extended pretrial detention have pointed to the varied times needed to extract evidence from a computer.
In an interview, Anderson said Microsoft could produce a version of Vista for law enforcement that would allow investigators to view any documents that have been assigned restrictive viewing rules by a user. Another option would be to include "backdoor" keys that would allow access to encrypted documents, he said.

Microsoft, however, said it will not put any backdoors into Windows Vista or any of its software.

"The whole point about Vista is that everything's always encrypted all the time because that enables you to enforce all these rights management rules," Anderson said. "The idea behind rights management is that the rules are no longer set by the person who owns the computer, but by the person who owns the document."

A cocaine dealer could assign rules to an Excel spreadsheet with details of his December sales that only allow the document to be read by a select few. He could also set an expiration date for the document. When the keys in the TPM chip expire, the document could theoretically never be available again, Anderson said.
That is unless Microsoft has built backdoor key features into Vista, Ross said. So far, it's not clear whether Vista will have those capabilities, he said.
Anderson said he has not examined the latest beta of the Vista operating system that has BitLocker Drive Encryption, thefeature that will be on the enterprise version of the operating system and allows for full encoding of the hard drive.
During the committee hearing, he recommended that the Home Office should talk with Microsoft about encryption issues. According to a report by the British Broadcasting Corporation, the Home Office said it is working with Microsoft on the issue.
A Microsoft spokeswoman said Friday the company is working with U.K. law enforcement to help them understand Vista's security features, but did not give further information.