Microsoft Corp has denied accusations that it has built in a backdoor key for the US National Security Agency into the Windows operating system. Andrew Fernandes, chief scientist at Canadian security company Cryptonym Corp, issued a report on Friday claiming that he had come across a digital signing key labeled NSA key in Windows NT – giving potential access to email and other information, such as financial records. Fernandes says he also found another key for Microsoft. Cryponym is a small consulting firm in Ontario, and Fernandes has placed the report on the firm’s web site.
Fernandes had been investigating Microsoft’s CryptoAPI architecture when he says he came across the keys. They apply to Windows 95, 98 and Windows 2000, as well as current versions of NT. Microsoft issued a statement late Friday denying the charges outright, and calling the speculation inaccurate and unfounded. It said the key in question is a Microsoft key. It is maintained and safeguarded by Microsoft, and we have not shared this key with the NSA or any other party, it said, Microsoft has consistently opposed the various key escrow proposals suggested by the government because we don’t believe they are good for consumers, the industry or national security.
Microsoft also said that, contrary to the report, the key in question would not enable security services to be started or stopped without the user’s knowledge. It was labeled NSA key said Microsoft, because NSA is the technical review authority for US export controls, and the key ensures compliance with US export laws. á
