This was news to me. I had never actually heard that the NSA assisted Microsoft with securing their new operating system. Teaming up with the NSA isn’t a new thing, not only did the National Security Agency assist Microsoft with Windows 7, but also with Vista, XP and Server 2003.
NSA official, Richard Schaeffer confirmed this on a speech delivered on Tuesday in a Senate Subcommittee hearing, “Working in partnership with Microsoft and elements of the Department of Defense, NSA leveraged our unique expertise and operational knowledge of system threats and vulnerabilities to enhance Microsoft’s operating system security guide without constraining the user to perform their everyday tasks, whether those tasks are being performed in the public or private sector,” Richard Schaeffer, the NSA’s information assurance director, told the Senate’s Subcommittee on Terrorism and Homeland Security yesterday as part of a prepared statement.
“All this was done in coordination with the product release, not months or years later during the product lifecycle,” Schaeffer added. “This will improve the adoption of security advice, as it can be implemented during installation and then later managed through the emerging SCAP standards.”
For those unfamiliar with the NSA, it is an outreach of the United States government’s Defense Department created in the 1950′s by Harry S. Truman. Often this organization, in motion pictures and TV, is known to deal with the paranormal (which is possible), but it’s actually responsible for the collection and analysis of foreign communications and foreign signals intelligence. They have also been recently assigned to help defend US government computer systems from attacks.
Many are fearful of NSA’s involvement in the private computing sector because they believe that NSA could enable itself access to personal information by creating “back doors” as Marc Rotenberg, the executive director of the Electronics Privacy Information Center notes. To clear up confusion, one should note that the NSA’s involvement was more consultative to the security in Microsoft’s operating systems. Not to be confused with actually developing software for the OS.
Richard Shaeffer comments were first reported by IDG news.
I’m not sure how I feel about this. At first I thought that it was pretty cool that the NSA had a small part in developing security measures for an OS that I use on a daily basis, but the concerns Rotenberg warns of are substantial and logical. It wouldn’t be the first time we’ve sacrificed some privacy for security here in the states. What do you think?
