Privacy organisaties verwerpen Bill's verklaring over de aanwezigheid van de NSA 'backup' key in Microsoft's Cryptographic API (MS-CAPI - check deze nieuwsposting voor het geval je het verhaaltje niet kent - in het kort komt het erop neer dat Microsoft voor de US National Security Agency een achterdeurtje in de beveiliging van MS-CAPI zouden hebben ingebouwd). Techweb heeft er een nieuwsbericht over:
But director of the London-based Foundation for Information Policy Research ( FIPR ), Caspar Bowden said: "Building in a 'back up' key makes no sense unless there is a revocation method for the primary (key). There is no revocation method."Microsoft said the back-up key was there should the original ever be lost due to a natural disaster. The company also acknowledged the name of the key was "unfortunate".
"I don't believe them -- what kind of natural disaster are they talking about? A meteor destroying all the earth's structures?" said Privacy International director general, Simon Davies."Microsoft's argument is inconsistent with its operating procedure -- it could hold a single key in multiple locations, that is a standard security procedure." He added that to compromise user security, "it's not necessary to share access with the NSA -- simply complying with their requirements will do that."
