banner
toolbar
September 4, 1999

Why a Small Software Label Raised Eyebrows
For Programmers, a Link to Spy Agency Seemed Likely
By PETER WAYNER
When a group of foreign programmers examining the inside of Microsoft's Windows operating system discovered an undocumented hole in the security software they immediately began wondering if it was put there for the United States government's intelligence gathering branch, the National Security Agency. This was not a difficult leap for them to make because the hole came with a cryptic label "_NSAKEY" attached to it.


Related Article
A Mysterious Component Roils Microsoft
(September 4, 1999)
Andrew Fernandes, a programmer for the Ontario-based company Cryptonym, found the label after following up on the work of an English cryptographic expert, Nicko van Someren. He posted a news release describing his discovery on his company's Web site earlier in the week.

To many who read the release, a link between NSA and the label was understandable, considering that the agency's main job is supporting the Executive Branch and the Department of Defense by gathering electronic intelligence.

The news of the discovery spread quickly over the Internet, where people lapped up the accusation that two of the great leviathans at the center of many digital-age conspiracy theories were caught with such a tight connection. While many doubted that a simple label with a suspicious-sounding name could be proof of any serious link, others assumed the worst.

While there is no immediate danger of information being compromised, it added to the distrust in Microsoft's security prowess, Last week, the Web was aflame with news of the discovery of a serious hole in Hotmail, the company's free Web-based e-mail service.

For the record, Scott Culp, manager of security at Microsoft says that the NSA had no control over the hole in the software.

The bigger and more difficult set of questions is what the hole is doing in Windows, whether it is really fair to consider it a hole, and why it was put there in the first place.

Culp said that the so-called hole is really a feature designed to increase reliability and add a backup in case a powerful natural disaster destroyed Microsoft's buildings, and with them the company's ability to document its Windows software. It was only named "_NSAKEY" because the NSA was responsible for checking Microsoft's implementation of computer security.

The hole is really part of Microsoft's Crypto API (CAPI), a system built into Windows for providing encryption tools to other software packages. API stands for "Application Programmer's Interface," a technique used by programmers to coordinate their work in much the same way that the blueprints let an architect and a team of builders coordinate their work.
Ordinarily, the U.S. government even objects to the existence of systems like the CAPI.

The CAPI lets programmers who know nothing about codes add security to their software, allowing that software to run on computers using the Windows operating system. A Web site, for instance, may ask the CAPI to scramble a credit card number before transmitting it over the Internet. A piece of software storing medical records could use the same CAPI to add privacy.

Ordinarily, APIs are arcane tools that are designed and read only by programmers. Cryptography, however, is a more sensitive matter because the U.S. government treats such software for encoding and decoding messages as munitions that might give a foreign power an edge in a war. Therefore, the government prohibits the export of encryption software.

The United States has gained significant advantages over its enemies in recent wars by breaking their codes, and the Defense Department would not like to lose this advantage over foreign powers. In addition, the Federal Bureau of Investigation is worried that criminals, in the United States and overseas, may use unbreakable encryption to defy investigators looking for evidence.

When Microsoft decided it wanted to add encryption features to Windows, it needed to balance the demands of people like doctors asking for ways to protect their patient's records with the demands of the government's regulatory apparatus seeking to preserve their eavesdropping ability.

Microsoft's solution was to ship no encryption features with Windows itself, but build a generic system that allowed all users to load their own encryption software modules. Ordinarily, the U.S. government even objects to the existence of systems like the CAPI, which are also known as "software hooks," where someone might attach encryption software. The government believes that even the existence of something like the CAPI would make it easier for foreigners to scramble the data with Microsoft Windows.

To solve these objections, Microsoft designed the CAPI mechanism to check all modules to see if they bore a special digital signature. The CAPI uses digital signatures to check out the provenance of the modules that might be installed. Anyone who wants to add scrambling abilities to their copy of Windows must first apply to Microsoft and get approval after promising never to export the software and violate U.S. law. When all of the forms are filled out, Microsoft gives its approval by applying a digital signature to the encryption module.

Digital signatures are verified by using public keys, long numbers that are generated by a complicated mathematical technique. These keys act like the equivalent of a driver's license or a signature card kept on file at a bank. Each copy of Windows keeps a set of public keys and uses them to insure that the digital signatures were, in fact, created by Microsoft.

When the CAPI comes across a new encryption module, it checks the digital signatures with a public key. If the mathematics work out, Windows approves the module and allows the user to encode and decode information at will.

This solution allowed Microsoft to bundle in features for cryptography while shipping the same version of Windows throughout the world. Ideally, only people in the United States would get high-quality protection because Microsoft would add digital signatures only to software that was not going to leave the United States.

This much was known publicly since Microsoft introduced the CAPI. Last year, van Someren, a scientist at the English company nCipher, discovered that there were really two public keys, or signature cards, inside Windows. That meant two entities could create digital signatures. One was definitely Microsoft, but no one knew the identity of the other.

This summer, Fernandes discovered that Microsoft had inadvertently left some debugging information bound into the latest version of some software patches for Windows NT. Patches are new pieces of software that fix problems with previously released software. Programmers attach name tags to different pieces of data and use these tags to help find bugs, but they usually strip out the name tags to save space and avoid releasing competitive information. Fernandes discovered that the debugging name tags had not been stripped away and the first key came with the name "_KEY". The second key came with the tag "_NSAKEY". Fernandes also discovered that the new beta versions of Windows 2000 came with three keys.

Culp said that while the two keys do give two entities the ability to certify encryption modules, there is no reason to fear that the NSA controls one. Microsoft controls both so they would have a backup, he said.

Matt Blaze, a security expert for AT&T, said that this argument makes sense if Microsoft stores its copies of the key in tamperproof hardware. These devices are designed to resist attacks by erasing the key. "If you're doing that, and your hardware gets destroyed by an earthquake or a fire, then you would never get that key back," he said in a telephone interview. The box would assume that the earthquake or lightening storm was really an attacker trying to get at the key. It would immediately forget it as a defense.

Culp says that both keys are kept in tamperproof boxes behind barbed wire in separate parts of the country, but he would not say where.

Still, Microsoft's explanations have not quieted the speculation on the Internet. Most critics are still worried about the possibility that the technique would allow whoever holds this second key to slip broken encryption software onto someone's computer. The Clinton Administration is currently lobbying Congress to get permission to do just this with suspected gangsters and drug runners. A slightly broken encryption mechanism would allow them to surreptitiously decode the messages. Whoever holds the second key would have the power to create such a broken mechanism.

Bruce Schneier, a security expert at Counterpane Systems, dismissed this possibility. "There are much better ways of compromising security on a computer," he said.

But Schneier conceded that bugging the encryption module used by CAPI and simply eavesdropping on all communication would be a subtle attack that would be less likely to be detected.

Many point out that if this approach was taken by the NSA, it would not be the first time. The Baltimore Sun reported in 1995 that the NSA had secretly subverted the encryption hardware of a Swiss company, Crypto AG.

Still, Blaze said that the existence of two or three keys is not best explained by a secret government backdoor. "It would be much easier to convince Microsoft to tell them the secret key," he said.

The existence of both _KEY and _NSAKEY has also inadvertently introduced a loophole in the mechanism to reduce the proliferation of export control software. Van Someren originally began looking for the key in the hopes of replacing it with one of his own. He could not approach Microsoft and get them to validate his cryptographic software because he works in Britain.

If someone simply replaces _KEY, Windows will fail to start up because _KEY is used to validate other parts of the Windows security software. Replacing _NSAKEY, on the other hand, makes it possible for anyone outside the United States to use the CAPI without problems. Cryponym is currently distributing a program that demonstrates how to do this.

Today, van Someren uses the technique in Britain to experiment with building tools for Windows NT and insuring that his company, nCipher, can create software and hardware that works well with Microsoft's. The mechanism designed to enforce the export rules has failed because of the extra key.

Fernandes said, "Export control is effectively dead for Windows. "

Related Sites
These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability.

Peter Wayner at pwayner@nytimes.com welcomes your comments and suggestions.

Home | Site Index | Site Search | Forums | Archives | Marketplace

Quick News | Page One Plus | International | National/N.Y. | Business | Technology | Science | Sports | Weather | Editorial | Op-Ed | Arts | Automobiles | Books | Diversions | Job Market | Real Estate | Travel

Help/Feedback | Classifieds | Services | New York Today

Copyright 1999 The New York Times Company