Microsoft’s story is the NSA helped Microsoft with the “Security Compliance Management Toolkit.” The toolkit, which rolled out after Windows 7, allows enterprises, government agencies, and large-scale organizations the ability to manage levels of security risk beyond those of regular users. The NSA is a happy partner in such ventures because of its concerns for cybersecurity.
But there lurks behind the story the NSA’s need for gathering intelligence, which a backdoor into an OS would greatly aid. Cisco, for example, has built into it’s products, such as its Internetworking Operating system (ISO) and VoIP lines, lawful intercept capabilities. (Which require a court order.) It’s not a big leap to conclude that perhaps Microsoft might have done the same.
Some have questioned the wisdom of Microsoft’s working with the NSA, including Marc Rothenberg, the executive director of the Electronics Privacy Information Center (EPIC). Said Rothenberg: “The key problem is that NSA has a dual mission, COMPUSEC, computer security, now called cyber security, and SIGINT, signals intelligence, in other words surveillance.” He added that it might be tough for any company, even Microsoft, to turn down an NSA “suggestion” for a backdoor.
Roger Thompson, chief research officer of AVG, sides with Microsoft. “I can't imagine NSA and Microsoft would do anything deliberate, because the repercussions would be enormous if they got caught,” said Thompson.
For now, Microsoft says it isn’t there. Whether that curbs your paranoia or not is another matter entirely.