Windows Vista won't have a backdoor that could be used by police forces to get into encrypted files, Microsoft has stressed.
In February, a BBC News story suggested that the government was in discussions with Microsoft over backdoor access to the operating system.
But Microsoft has now quelled the suggestion that law enforcement might get such access.
"Microsoft has not and will not put 'backdoors' into Windows," the company said.
The discussion centres on BitLocker Drive Encryption, a planned security feature for Vista, the update to the Windows operating system. BitLocker encrypts data to protect it if the computer is lost or stolen.
This feature could make it harder for law enforcement agencies to get access to data on seized computers.
"The suggestion is that we are working with governments to create a back door so that they can always access BitLocker-encrypted data," Niels Ferguson, a developer and cryptographer at Microsoft, wrote Thursday on a corporate blog. "Over my dead body," he wrote in his post entitled "Back-door nonsense."
Microsoft is talking to various governments about Vista. However, the talks are about using the new operating system and BitLocker for their own security, Ferguson wrote. "We also get questions from law enforcement organisations. They foresee that they will want to read BitLocker-encrypted data, and they want to be prepared," he wrote.
"Back doors are simply not acceptable," Ferguson wrote. "Besides, they wouldn't find anybody on this team willing to implement and test the back door."
Windows Vista, the successor to Windows XP, is slated to be available by the end of the year.
Talkback
Why would a backdoor be limited to BitLocker? All we hear from Ferguson is that BitLocker by itself make not have a back door and his team will not put that one in. Why would MS use it's own developers for such a sensitive issue requiring the utmost of confidentiality?
Unless the reassurance comes from the top, these assurances aren't worth much. There are too many qualifiers in Ferguson's statement.
Besides, what about Windows Update? It's effectively a backdoor, the difference being that everyone knows about it and signed off on the EULA covering it. It gives MS or its designated representatives full access to the content of the hard drive, even to the extent of being able to read files and change configurations. That level of access would also be available to unauthorized third parites who are able to hijack the Windows Update or key components. With MS' poor track record on security, that scenario is a probability not just a possibility.