• Great articles on other sites
  • RSS Great articles on other sites

  • Renai's other site: Sci-fi + fantasy book news and reviews
  • RSS Renai LeMay

  • Enterprise IT, Featured, News, Security - Written by on Wednesday, January 29, 2014 13:30 - 5 Comments

    No back door, Microsoft tells Parliament


    news Global technology giant Microsoft has definitively told Australia’s Federal Parliament that it does not have a back door in its software that would allow the company to provide access to the IT infrastructure of the Parliament, which would include private files and emails held by Members of Parliament, Senators and their staff.

    In June last year, UK newspaper the Guardian published classified documents created by the US National Security Agency and leaked by whistleblower Edward Snowden, which stated that the NSA was able to gain “direct access” to the servers of companies such as Google, Facebook, Apple, Microsoft, Yahoo and Skype through a program known as ‘PRISM’. The access allowed US officials to collect information including search history, the content of emails, file transfers and live chats.

    Subsequently, the New York Times reported that the US Government had used the system to collect information on non-US citizens overseas for nearly six years. The revelation of the move has caused outrage online, amongst the general public as well as those specifically interested in digital rights and privacy online.

    In November last year, Greens Communications Spokesperson and Senator Scott Ludlam sharply questioned Department of Parliamentary Services chief information officer Eija Seittenranta, who was appointed CIO in January 2013 to clean up the Parliament’s woeful IT infrastructure, on the issue of whether the reported NSA backdoors had opened up the IT systems of Australia’s Federal Parliament to US interests.

    In responses to some of Ludlam’s questions published this month (PDF) and first reported by The Guardian, the department said based on the available material, the speculation around backdoors in Microsoft software appeared to relate to backdoors in cloud computing products rather than internal environments. “DPS has not been provided with any specific advice that Microsoft products or any other products have been backdoored by foreign intelligence services,” the department wrote.

    It further added that after further investigation and discussions with Microsoft and the Australian Signals Directorate (ASD) regarding backdoor exposures and PRISM: “Microsoft has advised DPS that there is no backdoor within the Microsoft suite of products nor have they made any attempt to source information from the parliamentary network or provide information to any other entity.”

    Microsoft, the department said, has advised that the company complies with all jurisdictional laws in relation to these matters; as well as advising that ASD has been a member of the vendor’s Government Security Program which gives governments controlled access to a variety of Microsoft source code; and ASD has advised that they are not able to provide commentary on intelligence matters and that the application of the Top 35 Information Security Manual (ISM) controls remains the most effective mechanism to treat malware and advanced persistent threats.

    The department added: “Further advice on whether a backdoor exists or not in Microsoft products would more appropriately be directed to Microsoft itself, ASD or the “Reform Government Surveillance group”, an industry cohort of major ICT companies to address the practices and laws regulating government surveillance of individuals and access to their information.”

    The department said it employs a number of intrusion and analysis tools to detect malware and data leakage and that these tools were reviewed to determine if any malware or data leakage was evident in its IT infrastructure environment.

    “DPS did not observe nor detect any data leakage that would indicate the existence of a PRISM related capability,” the department said. “DPS continues to implement the Top 35 ISM controls as part of its ICT security control programme. Whilst these have not been specifically designed to manage against threats such as the PRISM system, they are designed to prevent against intrusions and extraction of data from ICT systems.”

    The department said it understands that the major security risk would be with cloud computing services where organisations’ data travels outside of Australia.

    The department said it could advise “that DPS does not host Parliamentarians’ data in the cloud and that we are taking all reasonable steps to prevent systems such as the alleged PRISM system compromising our ICT environment. Our security tools have not identified any evidence of this style of illicit data collection from the parliamentary network.”

    “DPS will continue to implement ASD controls and any reasonable recommendations that are provided by the IT industry, the Attorney General’s Department or ASD to combat malware and any form of advanced or persistent threat.”

    As I wrote back in November last year, I believe Ludlam was barking up the wrong tree with this one. The important issue here is not so much what Microsoft and the NSA are or are not doing, as this is an issue certainly beyond Seittenranta’s ability to fix, but whether the Federal Parliament’s IT systems themselves are actually adequately funded and secured in general.

    A report published by DPS in October 2012 acknowledged that at that time, the Parliament had widespread problems with IT service delivery and infrastructure, stemming from the fact that it has “no parliament-wide IT strategic plan” and no mechanism for making strategic IT decisions, despite a decade of reports warning of the situation.

    Similar reports published by virtually all of Australia’s State Governments over the past several years have found that all have huge IT security holes that would be trivial to exploit.
    If someone wants to spy on the digital communications and files of an Australian Parliamentarian or their staff, I strongly suspect they do not need to have Microsoft and the NSA on their side to do so. The Parliament’s IT infrastructure is dilapidated enough that an attacked can probably make their own way in. This is the issue Ludlam should be concentrating on — increasing funding to the Department’s IT support operation.

    Image credit: Microsoft, Creative Commons

    Print Friendly


    You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

    1. Ray Herring
      Posted 29/01/2014 at 7:08 pm | Permalink |

      Shame, big shame.

      If they did, maybe we could have gotten access to the unredacted reports of one Malcolm Turnbull, such as the Strategic Review :)

    2. Woolfe
      Posted 30/01/2014 at 8:56 am | Permalink |

      Of course, being that they are a US company, and it appears that much of the ado has been around “secret courts” and “gag orders”. It could be possible that they are not being 100% truthful.

      But as stated, I don’t think they’d honestly need it anyway. Most government security is laughable from my experience.

    3. Ed
      Posted 30/01/2014 at 11:49 am | Permalink |

      Ludlam was way off the mark when he said there was a backdoor. The majority of the media and Ludlam assumed the Guardian info meant that the NSA could just log on, when in fact what they were doing was sniff/tap the unencrypted linked between Microsoft and Google datacenters.

      For places like Parliament that have their own servers hosting their data (rather than Exchange in the cloud), there was no backdoor. But like everyone has said, there’s plenty of poor IT practices that create other trivial vulnerabilities though.

    4. Paul
      Posted 31/01/2014 at 10:43 am | Permalink |

      I believe all https and encryption technologies are interceptable by the gov’s because they are illegal if the USA gov can’t intercept it.
      (Export rules) Just read the export notification sticker on any Cisco product.

    5. Graham Rawolle
      Posted 31/01/2014 at 1:41 pm | Permalink |

      Almost certain there is a backdoor in MS Windows (desktop & server). Just means NSA haven’t felt the need to use it to eavesdrop on the Federal Government.

  • Get our weekly newsletter

    All our stories, just one email a week.

    Email address:

    Follow us on social media

    Use your RSS reader to subscribe to our articles feed or to our comments feed.

  • Most Popular Content

  • Enterprise IT stories

    • Microsoft wants to win you back with Windows 10 windows-10

      The latest version of Microsoft’s Windows operating system will begin rolling out from Wednesday (July 29). And remarkably, Windows 10 will be offered as a free upgrade to those users who already have Windows 7 and 8.1 installed.

    • Qld Govt Depts have no disaster recovery plan brisvegas2

      Two sizable Queensland Government departments have no central disaster recovery plan, the state’s Auditor-General has found, despite the region’s ongoing struggles with extreme weather conditions that have previously knocked out telecommunications and data centre infrastructure.

    • ASD releases Windows 8 hardening guide windows-8-1

      The Australian Signals Directorate appears to have released a guide to hardening Microsoft’s Windows 8 operating system, three years after the software was released for use by corporate customers, and as Microsoft is slated to release its next upgrade, Windows 10.

    • ASG picks up $35m CIMIC IT services deal money

      Perth-headquartered IT services group ASG this week revealed it had picked up a deal worth at least $35 million over five years with CIMIC Group — the massive construction and contracting group previously known as Leighton Holdings.

    • Datacom completes mammoth Health ICT takeover UTP Cat5e Cable with patch panel

      New Zealand-headquartered IT services group Datacom this week announced it has successfully taken over the ICT infrastructure of the Federal Department of Health, in a long-awaited move which has seen the department remove large tranches of work from the hands of long-term outsourcer IBM.

  • News, Policy + Politics - Jul 29, 2015 15:25 - 8 Comments

    Turnbull defends Geelong MP from FTTN critics

    More In Policy + Politics

    Analysis, Enterprise IT - Jul 28, 2015 16:20 - 11 Comments

    Microsoft wants to win you back with Windows 10

    More In Enterprise IT

    Industry, News - Jul 28, 2015 12:37 - 0 Comments

    ICAC to investigate NSW TAFE ICT manager

    More In Industry

    Consumer Tech, News - Jul 29, 2015 17:14 - 0 Comments

    Telstra integrates Netflix, Stan, Presto into re-badged Roku box

    More In Consumer Tech