
BitLocker uploads device encryption keys to SkyDrive - justcommenting
http://cryptome.org/2014/11/ms-onedrive-nsa-prism.htm
======
UnoriginalGuy
So just two be clear, BitLocker has (at least) two modes of operation, normal
mode where you yourself/your company are responsible for managing your
encryption keys and passive "device encryption" mode which is enabled by
default on many consumer devices (e.g. Surface 3, Surface RT, Windows Phone,
etc).

[http://en.wikipedia.org/wiki/BitLocker#Device_encryption](http://en.wikipedia.org/wiki/BitLocker#Device_encryption)

So the complaint is essentially, an encryption mode which is a freebie on many
devices which traditionally would have no drive encryption at all is somehow
spying for the NSA by uploading decryption keys.

But the problem I have with that line of thinking is: Without device
encryption many devices wouldn't have drive encryption at all and therefore
the NSA (with possession of the device) could trivially retrieve that data.

If you really want NSA-secure BitLocker encryption then why the heck don't you
just set up BitLocker yourself instead of using Microsoft's "feature-limited"
device encryption mode? The key won't be put on OneDrive in that situation.

Also if Microsoft did enable full BitLocker on many consumer devices, do you
really trust your average person to keep their keys safe? Or explain that
there is no forgotten password feature, that their family photos are just
"fucking gone" [0].

[0]
[https://www.youtube.com/watch?v=GWxC8ezE4Dk](https://www.youtube.com/watch?v=GWxC8ezE4Dk)

~~~
justcommenting
> Without device encryption many devices wouldn't have drive encryption at all
> and therefore the NSA (with possession of the device) could trivially
> retrieve that data.

This argument gets to the heart of mass surveillance vs.
targeted/individualized surveillance. I personally prefer a world where
someone would have to do something like steal my device to gain access to my
data to a world where everyone's data is compromised by default _all of the
time_. Maybe that makes me an outlier, but if I had owned one of these
devices, I'd be pretty outraged...not unlike some were in the midst of the
recent iCloud brouhaha.

~~~
smtddr
Nope, you're not an outlier. If someone steals your device, be it random theft
or FBI/NSA storm your home, at least you know exactly what was taken and when
and you probably know why _(fair or otherwise)_. Much better for your state of
mind to know for sure whether or not your data has been taken rather than what
we have now - a constant state of paranoia because none of us really know what
the NSA is up to. For the most part, I just assume any internet-capable device
is compromised. One thing I still suspect is outside of NSA's wide-sweeping
data collecting is proper usage of Steganography.

[http://en.wikipedia.org/wiki/Steganography](http://en.wikipedia.org/wiki/Steganography)

 _> >For example, a sender might start with an innocuous image file and adjust
the color of every 100th pixel to correspond to a letter in the alphabet, a
change so subtle that someone not specifically looking for it is unlikely to
notice it._

I cannot comprehend that the NSA is scanning every image on the internet
looking for patterns like that. If I were planning on some anti-establishment
action, that's what I'd do. It would also be pretty cool for someone to make a
tool that does this automatically. For regular people who just want plain
privacy, keep on whistleblowing, keep on naming and shaming, keep on making
the NSA's strategies not work by posting more and more tools & techniques to
render their surveillance useless.... until we reach some kind of critical
point that even the average-joe can't ignore.

------
higherpurpose
Who needs "nefarious" backdoors, when Microsoft can just present them as
"features" for users, that law enforcement can use just as easily, if not more
so than a backdoor?

I'd love for Microsoft to do out-of-the-box encryption while keeping the keys
in the TPM, in all Windows 10 laptops, just like Android 5.0 and iOS 8.0, but
it's not going to happen. Microsoft has too much of a cozy relationship with
law enforcement to do something like that.

It's not just a coincidence that it is the _first_ company to join PRISM, or
that Skype was added to PRISM not when it was owned by the Swedish, not when
it was owned by eBay, but _the same month_ Microsoft announced its
acquisition.

[http://upload.wikimedia.org/wikipedia/commons/c/c7/Prism_sli...](http://upload.wikimedia.org/wikipedia/commons/c/c7/Prism_slide_5.jpg)

------
cryptolect
This is a wonderful example of NSA meddling. With one hand, Microsoft gives
everyone out-of-box encryption, which it can use to demonstrate how well it's
protecting consumers. With the other hand, by virtue of a 'feature' to assist
consumers, it's providing access to the NSA via SkyDrive copies of encryption
keys. Everyone's happy!

Best of all, enterprise customers don't have a reason to complain, because the
SkyDrive backup 'feature' shouldn't apply to their deployment scenarios. The
only people with a complain are those that use the default option.

We should keep vigilant for these security 'features' that are undermined by
implementation. The NSA has years of practice at this, and we're playing
catchup.

------
mattfrommars
So Onedrive isn't safe? Should I stop using it if I value my privacy?

