Thursday, December 5, 2013

FSF responds to Microsoft's privacy and encryption announcement

Yesterday, Microsoft announced a new effort to "[protect] customer data from government snooping."
FSF executive director John Sullivan issued the following statement on Thursday, December 5th:
"Microsoft has made renewed security promises before. In the end, these promises are meaningless. Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure. A lock on your own house to which you do not have the master key is not a security system, it is a jail.
Even on proprietary operating systems like Windows, it is advisable to use free software encryption programs such as GNU Privacy Guard. But when no one except Microsoft can see the operating system code underneath, or fix it when problems are discovered, it is impossible to have a true chain of trust.
If the NSA revelations have taught us anything, it is that journalists, governments, schools, advocacy organizations, companies, and individuals, must be using operating systems whose code can be reviewed and modified without Microsoft or any other third party's blessing. When we don't have that, back doors and privacy violations are inevitable.
While the Microsoft announcement does promise "transparency" to reassure people that there are no back doors in Windows, this is no solution. Transparency in the Windows world normally means self-reports commissioned by Microsoft, or access granted to outsiders covering very limited portions of source code under strict agreements that limit sharing that information.
Freedom and security necessitate not just being allowed a peek at the code. Microsoft has demonstrated time and time again that its definition of a "back door" will not be the same as yours. Noticing that the back door is wide open will do you no good if you are forbidden from shutting it.
The solution after Microsoft's announcement is the same as it was before its announcement. Just like Microsoft's former chief privacy adviser, switch to a free software operating system like GNU/Linux, and don't look back."