Earlier this week, I wrote about an online piece on the Zeit web site, authored by Patrick Beuth. In the article, Patrick took some huge leaps of imagination to say that the German government was warning its citizens against using Windows 8 with the Trusted Platform Module. In essence, Patrick suggested that because the TPM chips were made in China, and the NSA had supposedly worked with Microsoft on Windows 8 to construct a backdoor, the US government and China are attempting to take over Germany and the world.
Over the past few days, I've had conversations about this over email and Twitter, and the talk has been interesting. Some have taken Patrick's far reaching article to be law. If you take a look at Patrick's Zeit article profile HEREyou'll see that he has a habit of taking news coverage to the extreme and spends a lot of time inserting his imagination into real news.
There's been enough backlash on Patrick's article that the German Federal Office for security in information technology has provided an actual press release to set the story straight. The press release is HERE, but I've included the translated bits below.
The press release states that the German government did not warn against using Windows 8. It only highlighted that steps needed to be taken to ensure that Windows 8, with TPM, provided a safe computing environment. And, with the right combination of settings, Windows 8 and TPM would guarantee a huge security gain.
Patrick's article cited an internal paper from early 2012, written by the German Ministry of Economic Affairs. I'm assuming since the paper was an internal document, Patrick wasn't supposed to see it. Or, the German government is just a lot more transparent than the current US administration. Whatever the case, one has to wonder how Patrick was able to obtain the document and use quotes like "the use of 'trusted computing'-technology in this expression is... not to accept the Federal Administration and the operators of critical infrastructures." And, you also have to wonder what other internal documents Patrick has access to and if we could be on the very tip of Germany's own Snowden Incident.
German Press Release
Opinion of the BSI to the current reporting on MS Windows 8 and TPM
Media reporting module (TPM) currently on the subject of Windows 8 and trusted platform, that the Federal Government would warn against Windows 8. Reporting according to keep "Professionals of Federal Windows 8 to be downright dangerous". In media referred to among other things on a paper of the Federal Ministry of Economics (BMWi) and stated: "The experts responsible in the Federal Ministry of Economics, the Federal Administration and the BSI because also unequivocally warn the use of trusted computing, the new generation of German authorities."
This explains the Bundesamt für Sicherheit in der Informationstechnik (BSI):
The BSI warns a usage of Windows 8, the public, German companies nor the Federal Administration. The BSI is currently however some critical aspects relating to specific usage scenarios, powered Windows 8 in combination with a hardware has a TPM 2.0.
For certain groups of users, the use of Windows 8 in combination with a TPM can mean quite a security gain. These include users who can take care not about the security of their systems for a variety of reasons, or want to, but trust the manufacturer of the system, that this is a safe solution provides and maintains. This is a legitimate usage scenario, the manufacturer should make but sufficient transparency about the possible limitations of the provided architecture and possible consequences of the use.
From the perspective of the BSI, the use of Windows 8 in combination goes hand in hand with a TPM 2.0 with a loss of control over the operating system and the hardware used. New risks resulting for the user, especially for the Federal Administration and critical infrastructures. In particular the IT system error status can be caused on hardware that is operated with a TPM 2.0 with Windows 8 by unintended failure of hardware or operating system manufacturer, but also the owner, prevent further operation of the system. May cause as much, that the used hardware is permanently no longer can be used in case of failure in addition to the operating system. Such a situation would be acceptable for the Federal Administration, nor for other users. The newly established mechanisms can also be used third party for acts of sabotage. These risks must be addressed.
The BSI believes the complete control of the applied information technology, which includes a conscious opt-in as well as the possibility of a later opt, as a fundamental prerequisite for a responsible use of hardware and operating systems. The Federal Government has formulated in its key issues paper on trusted computing and secure boat associated operating systems and hardware requirements.
Generally should be allows IT users to maintain a self-determined and autonomous dealing with information technology. This example also the possibility to use alternative operating systems and applications at its sole discretion.
So that those conditions still can be achieved with Windows and the trusted platform modules, the BSI with the Trusted Computing Group as well as with the manufacturers of operating systems and hardware in Exchange is to find appropriate solutions for users, as well as for use in the Federal Administration and in critical infrastructure.