Microsoft Gives Backdoor to Law Enforcement -- Well, Not Really - Via Threat Level:

Admit it. You always thought Microsoft had put a backdoor into its operating system to allow law enforcement agents to worm their way into your computer.

Now the proof is here. At least that's how some readers are interpreting a story out yesterday about a forensic tool that Microsoft is providing crime-stoppers to help them extract evidence from computers seized at crime scenes.

The Computer Online Forensic Evidence Extractor, or COFEE, is a USB memory stick that was "quietly distributed" to a handful of law-enforcement agencies last June, according to Seattle Times tech reporter Benjamin Romano. Romano says the portable device can "decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer."

This was enough to prompt a reader at TechDirt to conclude that the device is using a backdoor that Microsoft built into its operating system for law enforcement to bypass the Windows BitLocker encryption.

Apparently, they're giving out special USB keys that simply get around Microsoft's security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop. While you can understand why police like this, the very fact that the backdoor is there and that a bunch of these USB keys are out there pretty much guarantees that those with nefarious intent also have such keys.

In reality, COFEE doesn't need a backdoor to operate. And it's not a USB memory stick, although agents use a memory stick to run the tool on targeted machines.

COFEE, according to forensic folk who have used it, is simply a suite of 150 bundled off-the-shelf forensic tools that run from a script. None of the tools are new or were created by Microsoft. Microsoft simply combined existing programs into a portable tool that can be used in the field before agents bring a computer back to their forensic lab.

Microsoft wouldn't disclose which tools are in the suite other than that they're all publicly available, but a forensic expert told me that when he tested the product last year it included standard forensic products like Windows Forensic Toolchest (WFT) and RootkitRevealer.

With COFEE, a forensic agent can select, through the interface, which of the 150 investigative tools he wants to run on a targeted machine. COFEE creates a script and copies it to the USB device which is then plugged into the targeted machine. The advantage is that instead of having to run each tool separately, a forensic investigator can run them all through the script much more quickly and can also grab information (such as data temporarily stored in RAM or network connection information) that might otherwise be lost if he had to disconnect a machine and drag it to a forensics lab before he could examine it.

I asked Microsoft about the backdoor charge that critics are making about COFEE. Tim Cranton, the company associate general counsel, said in an e-mail statement that "COFEE does not circumvent Windows Vista BitLocker encryption or undermine any protections in Windows through secret 'backdoors' or other undocumented means."

Microsoft described the password tool in COFEE as "a publicly available password security auditing technology, such as rainbow tables." The company added that U.S. law enforcement agents using COFEE would be expected to do so "with proper legal authority" -- meaning a search warrant.

Given the federal appeals court ruling last week that allows U.S. border agents to now search the contents of a laptop without probable cause, it may not be long before DHS border agents are armed with COFEE-enabled USB sticks.

(Read Original Article - Via Threat Level.)