Foundation exec slams Microsoft for 'meaningless' security pledge
- 06 December, 2013 17:17
The Free Software Foundation on Thursday attacked Microsoft for "meaningless" public statements on privacy and security, claiming that Windows is "fundamentally insecure."
Earlier in the week, Microsoft publicly pledged to encrypt customer information being sent between its data centers by the end of 2014, and committed itself to keeping users fully informed about governmental attempts to access their data. Microsoft general counsel Brad Smith also said the company would make its source code more transparent, "making it easier for customers to reassure themselves that our products do not contain back doors."
But FSF executive director John Sullivan attacked those promises, saying they were not sufficient guarantees of any reasonable degree of privacy.
"In the end, these promises are meaningless. Proprietary software like Windows is fundamentally insecure not because of Microsoft's privacy policies but because its code is hidden from the very users whose interests it is supposed to secure," Sullivan said in a public response. "A lock on your own house to which you do not have the master key is not a security system, it is a jail."
Sullivan also said that Microsoft's promises of transparency are "no solution," either, asserting that the company's definition of transparency has been historically very limited and proscribed.
"Freedom and security necessitate not just being allowed a peek at the code," he says. "Noticing that the back door is wide open will do you no good if you are forbidden from shutting it."
Microsoft's statement was widely seen as a response to the NSA scandal that gained new life after former contractor Edward Snowden leaked extensive and damning information that implicates the U.S. government in a huge range of secret data collection, both domestically and internationally.
Sullivan, however, states that the way to protect one's self from governmental snooping is to avoid proprietary software entirely.
"Even on proprietary operating systems like Windows, it is advisable to use free software encryption program such as GNU Privacy Guard. But when no one except Microsoft can see the operating system code underneath, or fix it when problems are discovered, it is impossible to have a true chain of trust," he says.
Email Jon Gold at email@example.com and follow him on Twitter at @NWWJonGold.
Read more about software in Network World's Software section.