Last year, I wrote about some serious issues with Microsoft's Secure Boot Technology in Windows 8. It seems that the German government has started to wake up to problems with Windows 8, as this headline in Die Zeit attests:
German government warns about Windows 8
More specifically, it's the Trusted Platform Module (TPM) that could cause trouble according to the newspaper:
Windows 8 is an unacceptable security risk for companies and authorities, experts warn the government. So-called "Trusted Computing" is a back door for the NSA.
This was picked up by InvestmentWatch, in a story that was widely linked (including by me.):
According to leaked internal documents from the German Federal Office for Information Security (BSI) that Die Zeit obtained, IT experts figured out that Windows 8, the touch-screen enabled, super-duper, but sales-challenged Microsoft operating system is outright dangerous for data security. It allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA – and in an unintended ironic twist, perhaps even to the Chinese.
Rather unusually, this has prompted Germany's Federal Office for Information Security (BSI in German) to issue a statement about these press reports. Here's a rough translation of the key paragraph:
From the BSI's perspective, the use of Windows 8 combined with TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used. As a result, new risks arise for the user, especially for the federal government and for those providing critical infrastructure. In particular, on hardware running Windows 8 that employs TPM 2.0, unintentional errors of hardware or the operating system, but also errors made by the owner of the IT system, could create conditions that prevent further operation of the system. This can even lead to both the operating system and the hardware employed becoming permanently unusable. Such a situation would not be acceptable for either the federal authorities or for other users. In addition, the newly-established mechanisms can also be used for sabotage by third parties. These risks must to be addressed.
As can be seen from this clarification, we are not dealing with a security vulnerability – unlike an earlier story regarding Microsoft passing zero-day exploits to the NSA for use against governments and companies. Rather, this is about the worrying fact that a system you own might stop working for reasons that are completely beyond your control.
What the German government is saying is something that I have emphasised for many years: that the key benefit of using free software software is not really financial, although it may well be cheaper to run open source systems than proprietary ones, depending on the exact circumstances. Rather, what free software gives is what its name proclaims: freedom. It lets you use your software and system as you wish, not subject to external constraints.
The importance of this aspect is greatly underestimated. After all, no company would accept that it could be told how to use its offices, or that it must buy new company cars when manufacturers order it. And yet that is pretty much what proprietary computer software companies are able to do. The warning from the German government is really just another way of putting this: if you wish to be in control of your systems, do not deploy Windows 8 with TPM 2.0. It's only a pity that the German government didn't take the next step and explicitly recommend the use of open source software to place control firmly in the user's hands.