The NSA is not the only government agency asking tech companies for help in cracking technology to access user data. Sources say the FBI has a history of requesting digital backdoors, which are generally understood as a hidden vulnerability in a program that would, in theory, let the agency peek into suspects' computers and communications. In 2005, when Microsoft was about to launch BitLocker, its Windows software to encrypt and lock hard drives, the company approached the NSA, its British counterpart the GCHQ and the FBI, among other government and law-enforcement agencies. Microsoft's goal was twofold: get feedback from the agencies, and sell BitLocker to them.
But the FBI, concerned about its ability to fight crime -- specifically, child pornography -- apparently repeatedly asked Microsoft to put a backdoor in the software. A backdoor -- or trapdoor -- is a secret vulnerability that can be exploited to break or circumvent supposedly secure systems. For its part, the FBI categorically denies asking for such access, telling Mashable that the Bureau doesn't ask for backdoors, and that it only serves companies lawful court orders when it needs to access users' data. (And, legally, it would still need a warrant even if a backdoor did exist.) Peter Biddle, the head of the engineering team working on BitLocker at the time, revealed to Mashable the exchanges he had with various government agents. "I was asked multiple times," Biddle told us, confirming that a government agency had inquired about backdoors, though he couldn't remember which one. "And at least once the question was more, 'If we were to officially ask you, what would you say?'" According to two former Microsoft engineers, FBI officials complained that BitLocker would make their jobs harder. "It's going to be really really hard for us to do our jobs if every single person could have this technology. How do we break it?" an FBI agent reportedly said. The story of how the FBI reportedly asked Microsoft to backdoor BitLocker to avoid "going dark," the FBI's term for a potential scenario when encryption makes it impossible to intercept criminals' communications or break into a suspect's computer, provides a snapshot into how U.S. government agencies may try to persuade tech companies to weaken their security products, or even poke a hidden hole to make them wiretap-friendly. Last week, The New York Times, ProPublica, and The Guardian revealed that one of the ways the NSA circumvents Internet cryptography is to ask companies to put backdoors in their products. The FBI is reportedly doing the same in the name of fighting crime, and its persuasion techniques appear to be very similar. According to reports, both the NSA and the FBI are subtle in their requests, which are never formal, written requests, but are usually uttered during casual conversations, almost jokingly. Nico Sell, the founder of the privacy-enhancing app Wickr, was approached by an FBI agent after speaking at the security conference RSA at the end of February, as first reported by CNET. "So are you gonna give us a backdoor?" the agent asked, according to Sell. She declined, and after pressing the agent -- asking him to explain if he had a written request and to reveal his boss -- the agent backed down. Cryptography and security expert Bruce Schneier said he's heard of these same types of tactics from others the government has approached seeking technological backdoors. "It's not an explicit ask, [...] it's an informal, oblique mention, joking conversation, where you're felt out as to whether you're amenable to it," Schneier told Mashable. "If you're amenable to it, that conversation continues, if you're not, it's like it never happened." Schneier is working with The Guardian on new, undisclosed documents provided by NSA leaker Edward Snowden. And he is now looking for whistleblowers in the tech industry who are willing to share their experience with government officials asking for backdoors. Despite the requests being informal, Schneier and other surveillance experts are concerned. "A request is a request," and despite not being illegal, he said, "it's coercive."
