Microsoft Windows 7/Vista Law Enforcement Guides

Public Intelligence got a hold of some interesting slides that Microsoft seems to present to law enforcement personnel. Microsoft explains the weaknesses in their privacy/security functions and how law enforcement et al. can leverage them best.

Here are some highlights:

InPrivate

 

Microsoft Law Enforcement Cover Your Tracks

A benefit to law enforcement of InPrivate is that website data for sites added to favorites will be left alone if a box remains ticked.

Microsoft Law Enforcement Tor Project

Not surprisingly, The Tor Project comes up in the presentation (because anyone using Tor must be doing something bad!!), associated with the user name ‘bad guy’.

Microsoft Law Enforcement InPrivate

Common uses of the InPrivate mode include checking e-mail on public computers and “shopping for gifts” on family computers.

Microsoft Law Enforcement InPrivate 3

In a plea to not lose their law enforcement buddies because of the inclusion of these inconveniencing features, Microsoft says that they’re not alone including private browsing functionality, ie. they were forced to do this because the competition was doing it (good job Firefox and Chrome).

Microsoft Law Enforcement InPrivate 2

Bitlocker

Microsoft Law Enforcement Bitlocker

Microsoft says that it’s not all bad, BitLocker isn’t available to any commoner, it “has a number of ‘Recovery’ scenarios that we can exploit”, and that users are scared of encryption.

Microsoft Law Enforcement Bitlocker 2

“We are the good guys!” Who are the bad guys then? The people using encryption/BitLocker?

Microsoft Law Enforcement Forensic First Responders

Virtual PC Undo Disks

Microsoft Law Enforcement Virtual PC Undo Disks

Virtual PC Undo Disks are scary for law enforcement.

Full presentations are here.

Secret SIS Search Warrants and Telco Data Retention

This phone is tapped

The SIS and police confiscated digital devices belonging to Former Fijian cabinet minister Rajesh Singh last week “in connection with an alleged plot to assassinate Fiji’s leader Voreqe Bainimarama”.

A woman from the SIS turned up with three plain clothed police officers and said she had a search warrant. But she couldn’t show Rajesh it or give him a copy because it was classified. Because you know, wanting to know why people are raiding your house is a completely unreasonable request.

Idiot/Savant asks why, if the alleged plot was actually reasonable, was Rajesh or someone else not arrested. @civillibertynz points out that this secret warrant wouldn’t even need to be presented in court later on.

The laptop and phone were returned later in the day, assumedly after being copied. I wonder if the SIS are allowed to install spyware?

Data retention by NZ telecom providers

I also wonder whether they needed physical access to the phone for what they were looking for. Telecom companies here are very vague about how long they keep user data for. It doesn’t seem like customer facing staff (and thus customers) are generally privy to the period of time information is actually kept.

Telecom says text message content is stored for two to three months. Vodafone says up to six months. 2degrees said six months, but that the technical team could access archives further back than that (a detail I wonder if others didn’t mention).

I requested my data from 2Degrees and they sent me every text message I had sent involving 2Degrees (18+ months worth), including nine months of text messages I had sent to 2degrees customers when I was on another network.

I wonder whether in practice this Telecommunications Information Privacy Code rule is being followed:

“A telecommunications agency that holds telecommunications information must not keep that information for longer than is required for the purposes for which the  information may lawfully be used.”

I understand that there’s no legal requirement for telcos to keep a hold of this data at all (section 40).

Whose interests are being served by keeping information for such an unnecessary amount of time, especially when customers have no idea it’s happening?

And whose interests are being served when a secret search warrant is served on an ex-foreign cabinet minister in relation to a dubious overseas assassination plot?

Image credit: tenaciousme