The unthinkable just happened to Microsoft in China.
China’s Central Government Procurement Center posted a notice on its website about the use of energy-saving products. Embedded in that innocuous notice was a categorical ban on installing Microsoft Windows 8 on any government computer.
The state-owned Xinhua news agency then reported the ban, emphasizing that it was to ensure computer security. Last month Microsoft stopped updating Windows XP, which makes it more vulnerable to viruses and hacking. XP is still installed on about half of the desktops in China, according to Reuters. So a switch to a new operating system will be necessary for security reasons. But it won’t be Windows 8.
Microsoft refused to comment. “Neither the government nor Xinhua elaborated on how the ban supported the use of energy-saving products, or how it ensured security,” Reuters explained.
Microsoft’s sales in China have been strangled for years by competition from bootlegged copies of its software. But this is worse. The ban on installing Windows 8 on government computers likely includes computers of state-owned or state-controlled enterprises, hence much of China’s corporate glory – the largest banks, the defense sector, telecom… plus computers of anyone who wants to follow the government’s security recommendations.
So was this the first strike of a broad array of measures the Chinese government would inflict on American corporations in retaliation for the indictment of five Chinese military officials that the Justice Department had announced with such media-savvy fanfare?
The Chinese are furious about the indictments. And they appear in a peculiar light after the Snowden revelations detailed the extent of NSA’s worldwide, seamless, borderless dragnet that attempts to capture just about anything that anyone – including you and me – is doing, saying, or writing anywhere. Last year, when the Chinese government learned that American hardware and software had been compromised for spying purposes in cooperation with the NSA, it retaliated against IBM [NSA Revelations Kill IBM Hardware Sales in China], Cisco [NSA Spying Crushes US Tech Companies in Emerging Markets (“An Industry Phenomenon,” Says Cisco’s Chambers)], and numerous others. These American companies are still paying the price: crashing revenues in what used to be their growth markets – China, Russia, and Brazil.
But the notice of the ban appeared last week – before the indictments.
It followed the German government’s warning to its agencies last summer not to install Windows 8. The gist is this: Experts at the German Federal Office for Security in Information Technology (BSI), the Ministry of Economic Affairs, and the Federal Administration warned unequivocally against using computers with Windows 8 equipped with the “special surveillance chip” TPM 2.0. One of the documents specified, “Due to the loss of full sovereignty over the information technology, the security objectives of ‘confidentiality’ and ‘integrity’ can no longer be guaranteed.”
Turns out, Windows 8 with TPM 2.0 allows Microsoft to control the computer remotely through a built-in backdoor. Keys to that backdoor are likely accessible to the NSA.
Called ironically “Trusted Computing,” the backdoor was developed by the Trusted Computing Group, founded by AMD, Cisco, HP, IBM, Intel, Microsoft, and Wave Systems. At its core is a chip, the Trusted Platform Module (TPM), that works with Windows. Its purpose is Digital Rights Management and computer security. The system decides what software was legally obtained and allows it to run; and it disables other software, such as bootlegged copies or viruses. The process is governed by Windows, and through remote access, by Microsoft.
What is new about TPM 2.0 is that it’s activated by default when the computer boots up. The user cannot turn it off. Microsoft decides what software can run on the computer, and the user cannot influence it. Windows governs TPM 2.0. What Microsoft does remotely is not visible to the user. Users of Windows 8 with TPM 2.0 surrender control over their machines the moment they turn it on. And there are indications that Microsoft or chip manufacturers pass the backdoor keys to the NSA and allow it to control those computers (my entire report).
That backdoor (with NSA access) is what China was reacting to.
Chinese IT experts had also read about the German warning. It just took them a while to examine the issues, sort out the details, evaluate alternatives, and make a decision. Now they came out not just with a warning, but with a categorical ban on Windows 8. And like Germany, they think Windows 7, which uses the older version of TPM, is still OK.
That Microsoft’s flagship operating system is officially banned from all government computers, and therefore also from millions of computers at state-owned or state-controlled companies, and by inference from computers in critical industries, such as banking, is an elephantine fiasco for Microsoft as it’s trying to grab its share of China’s $324 billion IT market. And other countries, like Russia and Brazil, may follow the Chinese example, as they’ve done before. This time, Microsoft is losing out not because of competition from bootlegged versions of its own products, but because of its cooperation with the NSA.
Would you like to be notified via email when WOLF STREET publishes a new article? Sign up here.