Built-in backdoor: German govt warns of significant TPM security danger

Original title: Built-in backdoor: German govt warns of significant Windows 8 security danger

Leaked documents from the German Federal Office for Information
Security (BSI) indicate that the organization has become suspicious of
Trusted Platform Module (TPM) technology built into an increasing number
of Windows 8 PCs and tablets.

Documents uncovered and leaked by German news outlet Zeit Online
found that the German Ministry of Economic Affairs was displaying
significant unease with the combined technologies, suggesting the
possibility that a backdoor could be created for further covert
NSA surveillance operations.

The backdoor in question would allow Microsoft to control the
computer remotely. “Trusted Computing,” a method developed and
promoted by the Trusted Computing Group, is nothing new - fears
were being aired over its capabilities and potential as early its
founding in 1999.

TPM appeared in 2006 as security technology. However, version 2.0
would implant a chip on every single PC, allowing it to control
which programs could and couldn’t be executed because under
Windows 8, there is no override. The users thus basically
surrender control over their computers.

One of the documents retrieved by Zeit Online found that BSI
stated that “unconditional, complete confidence” in
Trusted Computing by stipulations of TPM 2.0 was not possible.
Trusted Computing cultivated specifications for how the chip
would work with operating systems.

Another document from early 2012 mourned the fact that “due to
the loss of full sovereignty over the information technology, the
security objectives of ‘confidentiality’ and ‘integrity’ can no
longer be guaranteed.”

While not fully clear on the specifics, the documents appear to
indicate that the NSA had some form of representation at the TCG
meetings – during which German officials were also present -
saying that they were in favor of leaving the technology in its
existing state, without any changes being necessary. This
suggests that the NSA does not see TPM 2.0 as hindering its
operations.

A Snowden leak from July this year showed how Microsoft worked
hand-in-hand with the United States government in order to allow
federal investigators to bypass encryption mechanisms meant to
protect the privacy of millions.

Penton’s Windows IT Pro trade publication pointed out that Zeit
Online “seem[ed] to be using a bit of imagination to connect
the dots and maybe the German government has other ideas.”

In a press statement released late Wednesday, the BSI insisted
that “From the perspective of the BSI, the use of Windows 8 in
combination with a TPM 2.0 is accompanied by a loss of control
over the operating system and the hardware used.”

Source: rt.com/news/windows-8-nsa-germany-862/
Further reading: en.wikipedia.org/wiki/Trusted_Platform_Module

Personal comment:
The chip in itself would permit "secure" remote access (among many other things), potentially without consent. This also requires the cooperation of the "trusted" application and/or OS. So this can be somewhat mitigated by use of an open platform that you know is secure (Linux, BSD, etc.). But the underlying problem is that the chip has a unique private key signed into it when manufactured, but you
don't know that key, only the chip (because it uses it) and the manufacturer know the key.
So in more layman terms this is an appropriate analogy: Imagine you buy a new lock for your door, but the only one that has access to the key is the manufacturer and just have to trust him to not make copies or give it away.
Hence the "Trusted" part, but not exactly secure. The only case in which you have true security is when you and only you have the keys. So stay away from TPM devices that run on machines with closed proprietary OSes and are known to *cough* Snowden *cough* *cough* share information freely with three letter agencies everywhere OR don't, if you have nothing to hide and haven't done anything wrong and you are ok with standing naked in front of the window (or whatever the digital equivalent of that is).