Microsoft invites police into your computer, offers them a COFEE

Most of us know better than to really expect that what we do on our computers is truly private. We all have seen a spyware infection, software which logs activities on your computer sending them off down the tubes of the internet to be sifted through by various nefarious sorts. We have heard tales of personal data being stolen from everyone from the Veterans Administration to large businesses but nothing like what we could face.

With Windows XP, it was possible, using tools like ERD Commander, to get into a password protected computer with relatively little work. These tools give you direct access to user accounts along with the browser history but you still have to search for data and history manually so they are largely useful as tools for technicians to gain access to a computer in cases where the password is lost.

Microsoft’s new OS, Vista, can not be accessed using ERD type tools, although passwords can be reset with a little bit of tinkering and an original install disk. In fact, one of Vista’s key features is improved data security with features such as the bitlocker drive encryption. Of course, all this security could prevent police from being able to search your computer. That’s where Microsoft has come to the rescue with the Computer Online Forensic Evidence Extractor, a back door into Vista loaded on a USB key.

…the company just revealed that it’s been distributing a special thumb drive to cops in 15 countries to help them identify and extract information from suspects’ computers. The drive, called COFEE for Computer Online Forensic Evidence Extractor, is in use by more than 2,000 officers, including some in the States, and Microsoft is giving it away for free, saying that its doing it not for profit but to “help make ensure the Internet stays safe.” COFEE contains more than 150 commands that can be used to collect information, decrypt passwords, and poke through network activity, which helps alleviate the problem of having to remove and transport a suspect’s computer for evidence purposes — officers can just plug in the drive.

To my knowledge Microsoft has never given a tool designed to the police to aid them in hacking into a computer before. In fact, generally it would be considered a poor practice to circulate a back door into an operating system. Typically such tools make it relatively swiftly into circulation on the internet for download by anyone.

There is also the issue of privacy and unreasonable search and seizure. We need assurances that police will obtain warrants for all searches. With recent efforts to spy on all Americans, there is good reason to be concerned about your privacy if the police hold the key to enter your computer. What’s more, the C.O.F.E.E. carefully extracts data such as browser history and data files stored on the computer to eliminate the hassle of manually extracting the data.

Imagine if your real estate broker sold you a house and gave a copy of the key to the police so they could search your home more easily? It’s a slippery slope and one which should be avoided. Right now only Microsoft and the police have that key, but that won’t last long and when C.O.F.E.E. hits the internet, say goodbye to your computer’s fancy security.