Ed Bott of "Ed Bott's Microsoft Report" takes issue with many of the blogger's who reported on this story (I'd assume he includes this blog in his "echo chamber" comment).  Here's a quote

OK, now go read the linked story from the Seattle Times. There’s not a word - not one word - about back doors or encryption. Sadly, the usual suspects in the Techmeme echo chamber are whipping the inaccuracy around the infield at major league speeds. CrunchGear says Microsoft has “developed a thumb drive that helps Johnny Law quickly extract information, encrypted or otherwise, from computers.” And Valleywag talks about “a USB dongle that plugs into a computer, bypasses any Windows passwords or encryption, and quickly downloads sensitive data such as your Web browsing history.”

and

In fact, if this rather unremarkable collection of Microsoft-developed hacker tools actually did contain anything new, I would certainly expect that the highly vocal security community would have said something. If there turned out to be a back door in BitLocker or any other form of encryption, the real experts would be publishing the results. But they haven’t said a thing, because there isn’t a story here.

Let’s see how long it takes for the corrections to begin appearing. I’m not holding my breath.

The problem is this: While Ed Bott rightfully "calls everyone out" for jumping to negative conclusions on limited facts he then takes the same limited facts and jumps to the opposite (positive) conclusion.  He even goes further by assuming Microsoft's COFEE is the equivalent of another tool on the market (again, based on no real evidence)...

For anyone who is ill-informed enough to think that these tools are going to land in the hands of bad guys, I have some bad news. They’re way ahead of you. The community-developed USB Switchblade has been around since at least September 2006. And as security expert Jesper Johansson points out, it has an impressive feature set:

In truth, Microsoft is vague on what exactly is in this device and their claims lead one to think there are "back doors" involved.  When they say that the device can retrieve password protected data off a PC in "as little as 20 minutes" they open themselves up to suspicion.  Especially as the maker of the system doing the password protection. 

As for corrections, I said this (bold added for this post)...

Microsoft's job when making an OS is to make it as secure as possible.  I, as a Microsoft customer, trust that they will do everything they can to make their system secure (as they claim to do).  The fact that they'd even build a device like this seems like a violation of that trust.  Especially since it seems they put hooks into the OS to facilitate its creation.

and I stand by it.  The logical conclusion based on the comments Microsoft had made was that Microsoft used their extensive knowledge of Windows (including the source code) to create this device and make it as effective as it is (for the record, Microsoft has since denied using any "back doors")

Finally, even if it doesn't contain a single piece of inside information I still take offense at Microsoft pointing out ways to crack my OS.  Again, it comes down to me as a customer putting faith in them as a software developer to do everything they can to boost my security (as opposed to circumventing it).  Creating a way to crack that security and giving it away as marketing is still very upsetting.

P.S.  Given how condescending Mr. Bott's post was I think I deserve some kind of karma credit for getting through this entire post without once using the phrase "poor man's Mary Jo Foley"

I'm not one who obsesses over my data privacy.  I mean, as far as my life goes...I like it...but to the outsider I suspect it would be pretty boring.  So if someone wants to snoop on me I really don't care.

But even I found this a tad disturbing...

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference Monday.

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

For the record, "Forensic Data" translates to "All Your Personal Information"

I honestly don't have an issue with Law Enforcement having access to this sort of thing.  They have the right to obtain the data anyway so this just seems like an easy way for them to get what they need.  If anything, it saves me money as a tax payer.

But I do have a couple issues here...

1.  Though I understand why the Government would want a device like this I think its irresponsible for Microsoft to provide it.  Microsoft's job when making an OS is to make it as secure as possible.  I, as a Microsoft customer, trust that they will do everything they can to make their system secure (as they claim to do).  The fact that they'd even build a device like this seems like a violation of that trust.  Especially since it seems they put hooks into the OS to facilitate its creation. 

2.  My understanding is that this is no bigger than a thumb drive which makes me certain at least one will fall into the wrong hands.  Given that I don't see why they didn't make it bigger and harder to steal.  Particularly since, despite what the original article says, the police have to seize the PC anyway (to maintain a chain of evidence) so portability isn't an issue.

To me, this is the best argument I've seen for Open Source in a while.  If Microsoft is inclined to put hooks into its OS which allow for the quick bypassing of the system's security I'd at least like to know.  The fact that they felt the need to, as the article says, "quietly" distribute this says to me that they knew I'd want to know and specifically took steps to hide it from me. 

That bothers me.

As a Microsoft customer I think their responsibility is to me not to law enforcement.  The fact that they don't see it that way makes a pretty compelling argument for systems with source that is open for everyone to see.

Addendum: Since I’ve already gotten two e-mails on this I wanted to clarify something.  When I said…

“Particularly since, despite what the original article says, the police have to seize the PC anyway”

I was taking that from a friend who is an assistant District Attorney (and who I IMed while writing the post)

This is conceptually pretty simple.  The cops can use this device and get all your files but they aren’t going to go over each file right then and there.  Since there’s no ruling in existence saying this Microsoft device is admissible in place of the computer itself the cops have to take the computer with them.  Otherwise you could erase the files between when the cops used the device and when they came back to actually confiscate the computer.