US security agency scrutinises secure storage device

US security agency scrutinises secure storage device


Meeting could hint at restrictions

The US National Security Agency (NSA) and Treasure Department have expressed interest in a secure storage device that hard drive manufacturer Seagate is developing.

Seagate spokesperson Michael Hall said that the company has met with the two US government agencies over its Momentus 5400 FDE technology. He said that the agencies are investigating the device's implications on their ability to fight organised crime, but stressed that so far they are only gathering information.

The NSA declined to comment. In an emailed statement, the agency said that it could neither confirm nor deny that it had met with Seagate.

The forthcoming Momentus 5400 FDE (company brochure PDF) targets laptop computers and external storage devices. It uses the industry standard Trusted Platform Module (TPM) chip and offers full disk encryption (FDE) of the hard drive's contents.

The hard drive maker formally unveiled the device last June. It is expected to be launched in the second half of this year and Hall said that he was confident that the investigation would not delay the drive's launch.

The TPM is commonly used in enterprise workstations and laptop computers to enable security features and securely store encryption keys. Apple also uses the chip to limit the OS X operating system to Mac hardware, preventing consumers from running it on generic x86 computers.

Privacy advocates have criticised the chips because they could potentially be used to enforce digital rights management technology and prevent users from accessing certain applications or services.

The encryption on Seagate's hard drive could make the device subject to export restrictions and could potentially force the company to take non-US citizen workers off the project.

The NSA does not create these policies, but acts as an advisor to government departments on these matters. The organisation also acts as a certification authority that determines which technologies can be used by government agencies.

Export restrictions commonly affect "rogue states" such as North Korea. Export restrictions on technology for instance forced Sun Microsystems to delay the roll-out of its grid service.

Until 1996 US software makers were prohibited from exporting any software application using 128-bit encryption to users outside of the US. This caused Netscape to provide both a 128-bits domestic and 40-bit international version of its browser software until the ban was lifted.