undefined | Better HN

0 pointsrebuilder6y ago0 comments

I'm not sure that makes sense. The US could compel the devs to compromise their product but not keep them from issuing a cryptic statement and stopping work on the product?

0 comments

A4ET8a8uTh06y ago

Well, there is an argument that IC does not have a problem with other interested parties chasing their tail trying to figure out what that really meant similar to the way government occassionally releases few tidbits about Kennedy assasination just to keep the flames flowing and activist distracted from what is going on right now.

There is value in misdirection.

criddell6y ago

It doesn't make sense for two reasons to me. For one, the government can't compel you to do work. That's slavery.

Also, it's open source software. TrueCrypt going down didn't change the security landscape at all.

SkyBelow6y ago

The government can. For example, take how the police will turn individuals into informants by getting them on trumped up drug charges and then offering them a deal if they work for the government, including engaging in acts that put them at risk of being killed.

https://en.wikipedia.org/wiki/Murder_of_Rachel_Hoffman

The end result is "Work for us or go to prison."

ceejayoz6y ago

> For one, the government can't compel you to do work. That's slavery.

Slavery's perfectly legal. The 13th Amendment:

"Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction."

https://en.wikipedia.org/wiki/Penal_labor_in_the_United_Stat...

criddell6y ago

Are you suggesting the TrueCrypt authors had been duly convicted of a crime?

2 more replies

rebuilderOP6y ago

Like the government (of any given state) can't rendition you or assassinate you if they deem it necessary for national security reasons?

I think under the right conditions, a good many state intelligence services would not let the letter of the law get in their way. I just don't think the particular scenario above makes sense.

What makes sense:

-devs discovered some vulnerability but were persuaded that disclosing it would endanger important operations in progress. They were not coerced but reached a compromise with (agency).

-Devs were told, in no uncertain terms, that they need to discourage use of Truecrypt. Seems kind of low-impact, so probably not the case.

- Truecrypt was an (agency) project all along, and the faction arguing for universal access to strong cryptography finally lost out. The cat being out of the bag, and given the difficulty of introducing new vulnerabilities into an open-source tool used by the professionally paranoid, the best option was to try to discredit Truecrypt to the extent possible.

kube-system6y ago

> For one, the government can't compel you to do work. That's slavery.

That may be your personal opinion, but legally speaking, it is not true in any sense.

apodysophilia6y ago

It is also the argument that Apple used against the FBI in the San Bernardino case.

1 more reply

dboreham6y ago

They offer you a large contract to do <something>, then they require that <some guy> they nominate work with you on the project. That guy introduces the backdoor.

j / k navigate · click thread line to collapse

0 comments

A4ET8a8uTh06y ago

There is value in misdirection.

criddell6y ago

It doesn't make sense for two reasons to me. For one, the government can't compel you to do work. That's slavery.

Also, it's open source software. TrueCrypt going down didn't change the security landscape at all.

SkyBelow6y ago

https://en.wikipedia.org/wiki/Murder_of_Rachel_Hoffman

The end result is "Work for us or go to prison."

ceejayoz6y ago

> For one, the government can't compel you to do work. That's slavery.

Slavery's perfectly legal. The 13th Amendment:

https://en.wikipedia.org/wiki/Penal_labor_in_the_United_Stat...

criddell6y ago

Are you suggesting the TrueCrypt authors had been duly convicted of a crime?

2 more replies

rebuilderOP6y ago

Like the government (of any given state) can't rendition you or assassinate you if they deem it necessary for national security reasons?

I think under the right conditions, a good many state intelligence services would not let the letter of the law get in their way. I just don't think the particular scenario above makes sense.

What makes sense:

-devs discovered some vulnerability but were persuaded that disclosing it would endanger important operations in progress. They were not coerced but reached a compromise with (agency).

-Devs were told, in no uncertain terms, that they need to discourage use of Truecrypt. Seems kind of low-impact, so probably not the case.

kube-system6y ago

> For one, the government can't compel you to do work. That's slavery.

That may be your personal opinion, but legally speaking, it is not true in any sense.

apodysophilia6y ago

It is also the argument that Apple used against the FBI in the San Bernardino case.

1 more reply

dboreham6y ago

They offer you a large contract to do <something>, then they require that <some guy> they nominate work with you on the project. That guy introduces the backdoor.

j / k navigate · click thread line to collapse