top | item 22300858

(no title)

Again: why do you use such belittling words like "conspiracy theory"? We know that the services interfere. We know that they interfered with vendors of cryptography products. And we know that National Security Letters exist, as do other – legal – means to pressure such vendors. There is no conspiracy needed for them to try to pressure someone by, say, threatening them with denial of a entry visa. Or they could have simply tried to buy them off which they might not have liked. It's not a crazy idea by any stretch.

> It wasn't even a speed bump for the Ulbricht investigators.

Are you talking about the situation where they had to very carefully snatch a running laptop from a suspect so that they can't lock it? Seems to me like FDE would have been at least a significant speedbump had they not circumvented it. Why else would they go to such trouble? And what would they have done if the suspect hadn't used his laptop in a public place?

discuss

tptacek|6 years ago

We in fact do not know that NSLs of the form suggested in the root comment exist. Such an NSL, requiring developers to stop work on a project, would in fact be unprecedented. It is, in fact, a conspiracy theory. In reality, the exact opposite thing occurs: the USG-backed Broadcast Board of Governors actively funds cryptographic privacy technology, both through direct grants to projects and, to head off other conspiracy theories, in much harder-to-subvert grants to 3rd party pentesters to find and report vulnerabilities in those tools.

PuffinBlue|6 years ago

Pretty sure you misinterpreted that comment. It's not suggesting that they pressured the devs to stop work, it says they were pressured to stop making it so awesome. The inference being that they were pressured to weaken the product and they walked away instead.

est31|6 years ago

> what would they have done if the suspect hadn't used his laptop in a public place?

Screw open his laptop when it's turned off and he's away from home, install a keylogger into the bios. Put a camera onto the shelf to film which keys he types to log in. If he puts a blanket over his head: solely rely on the sound each key makes. Hack his computer remotely using one of the government owned 0days and dump the keys. Use side channels to attain the password via the power outlet in the neighbouring house.

They had countless ways and they chose the one that revealed the least about their capabilities.

jack_pp|6 years ago

While what you are saying is possible technically, assuming any and all investigators in the US can tap into such capabilities is just FUD.

shalmanese|6 years ago

Yeah, but are there any other forms of encryption that could have mitigated any of those attacks? Once your adversary has physical access to your environment/hardware, it's pretty much game over for security.