Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm not sure that makes sense. The US could compel the devs to compromise their product but not keep them from issuing a cryptic statement and stopping work on the product?


Well, there is an argument that IC does not have a problem with other interested parties chasing their tail trying to figure out what that really meant similar to the way government occassionally releases few tidbits about Kennedy assasination just to keep the flames flowing and activist distracted from what is going on right now.

There is value in misdirection.


It doesn't make sense for two reasons to me. For one, the government can't compel you to do work. That's slavery.

Also, it's open source software. TrueCrypt going down didn't change the security landscape at all.


The government can. For example, take how the police will turn individuals into informants by getting them on trumped up drug charges and then offering them a deal if they work for the government, including engaging in acts that put them at risk of being killed.

https://en.wikipedia.org/wiki/Murder_of_Rachel_Hoffman

The end result is "Work for us or go to prison."


> For one, the government can't compel you to do work. That's slavery.

Slavery's perfectly legal. The 13th Amendment:

"Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction."

https://en.wikipedia.org/wiki/Penal_labor_in_the_United_Stat...


Are you suggesting the TrueCrypt authors had been duly convicted of a crime?


I am not. I am pointing out that the Constitutional provisions preventing slavery have a loophole big enough to drive an aircraft carrier through.


He's saying they easily could have been.

See: Three Felonies a Day


Like the government (of any given state) can't rendition you or assassinate you if they deem it necessary for national security reasons?

I think under the right conditions, a good many state intelligence services would not let the letter of the law get in their way. I just don't think the particular scenario above makes sense.

What makes sense:

-devs discovered some vulnerability but were persuaded that disclosing it would endanger important operations in progress. They were not coerced but reached a compromise with (agency).

-Devs were told, in no uncertain terms, that they need to discourage use of Truecrypt. Seems kind of low-impact, so probably not the case.

- Truecrypt was an (agency) project all along, and the faction arguing for universal access to strong cryptography finally lost out. The cat being out of the bag, and given the difficulty of introducing new vulnerabilities into an open-source tool used by the professionally paranoid, the best option was to try to discredit Truecrypt to the extent possible.


> For one, the government can't compel you to do work. That's slavery.

That may be your personal opinion, but legally speaking, it is not true in any sense.


It is also the argument that Apple used against the FBI in the San Bernardino case.


I'm just taking issue with the quoted claim at face value, outside of the context. Consider for example, the legality of jury duty, conscription, subpoenas, taxation, traffic stops, etc. Government-compelled actions are common and legal.


They offer you a large contract to do <something>, then they require that <some guy> they nominate work with you on the project. That guy introduces the backdoor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: