re: Doing the wrong thing with good intentions VIEW POST

FULL DISCUSSION
 

In theory having the source code doesn't help with breaking the encryption (unless he made a mistake in the implementation, which could well be what the NSA were hoping to find). So it's not as if he gave them the keys to the kingdom based on a 1am phone call, but it's still not a great look.

 

unless he made a mistake in the implementation, which could well be what the NSA were hoping to find

yeah, I think so. I read the comments on the Medium post (after writing this) and in one he says the cyphers were public domain, but it doesn't really go past that. In another comment he says he probably just saved them a few hours of work (?). In another one yet again he reveals he didn't hand them the entire source code (not enough to compile a working version because he supposedly left out the UX code) "like other people think" (why didn't he say that in the article?). I don't know, it all sounds shady, even his analysis 18 years later :D

I gave up reading comments after that, there's a lot of trolling and name calling involved.

 

For a more inspiring example of "what to do as a security provider when a three-letter agency calls you in the dead of night", there's always Lavabit.

For a more inspiring example of "what to do as a security provider when a three-letter agency calls you in the dead of night", there's always Lavabit.

That took guts! No wonder Proton Mail is based in Switzerland, outside of US and EU.

I'm so glad we don't have three letter agencies in Italy. I mean, we do have intelligence agencies but they have four letters: AISI and AISE. Both used to have 5 letters in their acronyms :D

 

From the article:

He seemed predisposed or prepared for me to say no.

I am more inclined to side with the author in this situation. As you stated, the encryption algorithms are public, very well-known algorithms and the source code should reveal nothing, and the NSA employee asked to see the source code. The agent proved himself as reputable, and he did not demand to see the source code. All he did was ask for help in a matter of national security.

Ask yourself this: if a government agency asked for help in a matter of national security that wasn't about encryption would you help them? For a contrived example, say the FBI showed up and said there was a bomb buried under your house. They could dig to it from the street, or get to it much faster by digging to it from your basement. I think you'd be inclined to let them dig through your basement.

Also, keep in mind that what the NSA asked of the author is not the same as what they asked of Apple. They simply wanted to see the source code for an encryption algorithm here, but they were asking Apply to modify their code and add a backdoor that only the NSA could use. Again, going back to the contrived example, that is more akin to agreeing to let a government agent to live in your basement, so that they are ready to defuse a bomb should one be found. Completely different situation.

code of conduct - report abuse