What I'm going to talk about will self destruct in 60 seconds 😛
I've read an article on Medium called Why the NSA Called Me After Midnight and Requested My Source Code.
The author narrates an episode of his life in which the NSA called him at night because they needed to break into encrypted (256-bit encryption) files on someone's laptop.
The files were encrypted with a piece of shareware software the author wrote. During the call the author find out the files were actually encrypted with the trial version, which, according to him, encrypts "only" with a 40-bit encryption algorithm.
The NSA asked him to turn over the source code so they could decrypt the files quickly.
The author seems to be a genuinely good guy called to do his "civic duty" by the government.
Still, there are a couple of things that bug me. Keep in mind that it was in the year 2000, way before Snowden's revelations or the standoff between Apple and the FBI over iPhones encryption. Probably NSA's reputation was stellar back then.
First: the guy believed the NSA operative right away. He was called at night, so it must have been super urgent. The operative gave little info, so it must have been something life or death. Given that it could have been true and I would have probably fell for the same thing, between the lines I can't possibly not notice the masterful social engineering put in place by the government. They knew where he was, so they must have been aware of this issue with the encrypter files for a while, tracked the info of the software creator and then his movements (he was physically in a place only his family knew about). There were no smartphones back in the day so I can assume knowing at all times where a person is (a person which is not the subject of the investigation) must have been something that was planned (this is my diet of american TV shows put to work). Still, he believed the situation was dire and time was scarce.
The part of the story that really bugs me though is the turning over of the source code of the encryption app. He developed an app to protect users's privacy and then with a phone call to his colleague he undid everything without even thinking deeply that he wasn't just going to help them catch "a bad guy" but he was also giving them the keys to ALL other files encrypted with his program forever and ever.
He humble brags that he receives a mug as a token for his cooperation... A mug!?
He had the best intentions but I believe he did the wrong thing. I'm not sure I could have said no the the NSA if I were in his shoes but I think this article is good food for tought.
What do you think?