[Cryptography] Lavabit's and Snowden's Solos
Jerry Leichter
leichter at lrw.com
Thu Mar 24 22:19:05 EDT 2016
> Compelled code modification is still a murky area of law. My opinion is
> the answer remains no, they can't compel you to make changes, including
> disable security "shields." Of course the Apple case will test that, if
> it goes forward. That said, they have compelled config changes in the
> past. Hushmail enabled a "debug" config setting and used it to steal a
> private key during login (at the request of the FBI). Phone companies
> have been forced to modify switch settings to allow wiretapping, or
> tracing. All of the cases I know of involve config settings, not code
> modifications....
Those are easier, because it's argued that changing switch settings is just a part of normal operations, so is not as big imposition and is consistent with what the compellee does anyway. This kind of reasoning was central to the court case that compelled a telco to connect a pen register for the FBI.
Note that the FBI tried to stretch the same reasoning to apply against Apple: Apple is "in the business of writing software", so it's no big deal to compel them to write GovOS. Expect them to try to use this wedge wherever they can. If you *ever* enable a debug or test mode that lets you see the keys or the cleartext, bam, you've just acknowledged that (a) you can do it; (b) it's not repugnant to you to do so; (c) you'll do it for the government, too.
-- Jerry
More information about the cryptography
mailing list