Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As a3n said, there was a NSL, FISA warrant, or other legal threat that says they can't reveal even the existence of it. Saying yes reveals the existence in an obvious way. Saying no might get them in trouble if revealed to be lying later in court or mainstream media. So, like with classified matters, the safest comment is to not have one. Neutral.

It's proven to work in terms of liability in majority of cases.



Please cite such a case --- meaning, a case in which a software vendor faced civil or criminal liability for revealing the existence of a backdoor shipped in its product. Since you used the word "proven", a single example seems like a very reasonable request.


That's a trap. I just said a situation where'd they might do time for revealing it. You essentially want me to show where they reveal it. A tall order but I'll try anyway. Yahoo fought the FISA court, lost, and others were shown same decision showing resistance would be treated criminally [1]. Lavabit was ordered to give up their key to FBI, not talk about it, and lie to users about their privacy. (Google court docs if you doubt last part.) Finally, the ECI-classified leaks have a slide that says the "FBI compels" [2] the cooperation of U.S. companies with NSA's secret program(s). Compel is undefined. Yet, FBI is a LEO and involuntary compliance with them usually follows threats, yes? The same term is also used in this [3] document citing the specific, federal laws. Both are consistent with Yahoo's claims and leverage same laws.

So, I believe that the FBI and NSA might have worked together to use legal threats related to Patriot Act to force companies to comply with SIGINT-enabling for collection purposes. The other ECI leaks mention U.S. companies that were cooperative and made their systems "exploitable" for "SIGINT-enabling." So, they offer money first and call the FBI if that doesn't work. Almost everyone caved so I'm guessing there's a significant, legal threat there.

They're not telling you in detail because it's classified: releasing the info is a felony. Who would after seeing what happened to other whistleblowers... It's why I recommend privacy-focused companies being located in Iceland or countries similarly non-cooperative with police state activities. At least one can legally resist subversion in those countries rather than experience... whatever FBI does... for not subverting one's products.

[1] https://www.techdirt.com/articles/20130614/10341723470/yahoo...

[2] https://firstlook.org/theintercept/document/2014/10/10/eci-w...

[3] https://www.nsa.gov/public_info/_files/speeches_testimonies/...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: