[cryptography] Tahoe-LAFS developers' statement on backdoors
marsh at extendedsubset.com
Thu Oct 7 01:39:35 EDT 2010
On 10/06/2010 06:42 PM, silky wrote:
>> The core Tahoe developers promise never to change Tahoe-LAFS to
>> facilitate government access to data stored or transmitted by it. Even
>> if it were desirable to facilitate such access—which it is not—we
>> believe it would not be technically feasible to do so without severely
>> compromising Tahoe-LAFS' security against other attackers. [...]
You guys are my heroes.
> How will you stand by this if it becomes illegal not to comply though?
As an American software developer myself, I guess I need to consider
this too. I could imagine a US open source developer might choose to:
1. Quit developing security software and take up a new line of work,
say, selling 0-days to the Russian Business Network. This is probably
what much of the US data security industry will be reduced to, since
obviously no one will want to buy backdoored data security products and
services from US companies anymore (well, except outsourcers audited for
conformance to US government procurement standards).
E.g. MIT Kerberos and Heimdal:
The term "non-US" will once again be the universally recognized mark of
effective cryptography. It's really a win-win for the former Eastern
Block, as they'll gain a huge market as US purchasers begin obtaining
their critical data security products from them.
Remember when the best stuff always seemed to come from ftp.cs.hut.fi?
2. Comply by forking the codebase to a new "Backdoored-Tahoe-LAFS",
(which of course nobody would ever use). Commit code to that repository
and the free world could pull your patches out of it, if they want to.
Of course, as a developer your source code management overhead would be
twice as difficult as everyone else's. So you'd probably be doing the
small, menial tasks and end up marginalized as the direction of new
development gets set overseas.
3. Emigrate to England where they apparently have other methods of
4. Adopt a cool hacker alias (e.g. "Bobby Tables") for all your
development work. Dress like someone from The Matrix, and add the
glasses-nose-mustache disguise for good measure. Send all your email
through spam relays, and originate all your network traffic from
sympathetic human rights activist offices in China. Be sure to obtain
all your development software from warez sites too.
5. Protest the law, loudly and publicly. Become too well-known to
prosecute for offenses of questionable constitutionality, grab headlines
whenever possible. Get yourself accused of criminally deviant behavior
by multiple Swedish women simultaneously, then un-suspected, then
arrested in absentia, then re-suspected, and so on.
6. Quietly continue developing secure software and services and be
subject to selective prosecution according to how the political winds
blow in the future.
Welcome back to the bad-old-days.
Except this time, it's cloud-based services, too.
More information about the cryptography