On Thu, Jan 2, 2014 at 10:01 AM, Saku Ytti <saku@ytti.fi> wrote:
On (2014-01-01 23:51 +0200), Eugeniu Patrascu wrote:
Is this legal? Can NSA walk in to US based company and legally coerce to install such backdoor? If not, what is the incentive for private company to cooperate?
As you might have seen from the beginning of time, people in power assume anything can go until proven otherwise.
This is mostly academic, as being legal or not being legal it's not appealing attack vector due to difficulties containing the information. But what I implied is, if it is legal, you'd have paper trail, like legal document from court.
I can't speak for NSA practices, but for example FBI asserted that they are entitled to put GPS trackers on cars owned by people they suspected of something without a court order. And they fought to the death in courts when the suspects brought suits against them for violating their rights with these practices. It would assume that other agencies employ the same tactics and strong-arm companies into doing their bidding with minimal paperwork. Let's not forget that NSA vets all the security vendors and products that the USG uses and it would be pretty easy for them to stop recommending SecurID tokens (main RSA business is authentication) for government use. The above presumption would have sounded crazy six months ago, but now...