[tptacek]

We in fact do not know that NSLs of the form suggested in the root comment exist. Such an NSL, requiring developers to stop work on a project, would in fact be unprecedented. It is, in fact, a conspiracy theory. In reality, the exact opposite thing occurs: the USG-backed Broadcast Board of Governors actively funds cryptographic privacy technology, both through direct grants to projects and, to head off other conspiracy theories, in much harder-to-subvert grants to 3rd party pentesters to find and report vulnerabilities in those tools.

[PuffinBlue]

Pretty sure you misinterpreted that comment. It's not suggesting that they pressured the devs to stop work, it says they were pressured to stop making it so awesome. The inference being that they were pressured to weaken the product and they walked away instead.

[Floegipoky]

Just like lavabit: https://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_ord...

[tptacek]

Lavabit was a service that effectively held keys for its users and was compelled to disclose them. If we were discussing whether a vulnerable service was somehow compelled by the USG, I wouldn't argue. I doubt you'd even need an NSL compromise Lavabit; you might even be able to do it with routine civil litigation. Don't ever use things like Lavabit. That's why we talk about "end to end encryption", as opposed to the bad kind of encryption.

[maqp]

Lavabit also sent the private keys from their servers to clients using TLS that utilized RSA for key exchange. Levison was to put it into a word, a fool, for letting that happen. Once he had to submit the private RSA-key for the certificate, FBI could decrypt every past session, and every private key of every user. IMO he'd have to put a hell of a lot of effort if I'm ever going to look at his creations again.

[tptacek]

It was a deeply irresponsible service for Levison to be selling to people.

[tptacek]

An NSL to that effect would also be unprecedented. There is no evidence that anything like that has ever happened.

[abtinf]

While not an NSL, we do know USG leans on companies to implement weaker/breakable cryptography. There is at least one public example (attempts to compel Apple), and presumably there are many more successful undocumented attempts.