[Youden]

I'm not saying TARs, TANs or TCNs are FUD and you can ignore them, I'm saying the suggestion that they can compel the introduction of a backdoor is FUD.

The example you give, if it's possible, is an example of an existing systemic weakness. Yes, the government is free to exploit it but the government can't compel its existence.

Apple and Google are free to eliminate it, if they so choose.

FWIW, I'd consider the possibility of such a mechanism to be a problem in itself. And I don't believe it is possible today. Android, at the OS level, will only install updates with the same signature as the currently-installed version.

[alfiedotwtf]

> I'm not saying TARs, TANs or TCNs are FUD and you can ignore them

> Apple and Google are free to eliminate it, if they so choose.

Pick one.

Again, a TCN compels a provider to develop a targeted capability, or face jail time.

[Youden]

A TCN can only compel a targeted capability where doing so does not require introduction of a systemic weakness.

If the system is secured in such a way that the targeted capability isn't possible (e.g. open-source project with e2e encryption and verifiable builds), the government cannot compel introduction of a systemic weakness (e.g. stop using verifiable builds) to make it possible.

My suggestion is that Apple/Google build their software such that it is systemically secure against targeted attacks.