[WestCoastJustin]

A few gems in here besides the TrueCrypt statement, mainly that Apple iCloud and Dropbox are named, and the legal framework is touched upon.

  All cloud stored content are automatically hash-scanned
  and image-analyzed by their service providers and
  infringing content reported to NCMEC (p16)

  Mobile content are automatically scanned when they are
  synced with cloud storage like Apple iCloud or Dropbox.
  Mobile devices that are not cloud-synced can be accessed
  by their respective vendors (p16)

If I am reading this correctly, when you upload something to Apple iCloud or Dropbox, there is a background process which generates a hash of your content, then compares that hash with infringing content? What defense do companies have? What about proof that these claims are true (sources, etc)? Can anyone just leak a document that claims XYZ tech company spies on its users and everyone takes this as fact?

  Vendors are legally and commercially prevented from
  acknowledging their backdoors. Defense will not be
  able to prove their existence (p16)

Great, blanket denial either way! I hope this is a hoax!

[nwh]

You missed a big one there.

    Mobile devices that are not cloud-synced can be accessed 
    by their respective vendors 

Essentially; iOS and Android have a remote backdoor available to the US government.

[fluidcruft]

I think they're speaking about system dumps at the manufacturer level.

For example, I'm fairly confident that the data on Motorola devices can be read completely using USB from bootloader mode without any data modification (using tools like RSD Lite or sbf_flash). By itself that wouldn't get past OS-level encryption, though. That bootloader is entirely Motorola's with functionality and communication protocols dating back to before the pre-Android razr flip phones (from what I could tell back when I was doing battle with the XT720).

On the other hand, passphrases for boot security on mobile devices are often extremely weak (pin or what-have-you) and easy to brute force (assuming there is a backdoor to access the TPM contents or whatever it's called on ARM/OMAP/etc if it uses that sort of thing)

[bilbo0s]

Yep...

I was thinking... "Wow... why is this guy worried about Dropbox?"

The Dropbox problem is solvable... just don't use Dropbox.

But how are you going to use a phone without using iOS or Android. (All of the other mobile OSes are probably backdoored as well)

[nine_k]

I wonder if my next pone should be Mozila-based.

[philwebster]

With regards to FileVault for Mac, some friends who used to work as Geniuses at the Apple Store have mentioned having to request special software from corporate that would fix or recover FileVault in some way - they weren't clear and said it was not something they were supposed to talk about. Obviously I'd take the info with a grain of salt, but based on the news lately...

[nwh]

I had an conversation regarding FileVault with the geniuses recently too.

    > Oh we see [your MacBook] has a password, would you be able to write it down here?
    Haha, nope!
    > Any, uh, reason not to?  
    Nope. 

From a conversation later on, apparently not many people opt not to give up their keys. I'm not sure why they pushed me to give it up either, the geniuses know full well that they can just boot their diagnostics disk without the password anyway.

Bear in mind that the default setup for Apple's FileVault also sends a copy of the encryption key to Apple too (associated with your AppleID), where presumably there is access granted to the US government also (willing or unwilling).

[46Bit]

> Bear in mind that the default setup for Apple's FileVault also sends a copy of the encryption key to Apple too (associated with your AppleID), where presumably there is access granted to the US government also (willing or unwilling).

If anyone else is curious about this see the recovery key sections on http://support.apple.com/kb/HT4790

[fnordfnordfnord]

Well, here is the one for last year. How many times do they have to tell us?

http://www.ndsaa.org/Computer_Forensics_for_Prosecutors.pdf