[carboncopy]

Why do you think it would be trivial for three-letter agencies to do those things?

Is there a legal mechanism, authority, or track record for such a thing?

If you're talking about Dual_EC_DRBG, that was a non-trivial, poorly-kept secret that failed on launch. An alleged $10 million secret deal, plus development of the algorithm doesn't sound trivial to me.

[captainmuon]

> Is there a legal mechanism, authority, or track record for such a thing?

The problem is, as a layman, I cannot know. I wouldn't have thought that something like FISA court orders was possible, where you get a secret order from a semi-secret court and you are not even allowed to talk about it.

Who knows, maybe there is a secret FOOBAR law that says agents can force any certificate agency to sign random certificates for them. Maybe some wierd agency you never heard of forced every major manufacturer to include hardware backdoors, and lie about it.

A few years ago I wouldn't have thought that was possible. But my trust that the legal system is democratic and transparent has been thoroughly undermined.

Now, if you run a business and some people in suits come and order you to install a backdoor, and threaten you, and tell you you can't talk about the incident to anybody besides your laywer, you can't do anything about it - and you better hope that that lawyer is good, since otherwise you have no way of telling whether that order is legitimate or not. Those people might as well be criminals, and you have almost no way to find out. Back in the pre-9/11 world, if you didn't recognize the IDs of the, say, FCK agency, you would have phoned around a bit and then told them to f'ck off after hearing their outlandish demands. Because there is no way something like that would happen in our democratic country. You can't assume that anymore nowadays.

[carboncopy]

A simple "no, I don't actually know" would have sufficed.

I'm not asking you what episode of Blacklist you enjoyed the most, I'm asking you about real life. The lavabit company was served a real warrant made by a real judge, served by a real officer of the court. NSLs are served by real FBI agents with real badges. I'm not debating the anti-liberty essence of an NSL, but the "men in black" fear is completely unfounded by the domain of things that are in the public eye.

The strawman of the "FCK agency" agents ordering people with the threat of jail time to put backdoors in their software isn't backed up by any credible fact. We can suppose and assume all day, but you shouldn't take it for granted that everyone agrees or should agree with you.

*the alleged RSA backdoor was reported by Reuters to be a $10M bribe, doesn't sound coercive to me. Not to mention the NSA has no arrest powers outside its facilities, but sure.

[JupiterMoon]

> to anybody besides your laywer

I think that Snowden's email provider was not even allow to talk about things with their lawyers at some point in time...

[clord]

I think jahnu was referring to obtaining the private keys for a trusted signing authority, which would enable said agency to create valid-looking certificates for the purpose of MITM. Weak algorithms are also concerning, but not really the subject of OP.

[JupiterMoon]

You have heard the news since Snowden whistle-blew right?

[rtpg]

A NSL could set up the gag order, and it could be part of the whole "need to listen to data coming in from abroad" parts of the Patriot Act (though I think USA FREEDOM removed some of that?)

I think that even in the current state of things there's not much standing for the NSA to force that to happen.