1Password-utvecklare om NSA och krav på bakdörrar

Jeffrey Goldberg på AgileBits, utvecklare av 1Password, svarar på frågan om de har eller kan tänkas tvingas lägga in bakdörrar i 1Password för att NSA eller andra amerikanska myndigheter ska kunna komma åt den information som en 1Password-användare lagrar i programmets informationsfil:

So here are a few things to keep in mind:

1. We have developers in four different countries. (CA, US, UK, NL). It would be difficult to gag all of us.

2. Lavabit has set a precedent in how to respond. I like to think that we would take the legal and financial consequences of refusing to comply, but of course that is an easy thing to say now. Nobody really knows what kind of pressure governments could put on us or how we would personally respond.

3. We are very open about our data design and security architecture. That should make it harder to deliberately weaken it without detection.

4. Password managers are not, in general, communication tools. Perhaps that would make us of less interest.

5. If the NSA/FBI/TLA is seriously after a particular 1Password user it would probably be easier (and less likely to be detected) to attack the targets operating system than to force us to change 1Password’s design. That is, it is easier to go around 1Password instead of through it.

Still I remain cautiously optimistic that we will never be confronted with such a request, largely because of increased public awareness. The risks of the TLAs getting caught doing something like that and there being a public outcry is very substantial. They lost the Crypto Wars back in the 90s. They are not off to a good start in Crypto Wars II.

So could they compel us to sabotage our product and cheat our customers? Not with out a very high risk to that becoming public. Would they try it? I still don’t think so.

Personligen känner jag mig lugn över 1Password. Det är betydligt värre med den tjänst man kan synkronisera 1Password med (Dropbox).

© 2021 Omsoc Publishing AB