[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

how to release code if the programmer is a target for coercion (fwd)

Forwarded message:

> Subject: how to release code if the programmer is a target for coercion
> Date: Wed, 14 Jan 1998 08:41:16 EST
> From: Ryan Lackey <[email protected]>

> Tim May brought this issue up recently -- if someone develops a greatest-
> thing-since-sliced-bread Eternity package, then releases it. it's pretty
> likely that they will eventually be approached by (mi6/mossad/CIA/KCIA/etc.).
> What's likely to happen?
> Certainly they could kill you.  They could make it look like random street
> crime, or an accident, or kill you with #16 000 in your pocket just to make
> it clear what their reasons were (Gerald Bull, Mossad, London, .32acp).  

Actualy they killed Bull before he could complete his Super-Gun design and
get it built. There is no point to be had in killing the designer after the
fact except to advertise their accomplishment except to prevent future work
by that person.

> More likely, they'd try to coerce you.  This could include threats of death,
> which are best responded to by ignoring them, since they don't gain anything
> if they kill you.  Or torture, which is equally ineffective if they kill you.
> Or slander/etc. to try to discredit you. (unlikely to work at least among
> cypherpunks, in the absence of technical attacks as well).

This seems to have worked with several of the programmers at The L0pht
(l0pht.com) because of their legal problems. Seems they now do work for the
DoJ and other groups in return the various charges that were pending against
them were dropped (or at least put on hold).

> Most likely, they would try to buy you.  This could be by outright offering
> money for back doors, which would be great if it worked, but is unlikely to
> happen in the first place.

L0phtCrack is one of the major NT cracking/testing tools currently used by
folks. And no, I am not implying it has been compromised only pointing out
that because of the relationship of some of the programmers to law
enforcement it could have been. I am not aware of the exact timing of the
agreement, development, and release of the software.

>  If offered a bribe, you could go public with
> that fact (preferably after taking the money :),

Then everyone would want proof and if you couldn't produce it they would
simply label you a nutcase. You probably would have mysterious accident
after that sort of behaviour. Besides, even if you were to prove it - could
you trust the witness protection process?

> I was looking around for a solution to this -- Lenny Foner at the MIT
> Media lab has something for his agents project which might be a solution.
> A system by which sections of source code are verified by individuals,
> signed, other sections are verified by others, etc.  Then, during

If the agents could infiltrate the development team what keeps them from
mounting a mitm attack on the people doing the signing?

   |                                                                    |
   |      Those who make peaceful revolution impossible will make       |
   |      violent revolution inevitable.                                |
   |                                                                    |
   |                                          John F. Kennedy           |
   |                                                                    |
   |                                                                    | 
   |            _____                             The Armadillo Group   |
   |         ,::////;::-.                           Austin, Tx. USA     |
   |        /:'///// ``::>/|/                     http://www.ssz.com/   |
   |      .',  ||||    `/( e\                                           |
   |  -====~~mm-'`-```-mm --'-                         Jim Choate       |
   |                                                 [email protected]     |
   |                                                  512-451-7087      |