It has the look that somebody took the real NDSAA presentation, tweaked it up, and released it as a hoax.
Edit:
Here's a site that seems to be hosting the same PDF as part of an article dated 1 April 2013: http://www.techarp.com/showarticle.aspx?artno=770
All cloud stored content are automatically hash-scanned
and image-analyzed by their service providers and
infringing content reported to NCMEC (p16)
Mobile content are automatically scanned when they are
synced with cloud storage like Apple iCloud or Dropbox.
Mobile devices that are not cloud-synced can be accessed
by their respective vendors (p16)
Vendors are legally and commercially prevented from
acknowledging their backdoors. Defense will not be
able to prove their existence (p16)
Mobile devices that are not cloud-synced can be accessed
by their respective vendors
For example, I'm fairly confident that the data on Motorola devices can be read completely using USB from bootloader mode without any data modification (using tools like RSD Lite or sbf_flash). By itself that wouldn't get past OS-level encryption, though. That bootloader is entirely Motorola's with functionality and communication protocols dating back to before the pre-Android razr flip phones (from what I could tell back when I was doing battle with the XT720).
On the other hand, passphrases for boot security on mobile devices are often extremely weak (pin or what-have-you) and easy to brute force (assuming there is a backdoor to access the TPM contents or whatever it's called on ARM/OMAP/etc if it uses that sort of thing)
I was thinking... "Wow... why is this guy worried about Dropbox?"
The Dropbox problem is solvable... just don't use Dropbox.
But how are you going to use a phone without using iOS or Android. (All of the other mobile OSes are probably backdoored as well)
But the most obvious problem: if the NSA or whoever had a backdoor to truecrypt and Android and iOS, they would not send that information to a local DA office to be leaked.
Please don't set aside critical thinking just because something confirms your biases.
• “Fruit of the poisonous tree” can be circumvented
• The use of backdoors cannot be detected or proven
• Vendors are legally and commercially prevented from
acknowledging their backdoors. Defense will not be
able to prove their existence
• The files can be described as “forensically obtained”http://www.privacylover.com/encryption/analysis-is-there-a-b...
It claims TrueCrypt is a CIA honeypot.
There's your backdoor.
The entire presentation is clearly a copy of the previous year presentation, with some words changed by some moron with an agenda whose understanding of criminal procedure came from watching too many law and order episodes.
* There is an actual hereto-unknown flaw in TrueCrypt's algorithms or implementations of algorithms that can be exploited.
* They are referring to the only known attack, wherein keys can be recovered from RAM if the volume isn't unmounted correctly.
* This is FUD designed to push people away from less-breakable encryption and onto software which actually /does/ have backdoors.
* This is a hoax (pay special attention to the detective's names on the slide)Until you know what the backdoor actually _is_, please don't stop just because you audited the source code.
[1] a good summary is at http://en.wikipedia.org/wiki/Backdoor_%28computing%29#Reflec...
"Is Truecrypt A CIA honeypot" http://www.privacylover.com/encryption/analysis-is-there-a-b...
Seems like paranoia is looking just in general more plausible today.
I'm curious now though, do Truecrypt volumes have a magic number, in which case it's still easy to find, or are they fully crypographically random in appearance, making this a known-needle in a large haystack problem?
After some more digging, found this document: http://www.ndsaa.org/Computer_Forensics_for_Prosecutors.pdf
Which states:
Free product by SA Eric Zimmerman
Random Access Memory Analysis:
* FBI - Salt Lake City, UT
* Distribution - eric[at]feeble-industries.com
* Plug-in live triage via USB
* Virtualization, encryption, mass storage, P2P, Gigatribe, picture & video preview, password gathering, and MORE!
Looks LE agents can request a copy by registering for the guy's phpbb form here (judging by the registration terms, it's not open to the public):
The container format itself is really just a giant mathematical mess -- there really isn't anything to backdoor there.
And then the client doesn't exactly dial-out to anything when you mount an encrypted volume. Therefore I would suggest that this is probably a matter of using alternative means of access to the machine in order to patch the client itself.
That wouldn't exactly be worthy of the attention of the NSA, given that truecrypt is open-source.
The container itself can actually be 'backdoored' by a malicious client by eg saving a duplicate of the master key, or generating a master key using a deliberately weak RNG.
Any reason you're using a throwaway?
Works in FF and Chrome in-browser readers.
Then I realized you should really skim every single page, rather than going straight to 15.
http://uk.reuters.com/article/2013/08/07/uk-dea-irs-idUKBRE9...
The use of backdoors cannot be detected or proven
Vendors are legally and commercially prevented from acknowledging their backdoors. Defense will not be able to prove their existenceFor something like this, a report gets written, and the person who wrote it gets cross examined.
Can I get a direct quote? I'm not seeing any mention of TC on p15 or any other page.
What’s A Backdoor? • A method to bypass data encryption or security • Does not require the password or passphrase to be known • Saves time, cost and effort to access encrypted or secured data • Allows data to be accessed, copied and even modified without tipping off the owner • Currently available for major encryption software – Microsoft Bitlocker, FileVault, BestCrypt, TrueCrypt, etc • Currently implemented by major cloud storage provider to comply with NCMEC requirements