It would generally be easier to set and conceal backdoors in proprietary encryption software, and for it to remain "undiscovered" because the software would not usually be open to scrutiny/audit by third parties who would thus effectively need to trust/use the software on blind faith.Let's be speculative:
- As above, maybe:
...the TrueCrypt takedown was the result of being nobbled by the NSA (e.g., like the two encrypted email services over the last 12 months), then the TrueCrypt developers may have been left little option but to shut down, rather than be obliged to leave TrueCrypt fitted full of NSA backdoors like Symantec and Microsoft encryption have been rumoured to be.
- Or maybe that's not the case. Maybe the backdoors had already been established for some time in TrueCrypt, so the unknown developers pulled the plug realising that discovery could be imminent in the aforementioned TrueCrypt audit project.
- Maybe the developers and/or the auditors are effectively the NSA. Who knows? After what we have been allowed to learn or led to believe from the public dripfeed out of the SnowdenGate theatre (bring your own popcorn), anything's possible, but skepticism would seem to be recommended. One thing that was learned/perfected in WWII was that good military intelligence and the skilful dissemination of misinformation were essential ingredients to a winning strategy in a war, with the Nazis arguably setting the initial standards to be met. Out of this sprung our modern-day advertising, marketing and PR - even the terminology used employs military terms. And be in no doubt that we are involved in some kind of a war - a war in which every citizen is apparently a potential enemy and thus not to be trusted, so surveillance and the manipulation of public perceptions by whatever means deemed necessary would be mandatory (QED). This was where Mao's Revolution was so successful. Maybe the book "1984" does form an authoritative set of rules and guiding principles for the kind of increasingly totalitarian states that we seem to be finding ourselves inhabiting.
I had always been a fan of PGP (Pretty Good Privacy) encryption methods, but lost interest when PGP was acquired by Norton/Symantec as I figured it was thereby probably irretrievably lost as a definitively secure/trustworthy encryption approach/software - I mean, how would one know?
However, in the interesting case of Ramona Fricosu
(January 2012) in Peyton, Colo., USA, Fricosu had been charged with conducting a fraud (a mortgage scam) and it was deemed necessary to access her Toshiba laptop to discover details about the fraud and her associates - but the laptop was secured using PGP Desktop Professional | Symantec
, which the FBI apparently claimed to be unable to unlock.
So a federal judge ruled that she had to:
...decrypt the hard drive of a Toshiba laptop computer no later than February 21--or face the consequences including contempt of court.
Refer: Judge: Americans can be forced to decrypt their laptops | Privacy Inc. - CNET News
(Out of this came the use of a legal defence concept of "Plausible deniability"
This was a civilian matter, not a defence matter. Maybe the FBI did
have the ability to crack the encryption key, but were not about to reveal that potentially strategically and militarily important fact if it did not have to be revealed, and so forced the issue (apparently successfully) through the judicial system.
Maybe this started people looking with increasing interest at the backdoored Symantec PGP product, or maybe it wasn't backdoored. Either way, it wouldn't matter
, because the public perception set by this display was that Symantec PGP is unhackable
, and maybe that was desirable/necessary/intentional.
So the alternatives to TrueCrypt could be:
- TrueCrypt software - presumed to be unhackable.
- Symantec PGP software - "proven" to be unhackable.
- Microsoft BitLocker software + hardware - presumed to be unhackable.
So maybe the NSA or other SS (Secret Service) cannot hack these things. Then again, maybe they can, or have already done so some time ago.
And don't forget that it has apparently already been established that the NSA would seem to have already
nobbled the so-called "random" keys used in PKE (Public Key Encryption).