Here is what I believe. And, I think I’m supportive of FBI overall (on this one). I don’t feel like Im dealing with a renegade organization, back to the business of running a general surveillance state or anti-black pograms. While that is a complement aimed at FBI, note that compliment is restricted to FBI agency. Others don’t get as high a reputation.
I could not care less about silly firewalls between civilian and military agencies, doing national security. yes, I do care about FBI being a political parties terror agency (as it was in the 1950s). But, no I don’t think a few firewalls will make the slightest difference, there.
yes, I do believe in 2000 FBI was assured that it could have it cake (targeted access to encrypted evidence) – through a comprehensive partnership with military cryptanalysts. Yes I do believe that the “committee” of phone/software vendors – that publicly claimed to have deferred mandatory key escrow – made a secret deal: to compromise the implementation of crypto. This was the second hand, complementing the first hand deal with NSA to avail FBI of military-style cryptanalysis.
Do I believe the build of windows is broken? no. Do I believe that the vendor facilitates targeted downgrading of the trustworthiness of the platform (so the encryption *effect* is circumvented): yes. Do I believe that encryption-process-specific metadata (i.e. key management signals) are specifically released in cleartext form in order to facilitate targeting and surveillance? yes. I would;were I the designer, looking for that magical political wand that can be two things to two inherently opposing political camps, able to live with the middle ground (while disparaging each other, still).
So LOOK AT THE KEY MANAGEMENT SIGNALLING. make yourself a targeted adversary, and watch how the signals from the platform evolve (especially as you build new computers, at a couple a day, from gold masters). I’ve been doing this for a couple of years now, making myself an FBI and NSA target. one watches the speed of their recovery (as they re-home, having lost acquisition), the changes the attack style (as vulnerabilities evolve), how things vary by targeting basis, etc etc..
Then you don’t release what you have learned (since its probably highly illegal to do so!). You can train others however in core skills.
Concerning openBSD, there is NOT a encryption vulnerability. What there is – and its been in vogue to do this for 40 years – is a coding style that allows implantation – based on crafted bits in packets that induce flow paths through driver logic that enables/arms the latent SWITCHING of targetting paths. Today, this is no longer “as” focused on the OS (directly driving serial line cards), but on microcode in the ethernet-card drivers, etc