What if the devs are ordered by a US judge to include a government backdoor?

[jubalix]

Let's say the IRS wants to be able to confiscate bitcoins from tax evaders. So they go to the US courts to get this. A judge ends up ordering the bitcoin.org dev team to include a government backdoor so the IRS can take funds away from those who don't pay taxes.

The devs would be forced to comply right?

Pieter and Wladimir are not US citizens, so a US judge can't order them to do anything.

If I was ordered to insert a backdoor, I'd just resign as lead developer and find something else to work on.

But this whole scenario sounds like a paranoid delusion; has there EVER been a case where a judge has ordered a software developer to do anything other than stop distributing their software (because of some copyright or patent issue) ?

Not so sure you need to be US citizen, extradition is the favored tool theses days, even by other means, eg Assange.

Also I think that various protocols, and programs have been ordered modified by Judges, though mainly in patent suits, though this prism thing is perhaps a more pertinent example. If a program was somehow effect on national security I think Judges may order the programer change it, or face contempt. Sorta like journalist who elect to not give up their sources. They don't get to go, oh well I'm not a journalist any more, or working for this paper/story. I disagree with all of this by the way, but never underestimate how flexible the law is against the individual in the hands of the Government.

[jgarzik]

This is very relevant to this thread:

  Open-source Governance in Bitcoin
  https://freedom-to-tinker.com/blog/felten/open-source-governance-in-bitcoin/

[jubalix]

This is very relevant to this thread:

  Open-source Governance in Bitcoin
  https://freedom-to-tinker.com/blog/felten/open-source-governance-in-bitcoin/

not sure this guy understand bitcoin, eg I skim read his paper
http://www.weis2013.econinfosec.org/papers/KrollDaveyFeltenWEIS2013.pdf

as he appears to completely miss the re-target function of bit coin to make it easier to mine if hash leaves,

he also fails to make connection that specialization by asic miners does not equal distribution increase, in fact, quite the opposite ,eg now we are seeing usb miners, and one person noted that almost any heat producing need could also be mining.

more complex computer chips has been coupled with more uptake.

[jgarzik]

This is very relevant to this thread:

  Open-source Governance in Bitcoin
  https://freedom-to-tinker.com/blog/felten/open-source-governance-in-bitcoin/

not sure this guy understand bitcoin, eg I skim read his paper
http://www.weis2013.econinfosec.org/papers/KrollDaveyFeltenWEIS2013.pdf

While I agree with you on his paper, please keep that separate from his blog post, which directly addresses $subject.

[piotr_n]

call me a guy with a tinfoil hat again, but as a guy who spent a big part of his life coding C, I dare to say that it is fairly easy to sneak into such a big source code a backdoor, i.e. in a form of some exploitable stack overflow.

if the attacker is smart, it is as simple as changing one innocent character, at some place in the code he's made, to hide the actual purpose though still suggesting just a mistake.
like putting "," instead of ".", "O" instead "0" or "l" where you needed "1"... I've wrote so much code in C that I could think of tons of expressions that would actually work completely different than one thinks they do at the first sight.

this is especially dangerous when they have just included a few tens of pull requests, so no sane person is really going to go carefully through all of them.

corrupting binaries would be the most stupid way to go, since this one can be actually found quite easily, thanks to bitcoin's fine gitian building solution.

[Zeke_Vermillion]

The government doesn't need a backdoor. They can walk in the front door, ie, the open transaction ledger. Also, if a particular actor wanted to influence the course of any open-source project, he could simply join the project and contribute code (assuming some degree of subtlety in crafting pull requests, of course). The beauty of the process is that harmful contributions are weeded out, and if the worst-case scenario comes to pass, the project can be forked with a new lead developer.

[ShadowOfHarbringer]

call me a guy with a tinfoil hat again,

You are a guy in a tinfoil hat. Again.

it is as simple as changing one innocent character, at some place in the code he's made, to hide the actual purpose though still suggesting just a mistake.
like putting "," instead of ".", "O" instead "0" or "l" where you needed "1"... I've wrote so much code in C that I could think of tons of expressions that would actually work completely different than one thinks they do at the first sight.

Thanks to code analysis tools (and there are many powerful, free & extremely expensive commercial ones) plus git, such a mistake can be easily spotted.
Remember that you don't review whole code at once (large). You just review latest changes (small).

if the attacker is smart,

There are many smart (and i even dare to say: genius) people looking for backdoors in the Bitcoin code , so that wouldn't be very smart to add backdoors, even if you are a genius yourself.

[piotr_n]

I'm just saying.
feel free to get adventage of whatever tools you find useful to find it, but trust me, if I had an actual incentive and a proper access, I bet I can beat them all, starting from the most expensive ones. it's just a matter of time
people indeed is a harder part, though as I said, ppl ale subjective to different illusions that you can use in a source code.
especially those ppl who don't care, because they have such a great tools

[piotr_n]

The government doesn't need a backdoor. They can walk in the front door, ie, the open transaction ledger.

the thing is that walking in the front door each time they'd like to check is just to expensive.
plus some people have guns

[nqzdepofltr]

1. Bitcoiners would find an alternative wallet without backdooring
2. The official bitcoin wallet is open source, so one could remove the backdoor