Yes. BUT a hypothetical TLA knows that. They don’t even need to torture you. Do you have loved ones? Friends? Family? They don’t even need to torture them, they just need to promise you that they make their lives as miserable as possible. Your own pain threshold is something completely different than inflecting something like that on others. Of course they still can’t force you give out a password - Just for most people the option of potential Jail time is the better option.
So, theoretically you can’t be forced to give out a password, but practically everybody’s vulnerable. Kind of reminds one of Mob tactics, doesn’t it?
Most people aren’t willing to go that far.
They do, but not because of some moral values.
Having people know about their doings works against them in many ways. If they have a reputation for being immoral(or corrupt, etc.) makes it way harder for them to stay unnoticed, recruit new people(This is a real issue, BTW!), get net budged requests through, etc.
Now, getting press to be on your side, that is the real issue here. And you can’t plan on that, which kind of makes my point mood.
Criminals don’t have it easier in general. TLAs have the infrastructure, the knowledge, the will, and the history.
I meant specifically the give-me-your-password-at-gunpoint thing.
It’s not. If somebody had physical access to your machine you lost. No anti-tamper hardware is going to protect you effectively.
Booby traps can only work if your adversary does not know about them.
Same goes for self-destroying hard drives etc. - Did you know you can buy NAND flash with built-in gunpowder? Still won’t protect you though.
The sophistication of possible attacks is just to high if you assume a TLA really wants to get you. Crypto keys in RAM? Secure enclave? They’ll bore a whole in the lid of your RAM/CPU, pour liquid nitrogen in it, pull the power, and analyze the keys with a Scanning electron microscope. Seriously, attacks like that have been demonstrated.
Not an FBI agent, sadly(Or any glowie, for that matter). They would get paid to write this stuff
Just don’t trust me more than I trust you.
Your device should be trusted, that is the baseline for good opsec
No. You have to interact with a lot of systems that are potentially compromised. Ever wrote an email, forum post, or gotten money from an ATM? There are so many computers in these kinds of systems, I can’t tell you if one of them might be compromised.
Of course potentially is the key here, if you find TLA malware(You’ve got a good eye… ) of course you should get rid of the device, but probably not before talking to a lawyer.
My point is, before you use a device for anything, but especially compromising things, make sure you would know the impact of the compromise. If all you do is watch pr0n and netflix(The lonely version of netflix and chill) you don’t need to worry much.
If you’re a crypto gazillionaire accessing a large fund of money, I’d think twice about accessing my funds, even if I had a device that I mostly trust.
The problem really is that there is no such thing as perfect security.
The person that can and has read and deeply understood every line of code, every transistor on a chip, and every system that interacts with any of that doesn’t exist. If you claim you do, you’re either some hyper-intelligent super-AI, or you’re plain wrong.
If you want to do secure things on a computer, NEVER ASSUME PERFECT SECURITY.