Assorted links (2026-03-01)
2026-03-01: clashes of tech and the US government.
This week, the US Department of War clashed with Anthropic over restrictions on military use, ultimately throwing them out in favor of OpenAI (see Jasmine Sun’s notes). While it feels unprecedented - and certainly some aspects of it are - I also see it as the latest installment of clashes between tech and the US government.
How can we keep these in perspective? I like to look at contemporary coverage of past clashes: not just the lookback with perfect knowledge of how everything panned out, but the loud and messy live reporting.
—
In 2016 (and almost exactly ten years ago), the FBI got a court order to force Apple to unlock the iPhone of the San Bernardino terrorist shooter.
The comments on Bruce Schneier’s related blog post give some good perspective on the pro-Apple views of the time.
Ultimately the legal battle was never resolved, as the FBI bought a zero-day vulnerability for over $1 million to bypass the relevant protections.
But not all of these battles happen in public.
In 2008, Yahoo was threatened with fines of $250,000 per day if it didn’t share metadata of Yahoo’s email users with the US government. We didn’t hear about it at the time because it was a secret court ruling, and it was only revealed by Edward Snowden’s 2013 whistleblowing on the PRISM data collection program.
Related, encrypted email service provider Lavabit chose to shut down in 2013 rather than “become complicit in crimes against the American people” - but could not share why due to a gag order. A redaction error later revealed that the government wanted to read the emails of… Edward Snowden himself.
—
And sometimes, the US government is sneakier. The DUAL_EC_DRBG cryptographic algorithm was standardized in 2006. By 2007, researchers identified a potential backdoor in the default constants that would give the creators a “skeleton key” and break its security.
There’s a history that rhymes with the S-boxes of the Data Encryption Standard (DES). These were also criticized for mysterious constants when they were standardized in 1977; but it was later revealed these S-box constants were chosen by the NSA to resist differential cryptanalysis - a technique that was not publicly known until the late 1980s.
By the way, DUAL_EC_DRBG was indeed likely backdoored, and in 2013 it was revealed that the security company RSA Security was secretly paid $10 million to make it the default algorithm in their product.
—
So if you’re confused by the current situation… that’s totally normal. Good luck!