What do you think: Is the National Security Agency legally liable for the financial loss of a U.S. citizen if she is hacked through a NSA required hardware or software back door, or an NSA required flaw in encryption?

This could make for an interesting class action lawsuit if it is provable.

Given that this is a (probably quite obscure) point of US federal law I doubt many people on this forum are in any position to give you an informed answer. You'd need to be quite a specialised type of American lawyer to be able to judge I would imagine. The opinions of random folks on the internet isn't really how the law works.

One might as well ask the same question in regard to GCHQ, FSB, DCRI, etc.

In any case, a litigant would need to convince a court that the financial loss was caused by an agency's actions, in addition to convincing a court that the agency's acted that way in the first place. Assuming, of course, that it could be held liable at all.

I find this an interesting subject for several reasons:

1) You must ask the U.S. Federal government's permission to sue it. Hurricane Katrina victims ran into this after U.S. Army Corps of Engineer contractors demolished the wrong houses in some cases.

2) If we are to believe Snowden's revelations, hardware manufacturers as well as software companies were complicit in installing backdoors in their products at the insistence of the NSA. Lavabit is already out of business for alegedly resisting this.

3) While a private individual may not have the resources to recover losses due to this, a corporation such as an auto manufacturer, bank or brokerage house certainly would. They would also posses the forensic skills for their lawyers to make a case.

4) There are already diagnostic tools becoming available that search for flaws in hardware design that can be used to expose designed-in backdoors. It is only a matter of time before these are abused.

Lavabit shutdown to avoid a legal fight over compliance with a court order. Nothing to do with hardware. Its owner had previously solicited money from the FBI in return for providing email data. (http://www.theguardian.com/technology/2013/oct/09/lavabit-metadata-log-3500-offer)

Thank you for correcting my misunderstanding of the Lavabit situation.

This is:

1. About the outcome of potential litigation under US law, and better suited for a legal discussion forum.

2. An open invitation to a heated political discussion that falls outside of our relaxed policy allowing discussion of how political events might affect the IT world.

3. Closed.