Perhaps I'm being hard-headed here, but I don't understand the need to debate secure communications here, beyond the benefit of opening doubt in the minds of those ignorant of the underlying physical process.
This boils down to the fact (for me, and by proxy, my community) that I (and by proxy, my community) will not use insecure communication because someone or someones wants me to do so.
Shake your fist, rattle your sabres, put me in your sights, it will not change my (and by proxy, my community's) resolve.
And if I (and by proxy, my community) is to be prosecuted for using secure channels, then I (and by proxy, my community) will resort to steganography. Exact circumstances aside, there's no getting around the effects of a dedicated mind and an overwhelming power (of math) on my communications' transit.
The only means by which a paternal element can mediate the policies of my interactions would be to mediate the interface by which I (and by proxy, my community) communicate (in this case -- electronic/digital computer<->human), and enforce this with vigilant, and economically costly violence.
This matter-of-factness is similar to that in traffic stop interaction situation. I'm not happy that men with guns can systematically stop my transit, search my belongings, and steal my assets (at least in Texas), with ex post facto logic applied to the inherent justice, and I have no way of stopping this. The exact circumstances aside, there's no getting around the effects of a dedicated mind and an overwhelming power on my transit.
So I work around it, I try not to get stopped, and I deal with it when I do get stopped. I don't shake my fist or pout, beyond the benefit of opening doubt in the minds of those ignorant of the underlying physical process.
While I agree with what you've said, the problem is that the sheer majority of people are using defective-by-design webcrapps. In fact, this is what has reopened this "debate" - TLAs got used to firehose access that companies no longer want to provide because it hurts their image.
So we, as a society, are in a situation where say 95% of people's software choices are being decided politically! If they're nudged into [continuing] using backdoored software, then criminalizing the remaining few is pretty easy to do, even if it's only through lazily-enforced laws like RIPA.
But as I said I do agree with you ideologically and have to hope that as people get a clue the pendulum will swing back to secure decentralized solutions. Because even if our holy leaders dismantled the NSA (et al) tomorrow, it's only a matter of time until the same electronic panopticon catches up with us via the private sector through eg insurance policies and aggressive price discrimination.
> But as I said I do agree with you ideologically and have to hope that as people get a clue the pendulum will swing back to secure decentralized solutions.
As technology progresses, eventually at some point those in power of that panopticon can actually grab the pendulum before it swings back. That's what you really have to be afraid of: if the surveillance programs get enough of a head start on the people recognizing their own government is watching their every move, they can cause enough havoc behind the scenes that whatever the people end up getting mad amount they can give up for PR, and just continue as usual with any and all of the other programs they didn't figure out.
It's debatable where that point is. I don't think we are quite there yet, but I expect we'll get there in our median lifetimes unless the American people do more than privacy slacktivism.
I was referring to the pendulum of centralized-decentralized computing, not a general pendulum of people wanting totalitarianism/freedom.
FWIW I'm more worried about what becomes societally normal than what the government prescribes. In that sense, we need freedom-preserving software more to show people what is possible and give them alternatives, rather than to simply hide ourselves from abusive brother.
There are vast tracts of the world which cannot simply thumb their noses at government requests. Including the systems and communications concerning you, your possessions (home theft by database access and/or impersonation fraud is a thing), and intra- and inter-business communications on matters concerning you.
You and your data trail are far larger than the few direct stones you cast.
And unless and until widespread encrypted comms are the default and assumed for all, only a very, very small subset of all online comms will be encrypted.
I've been fighting this battle myself for going on 20 years. I'd like to start seeing some fucking results, beyond "HTTPS Everywhere" browser plugins installed by a small subset of users.
I have a pretty certain suspicion that this whole debate is fake. Here is why:
They already have backdoors in the hardware! The googles and apples and so on, the big companies already willingly work with them! Etc.
Apple is happy to pretend they are on the consumers side, fighting the demands, in order to roll back the damage that the Snowden revelations have done to the collaborators. In reality it is the same as before: business as usual. What does it matter even if the device is truly encrypted? They've got all your info while you were using it anyway. This way the people they don't want to have it can't get it, but they still have it.
This debate about adding backdoors, this pretending to care that backdoors are added, is nothing more than an attempt to fool you and I that they don't already have them!
This isn't to say that if they win these fake debates they won't also use such an opportunity to make illegal things like TOR and Freenet as they have made attempts to circumvent copyright protection illegal. This will be so that if secure hardware does arise, they won't have to worry much about it since the software will be illegal and already repressed and thus retarded since made illegal.
Obviously on this topic (and many others), you can't expect everyone in the government to have the same interest in secure communications that we have. However, this conversation worries me. It appears that the EFF and Access Now talked extensively about their position. According to them they called the debate on the topic "laughable". Which is true but...
The response was: "While they seemed well aware of our concerns about the technical infeasibility of inserting backdoors, they didn’t necessarily share them." In other words, the White House was already aware of the EFF's position -- so the talking at length will not result in the White House having any new insights.
If you believe that negotiation with the other side will be fruitful you need to find out what you need to say to make the other side understand. "Your position is laughable" followed by a repetition of something they are already ignoring is not going to help.
I would much rather the EFF had a conversation with the White House and said absolutely nothing. I'd love it if the EFF's report of the conversation consisted of a list of misconceptions that the white house has about encryption and a strategy for correcting those misconceptions. Right now their strategy seems to be, "Write in and tell them how stupid they are". While it might be true, it's not going to change any minds.
So my question: Why does the White House not share the concern about the technical infeasibility of inserting backdoors? Have they been told otherwise by someone they trust more? If so, why do they trust the other party more? Are they just closing their eyes and hoping that science will eventually triumph? In either case, how do we educate them otherwise? Is there some way to demonstrate the infeasibility in a way that will attract their attention?
I'm happy the EFF exists, but this seems to have been a giant waste of an opportunity (We complained very loudly and they politely ignored us).
Getting Obama to understand doesn't really matter though at this point. The power is in congress and the supreme court. Laws are passed by congress then either overturned or ruled just by the supreme court it seems like lately. While the role of president looms large as the next one will likely appoint a new member or two to the bench, the current president will have no real say in the encryption battles. This seems more like a moral victory for the EFF and a face saving one for Obama and his legacy and wont really affect any change.
Couldn't the Whitehouse just find some 200 year old law that sounds like it applies to encryption, and issue an executive order?
From the sound of it, they want to keep any sort of draconian measures as quiet as possible, and that'd probably be the quietest way to do it - especially now. The Obama administration said they'd clarify their stance on encryption "by the holidays".
They would if they wanted to but they don't. The FBI really thinks that the WH fucked them on this issue with Obama's statement a couple of months ago so I doubt he will go further on this. Hillary Clinton has already hinted that online companies should open up to law enforcement and Trump has gone even further than that so it's not looking good in that respect. The federal courts and the supreme court are a sucker for natsec so it's not looking very good.
I don't understand why this form provided by the White House seeks comment from US residents only, as this debate and the result will affect not only the US but users of American services across the globe. As an Australian I would like to contribute to this debate as it will have a significant effect on my life and work regardless of physical location.
You might not have noticed, but nations actually only have to show lip service to serving their own citizens, not everyone on the planet. You don't get to have a hand in the US elections either for similar reasons, though you could claim it would have an effect on much more than just the US population.
For a while after Snowden's leaks were first beginning to be published, the US Governement position on the issue was something like "stop whining about PRISM, we are only doing blanket surveillance of foreigners". They have since stopped saying that, perhaps because the companies involved in PRISM complained that they were scaring away their customers.
This boils down to the fact (for me, and by proxy, my community) that I (and by proxy, my community) will not use insecure communication because someone or someones wants me to do so.
Shake your fist, rattle your sabres, put me in your sights, it will not change my (and by proxy, my community's) resolve.
And if I (and by proxy, my community) is to be prosecuted for using secure channels, then I (and by proxy, my community) will resort to steganography. Exact circumstances aside, there's no getting around the effects of a dedicated mind and an overwhelming power (of math) on my communications' transit.
The only means by which a paternal element can mediate the policies of my interactions would be to mediate the interface by which I (and by proxy, my community) communicate (in this case -- electronic/digital computer<->human), and enforce this with vigilant, and economically costly violence.
This matter-of-factness is similar to that in traffic stop interaction situation. I'm not happy that men with guns can systematically stop my transit, search my belongings, and steal my assets (at least in Texas), with ex post facto logic applied to the inherent justice, and I have no way of stopping this. The exact circumstances aside, there's no getting around the effects of a dedicated mind and an overwhelming power on my transit.
So I work around it, I try not to get stopped, and I deal with it when I do get stopped. I don't shake my fist or pout, beyond the benefit of opening doubt in the minds of those ignorant of the underlying physical process.