http://en.wikipedia.org/wiki/Perfect_forward_secrecy

It is said that the goal of cryptography is to make the attacker resort to rubber-hose cryptanalysis, revealing their intentions. In those cases, the best you can hope for is plausible deniability, i.e. decrypt some part of the cipher showing something embarrassing but not illegal, and hope that they think that was all that was there. Actually that's what TrueCrypt provides with its "secret encrypted volume". However, there are some tests for randomness (http://en.wikipedia.org/wiki/Randomness_tests) like the chi-squared test which can detect/identify many such encryption schemes if the size is large enough.

In short ... it's an arms race. Your best bet is Steganography (http://en.wikipedia.org/wiki/Steganography) which has been around for centuries. Just write messages where no one suspects. You can encrypt them with PFS and plausible deniability for best effect.

For more information, see "Is it possible to distinguish a securely-encrypted ciphertext from random noise?" at http://crypto.stackexchange.com/q/1646/2454

That would be an insane scenario.

(I am not a serious cryptographer)

There is literally no way to keep a conversation secret if one of the parties involved is compromised, because you're talking to a compromised party!

A snooping agency holding the private key of, say, Google would still need to intercept each connection and act as a man in the middle. Simply knowing the RSA key (either beforehand or afterwards) is not enough to decrypt PFS sessions.

*edit: Google would still be able to collect and hand over all session keys ever used to communicate with them. The NSA might then use those session keys to decrypt any corresponding session.

This. If you're so unshakably convinced that a government full of people you vote for every four years is never going to work in your interests, you have serious problems.

People work in their own interest (however they may define that). Working in the interests of those that elect them is just a hopeful side effect of the democratic process.

The number of non-elected officials is vastly larger than the few thousand elected officials people vote for.

Not that governments (and other bureaucratic bodies) never work in your interests. They always work in their own interests, and among these are self-perpetuation and grabbing more power. But as long as their other interests are aligned with yours, they could throw all their power at your cause. Should your interests diverge... well, good luck.

You mean a government full of people I vote against every four years, right? I actually don't vote any more, but back when I did, the people I voted for were never the ones who won the election. (At least not at the national level. There might have been a local one, though not any I can recall offhand.)

But even if my favored candidate had ever won, there are good public choice reasons to think the system as a whole would resist serving my interests ahead of its own. We have a "government by the government, for the government" - a vast barnacle feeding off the economy, trying to take as many resources as it can without killing the host.

"If you [1] are so unshakably convinced that a government full of people you [2] vote for every four years is never going to work in your [3] interests, you [4] have serious problems."

1. the person reading this

2. the majority of voters in your country, which the person reading this is only likely to be a part of about 50% of the time at best, in the US

3. the person reading this

4. the person reading this

Looking at just US presidential elections, people who vote straight Republican or Democrat will have been in the majority at least some of the time, but someone voting their conscience without regard to party has a fair chance of having been in the minority most of the time.

Another problem is that voting gives an individual neither control over nor responsibility for anything that the elect do. Look at all the Bush voters outraged about what happened during that administration (either Bush, actually), and all the Obama voters currently outraged about current administration activities.

As in those "get the government out of my medicare" signs that were seen in the US.

(Cue the "blah blah markets can do it blah blah" responses - no, I'm sorry, but even economists disagree with you.)

Using these services because there's no practical way not to is just the reality of our system. Taking a few scraps from your masters to survive does not mean you agree with your chains.

And I don't have any proposals for how those services will be provided. People will just figure it out and create solutions organically, as they have for numerous other problems throughout history. We didn't need to know how cotton would be picked before we abolished slavery.

In many European countries there's been a history of oppression and a state controlled press that spouts untruths, which makes people quite skeptical and untrusting of governments. Indeed, some countries still have this or a notionally free press that's hampered through other means.

There's an almost brave new world-like contrast in the US whereby having the illusion of a free press and free democracy has lead many Americans to believe they're free, even though they're supporting things that work against them collectively.

I'm not bashing America, there are many free-thinking Americans (on this site especially) and there are many non-free-thinking Europeans, I'm just trying to highlight some of the differences.

2) The United States Found Fathers pretty much all warned (and every child is taught in school) that the government should not be trusted (at least not with that much power).

Its astonishing that most American's allowed their government to become so over baring. If anyone read a couple history books as a child or young adult they would understand that one of the greatest concern for many of the nations leaders was the government become tyrannical. If it is a "peculiar American" trait, it comes from the literature, ideology, and moral fortitude of the original founders of the culture/nation.

I, for one, rely on my government to perform all those vital, but tragically under-appreciated services done selflessly and at great sacrifice, and all for the public good. Our top Whitehall mandarins do so much to pre^H^H^Hdeserve their salaries.

The fabulous residences for the ambassadors, senior diplomats and other political appointees -- all those social events on the diplomatic circuit -- absolutely essential for our collective well-being. The unending sole-supplier cost-plus contracts given to the private contractors with the largest revolving door -- where would the nation be without them? The quangos and consultants, lobbyists and contractors -- our newly publicly-owned financial industry - the whole system -- not to mention the only middle class that we have left -- would suffer so very terribly without the kind patronage of a friendly state to steward and protect them.

/sarcasm

Why is the default assumption by Statists that if the government won't rule us, corporations will?

A novel concept that people may want to attempt to grasp is that there could be no rulers, and as such, there's no need to make up a fictitious "new ruler".

It seems to me that the fastest way to evaluate this idea is to look at how an organization is propelled to statehood in the first place. If incentive structures support states, they will exist.

Why is the default assumption by libertarians that if the government is brought down, human nature will suddenly, completely change?

How charmingly naive!

I don't know that people have needed a ruler at many times in history, but there has always been one. A power vacuum almost always results in war, revolution almost always results in war... basically humans like war and leaders. I don't think that will ever go away. We're tribal animals.

Even if people don't need a ruler, leaders will arise, and some of them will recruit violent men to force their will on others, growing into warlords. Factions will fight each other, people will die.

Better, IMHO, to have a codified power structure that seeks to eliminate or at least mitigate these flaws.

"It seems to me that the fastest way to evaluate this idea is to look at how an organization is propelled to statehood in the first place. If incentive structures support states, they will exist."

Since government is the current default, the onus is on you to prove that the incentive structures that select for statehood have changed in a significant way. (Or that they are going to change or could be changed.)

I'm not of the faith that says that p2p or crypto currencies are necessarily a good thing. I, personally, think it's a good thing that democratic governments can exert control over fiat currency in order to attempt to mitigate economic disasters. I certainly don't think that the (for example) bitcoin model is a good one.

>> and encrypting their communications

I'm not really sure what this has to do with governments or control. I don't think democratic social order necessarily depends upon being able to surveil everyone, it's just a trap that the current bunch have fallen into.

>> production structure not suffering from possibility of monopolism

I'm not really sure what you mean here either, but it's hard to forsee a state in which monopolies are somehow impossible, or how the lack of them would imply the lack of need for government.

>> how will the government exercise their control?

In much the same way they do now, by the majority of us granting a democratic government a monopoly on the use of force. I'm not sure what bearing the form of currency, or encrypted comms, or even a utopian ideal of monopolistic impossibility have on this.

--edit-- Please do not take this as me saying either that I think the way governments have handled currency is good, or the way they do ... pretty much anything is all totally awesome. Far from it.

--edit 2-- The use of language is interesting here. Correct me if I'm wrong, but you see government as the external imposition of control on to otherwise free citizens? I see it as (at its best) free citizens banding together to achieve collective goals and prevent the worst of human nature overtaking us. The rhetoric and the social measures that come from government in this day and age are pretty abhorrent, but collective defence, roadbuilding, education etc are (to me) vital and useful functions.

Did you, as an uncoerced free man, ever swear an oath of fealty to the US government? (The pledge of allegiance doesn't count.) Did your parents? Did their parents? Did their parents? Has anyone?

Anybody who may have elected to be governed by the United States is now dead, and the chances are good that you're not even related to them by blood. The vast majority of people who have lived under some form of government in their lives almost certainly did not choose to.

EDIT: Unless they immigrated. Forgot about that option. If you immigrated to the United States, you are exempt from this thought experiment.

But not totally, because you probably weren't stateless when you did.

What about sending his group of followers door to door shooting people who don't acknowledge that he is the leader?

It is interesting and fortunate that the NSA/GCHQ scandal was still bubbling away as a news item when the story broke about the UK government's moralizing censorship crusade. Viewing these two stories through the lens of my (inevitably dim) perspective on human nature has led me to some unsurprisingly depressing conclusions. (Apologies for the cross-posting):

You might not always get what you want, but the converse is more frequently true. For example, positions of power and authority tend to be occupied by the sort of person who actively seeks out greater power and authority. In contrast, those with no real desire to dominate and control others neither seek nor achieve power. As a result, our elite political, legal and corporate offices are inevitably dominated by an elitist, authoritarian culture and mindset. For as long as we allow people to self-select, even implicitly, there is nothing we can do to prevent this.

The authoritarian mind is characterised by a desire to dominate and control others. The more invasive, disruptive and widespread the control, the more satisfying it is to the authoritarian, and the greater the validation of their elite status.

Sex; particularly issues of sexual morality; are behavioural characteristics that are tremendously intimate, personal and difficult to rationalise/control. It is this very intimacy that makes the exertion of control over sexual behaviour so very compelling: Control over sexual behaviour is like crack cocaine to the authoritarian mind.

Time and time again throughout history, those in power have sought to control the sexual behaviour of their subjects, a motive that is exactly equivalent to the alpha male in the pack controlling access to the harem, and reminding all the beta males of their status by rubbing their noses in their inability to mate.

Technology is a lever - it gives increased power to those who wield it. Modern technology is already enabling those in power to gain greater control over their subjects. It is inevitable that technology will embed itself ever more intimately in our lives, and it is inevitable that this technology will be used by the alpha males in our society to exert their domination and suppression over the rest of the population - to mock, to belittle and to abuse those who are not in power.

Basically, as technology becomes more powerful, and exerts a greater influence over our lives, the humiliating and belittling reminders of our subservient role in society will become more and more pervasive ... and there is nothing that we can do about it.

The existence of the state - and the forceful dominance of one group over another - has always been the moral equivalent of rape - but the power of the state has always been diluted to such an extent that we have been able to persist in the illusion of freedom and self-determination. Technology is ending this dilution, and the truth of our subservient relationship to the state will forcefully re-assert itself in our everyday lives.

Do you want to run the country? Do you think you have the time to run every aspect of the country? If you don't, then you need to delegate the authority to run those things to others. And then the people who are doing those jobs become the rulers in those areas.

And those areas are going to have to work together, at which point you get hierarchies and people similar to managers and fairly rapidly you end up with what we'd call a government.

If you believe there's a better way to run things, then start a company that works in a more egalitarian manner and scale it. As I understand it though, companies that work even vaguely like that have never scaled well beyond a few hundred people at most - i.e. Dunbar's number.

If you want to solve the problem of people needing a government there are serious questions about complexity and conscientiousness (do people even want to run their own affairs?) and how people are meant to work together when they can't know everything about all the areas they'd have to oversee without empowering others even if they just did that as their full time job.

So, my answer to why do I think people need rulers is, essentially, that equality doesn't seem to scale well to the sorts of problems that a country would have to address at the moment - and, implicitly, that anywhere that decides not to be a country anymore is going to get walked all over by anyone that decides to still be a country.

Prepare for a change in how we use it, not for its death.

Am I being paranoid? Someone sensible please dilute my paranoia.

Best plan may be to create a small encrypted partition, and put some data on it, so you can give them the passphrase when asked.

Don't forget the passphrase!

One way or another, you're going to be relying on reasonable doubt in the end.

This sounds more like certificates are broken than public key crypto.

Yes they can come to me for my private key, but that's a different issue, then at least they're coming to me and not going to some intermediary "trusted party".

This story has exactly zero effects if you use some public-key system with different key management.

On the negative side, good systems don't really exist. On the plus side, this story might help push the development of good systems.

My business data lives in Amsterdam (Azure EU West), critical services we use are based in Europe. At least in my case I couldn't care less if the big US companies handed out SSL keys.

Even then, if the US would be to access EU-hosted data, with no real justification, the EU will not take that kindly. Especially private data.

Assuming the right tech is developed and deployed, this is going to be far better for everyone in a few years. Yes, it will be shitty for a year or two, but by 2020, if we actually have real technical security, it will improve security and trust for end users. Rather than "trust us", it will be "trust us, because...".

Just keep in mind that government operates basically on an unlimited budget and has access to a wide range of harassment opportunities for non compliance in matters like these. This fact alone will keep them at least at a dead level with potential counter measures.

Insiders (like Snowden and Manning, ironically) are one of the biggest threats. Being attacked by non-USG outsiders is a major threat ("hackers", state sponsored or not). Your business partners being hacked, or having lax security, is another threat. USG is probably near the bottom of the list of actual threats for most people, in terms of frequency; they just have the most amazing resources.

If the "evil NSA boogeyman" is enough to get people to finally care about security, that's great. It's like people preparing for zombies by buying water, freeze dried food, radios, shotguns, etc., when in fact they're at the same time preparing for the far more likely earthquake or civil insurrection.

They're a threat to those who like running a Surveillance State, not to the average citizen.

I don't think there's any chance of this coming to the internet though. There are just too much uses for encryption besides conspiring for terrorist attacks.

The solution is to develop protocols which use crypto but use a public key for now.

A, the old "let's use technology to solve a political issue" idea.

Sadly, it does not work. For one, the government has all the technology available for it too, including dedicated, full-time paid researchers.

Second, they can outlaw any of those things at whim.

For example, we could deprecate and eventually disallow TLS ciphersuites that don't provide forward secrecy, just like we did with single-DES, the NULL cipher, and "anonymous" (unauthenticated) encryption modes.

If I send my aunt a letter, I am assured that unless there is a warrant, my letter to her will not be read by my government. She doesn't live in my country though, and her country gives no such assurances. More-so, even if it did, I would have no particular reason to trust her government. On that note, what if I don't trust my government?

Instead of sending her a regular letter, thanks to technology I have the option of mailing her a message encrypted with her PGP public key. Now I have to trust that my government will not beat me with a wrench or compromise my computer to gain access to the pre-encrypted letter (if I posses it), I have to trust her government to not beat her with a wrench or break into her computer, and I have to trust our governments to not outlaw PGP.

So which is preferable, finding political solutions to the "my aunt and I are being beaten with wrenches" problem, or finding political solutions to the "my letters are secretly being read without our knowledge" problem? I assert the former is preferable. Beating people with wrenches is a far more extreme action, it is easier to trust governments not to do something that is more extreme.

All of the problems with technical solutions are ultimately political problems. You can either abandon all technical solutions and only go for political solutions, or you can find political solutions to the shortcomings to technical solutions. Technical and political solutions complement each other, providing assurances that the other cannot. Both need to be pursued.

Don't want the government to read your mail? Encrypt it. Don't want your government to ban that? Lobby your position.

In a small way, yes, but in the long run, politics trumps technology.

You could achieve privacy from the government if you solved the political issues.

But the reverse is not true: if you had the perfect technological solution, they could make using the solution illegal -- including doing away with plausible deniability, even if the technological scheme provides it.

Or, if the government goes totally south, they could fuck you in other ways, making the technological solution totally irrelevant. E.g they could put you in a concentration camp. Where's your tech now?

>Beating people with wrenches is a far more extreme action, it is easier to trust governments not to do something that is more extreme.

Only if you leave in a western democracy (and are not a dissident, activist, or of any concern to the law).

In any other country , trusting the government not to do the extreme is not really that obvious. Heck, even in Western Europe, there have been 3 active millitary dictatorships during the last 40 years (and this is not even counting Eastern European countries, stasi and such).

The US is far from that stage right now. NSA is developing absurdly overpowered capabilities, but is actually using them in a relatively constrained way, at least so far -- they are not being used for even high level criminal cases or really anything except actual terrorism. The problem is exactly the same technology could be used with a change of administration for political repression, domestic criminal enforcement, or whatever.

Since terrorism is maybe 1k people with any connection to the US per year, it's pretty easy to justify deploying privacy enhancing technologies to the remaining 300 million people, and there wouldn't be a politically feasible way to stop it. The battleground would be any extension of CALEA to pure-Internet companies, or worse, to end user technologies. Unless that happens, there's not much to fear in deploying technology overall, although in certain verticals (finance, with various FinCEN/AML requirements), additional regulations apply.

What you are saying essentially boils down to "Don't waste your time with PGP because they could just stick you in a concentration camp." Being stuck in a concentration camp is a problem that needs a political solution (or in that particular extreme case, a violent solution...), so strive for one. Nobody is suggesting that everyone abstain from finding political solutions to political problems.

All the problems you seem to have with technical solutions are things that can be solved with political solutions. If you are advocating the possibility and pursuit of political solutions, as you seem to be doing, then why do you think the problems with technical solutions insurmountable?

Here is my proposal: Everybody use cryptography everywhere, to the full extent that we can manage. We then find political solutions to the political or physical threats to cryptography. If they try to ban cryptography, we fight back politically. If they start beating people with wrenches, we fight back politically. If they try to throw us in camps, we fight back politically (...and violently...).

There is absolutely no reason not to adopt technological solutions where they exist.

At this point, I'm thankful that we have Free Software. With access to the source code, forcing the insertion of a backdoor is futile, since somebody else will fork and remove it. With Free Software, we'll still be capable of running our own encryption in a way that government intrusion will still be detectable by ourselves.

Unless, of course, governments then ban communication about backdoors, or instructions on removing them, or distributing source code altogether.

MIT/BSD are fully supported by the FSF and are GPL compliant. They are free software licenses in all aspects.

To be clear, GPL compliance is not a prerequisite to being a free software license. There exist many free software licenses which are not technically GPL compliant for various reasons: http://www.gnu.org/licenses/license-list.html#GPLIncompatibl...

However, while freedom does not imply GPL compliance, I do believe GPL compliance implies freedom. I'm not 100% certain of this, but I can't think of a counterexample or how that might not be true.

(I know you probably know this, but I want to make sure others reading your comment do too).

The cheklist for Open Source software can be found here: http://opensource.org/docs/osd. They are slightly different but in practice, most (if not all) free software licenses are also open source licenses and vice versa.

Me too, which is why I'm worried about hardware. With enough effort, literally anyone can decide not to trust a binary and check the source. Unfortunately, the same cannot be said for hardware: you can't print your own microchips.

Even people running a "fully" open source OS are affected.

Not even the Ubuntu phone will help this problem for which there is no end in site.

This is off topic, but it's high time we open source cellular radio drivers.

It describes a way to passively/non-intrusively ("invisible to the server") capture and analyze all network traffic using a cable-tap.

Bottom of column 8: "In order to accomplish decryption in a timely manner the secure traffic decryption unit needs the private key of the server. Usually providing the server's private key to another device would be considered a security flaw, since private keys are not meant to be communicated to any other party. But since it may be assumed that usually the server's owner or operator will use the present invention to monitor his/her own server, providing the server's private key to the secure traffic decryption unit does not pose significant security risks."

All it takes is one leak of this data to throw the entire idea "gimme your private key" requests into the domain of F###ing horrible ideas.

Although the same heeds of danger did not suffice in the early 20th century, we are facing the same mechanics that led to the world war. We are at a nexus of an ugly transition into the consequences of the information age the same way that humanity would ultimately face demise at the nexus of the consequences of industrialization leading up to the World War, first and second part.

The problem is a generational one; the baby boomer generation, with it's industrial age mindset is incapable from internalizing the consequences of their unprincipled actions.

As we always did. But let me correct you "the first thing we're gonna use it for is grabbing as much power as we can, which involves killing as many people as we can before they kill us, as they have the unfortunate tendency to resist".

Consider:

"Oh hey ma, the damned government is demanding public SSL keys, that means they can grab the data between your computer screen, and [insert popular services] servers"

vs

"Err, ma. The government has just announced they're now going to be reading peoples minds wherever and whenever you are."

I'm sure one would illicit a much more active response, and as ever, its down to full understanding.

I think there's an implicit but rarely stated understanding - in silicon valley in particular - that there's value beyond traditional monetary capital in collecting and storing personalized information about individuals, groups, and organizations - i.e. security, profiling, recruitment and research value.

Background checks for hires, selection and identification of possible good candidates for roles, psychological profiles, etc could all - theoretically - be extracted given enough information. For now it is - allegedly - being used purely to identify and track bad elements, but these dubious 'values' exist in the data regardless (and, notably, also for attackers).

Knowing the intent of individuals and what they plan to do would clearly be massively valuable as well - PKD 'pre-crime' springs to mind, and I think Eric Schmidt was strongly signalling to the world that Google is hunting this value aggressively during this 2010 interview:

http://www.businessinsider.com/eric-schmidt-we-know-where-yo...

As connectivity spreads and devices become closer to our biological selves, this is only going to become more accurate - and thus more powerful and controlling for anyone with the ability to use and see the data.

The real questions I have are: how accurate are these predictions really (is Google anywhere near as advanced as their public statements would have us believe?), and how many organized criminals / terrorists will in their right minds continue to use these services, extrapolating, as they must, about these directions as well. With the current silicon valley mindset, the technologies to support all this infrastructure will be pursued even if for reasons of pure capital - they all align perfectly with valid use cases in the advertising, sales and marketing realms. (see: intent analysis)

I think there is a dream of purely computerized security based on 'enough' global buy-in to US-based services, aligned with sufficient communications interception. For example, if 70% of the world uses US services for communications, perhaps that is enough to identify suspicious holes/gaps/anomalies in social networks - as well as simpler patterns of criminal behaviour within the covered communications - and thus anticipate problems.

But whether this is near a reality, and whether the ones who suffer on aggregate are {citizens/residents} or {organized crime, terrorists} I think is very unclear without transparent statistics on coverage / actual crime preventions / etc. I would guess that the NSA, GCHQ, Facebook, Google et al are not there yet, but what they have done is create an arms race where if they do not follow-through, others elsewhere may do - and thus it has become a matter of national security (in terms of supremacy of the allies) after all.

Frankly I would question given the financial crisis whether they are even hunting the right targets, but direction is presumably still set from a political and defence angle as opposed to overall public good.

Given that other nations are likely now following in these same footsteps, I think it is extremely important that the US sets good precedents, because others will take their lead. And to make a parallel with the cold war, it seems like resolution of this kind of arms race would need co-ordination and agreement with other international spy agencies - after all, the volumes and value of the data/analysis they are storing is presumably as potentially destabilizing to international safety as nuclear stockpiling is.

It's frequently annoying if you've already made the purchase / decided not to, but it's a marketing ROI 'hack' in that the users who are being shown these adverts have already previously expressed some interest in them.

Even if 50% of users aren't interested any more or bought the product, the remaining 50% are still 'well qualified' -- i.e. known relevant -- and so showing the content again to them is more likely to result in sales, and so is 'cheaper' for the advertiser than targeting otherwise-unknown users. It's better for the ad network as well since their customers (the advertisers) will get better results.

Intent mining is really more about analyzing what people are saying online (or, equally, the text they're entering via search engines) and working out what they are intending to do - are they looking to purchase a camera, or are they looking for information about a business?

The two aren't completely separate - remarketing combined with intent mining could presumably have some interesting results (we've seen you were investigating shoes yesterday, and you're travelling to a mall - I'll show you some adverts from shoe stores there), but they're slightly logically different.

They clearly aren't.

Emmm, it's the business interests that ask for those kind of things. You think the politicians operate on a vacuum?

The idea is to get a stable climate where the business interests (multinationals and such) can do as they please, and citizens are afraid.

For one, I wasn't speaking of those kind of business interests. Those companies are complicit in doing it, not those that benefit most from it. It's finance, infrastructure, industry, oil, millitary, etc.

Second, it's not like a CEO goes and asks his senator about it. It's an emergent consensus, developing from lobbies, campaign financing, policy meetings with the "giant of industry", think tank meetings, policy advisors etc, about what's best for the continuation of the status quo, keeping the people quiet, squashing dissidents and labour demands, the improvement of the country's diplomatic might (which acts as a multiplier for business interests inside the country), etc.

From a PR standpoint, whether you are for or against the NSA program, you absolutely have to oppose it as an online multinational business.

I'm from India and when I heard that the Indian government was asking Blackberry for its encryption keys I thought "Hah these people are so ignorant! They don't even know how public key encryption works!!". In hindsight it doesn't look very foolish. In fact they're openly building a surveillance system called CMS which has no checks and balances even on paper. Unfortunately in a country like ours with has so many other pressing issues it isn't a big deal yet.

Recently some governments tried to orchestrate a power grab of the internet via the ITU but it was vetoed by the US. "Its better to let the US govt. have a monopoly on the internet", or so I thought. What with all their constitutional protections and all. Recent developments have shattered my hopes.

The NSA's worst case scenario has already happened. Other than some modest outrage on the internet nothing much has changed. In a sense it shows a tacit acceptance of mass surveillance by most of the public. Hence my opinion that recent events mark a turning point.

With noone having the moral high ground its quite likely that all world governments and corporations are soon going to come to an agreement on permanent mass surveillance . What then ?

Yes, this is the thing that worries me the most. It may very well be the beginning of the end of the "multi-stakeholder model" of internet governance. There's no one left with any kind of moral high ground to fight off these attempts.

If you send traffic unencrypted: 'You have no expectation of privacy, because you're broadcasting information publicly.'

Turn on encryption: 'Clearly you have something to hide, and deserve additional scrutiny. It's still not a fourth amendment violation because we are just compelling a business to give us your keys'

Clearly its also ok for the police to search your apartment at any time as well. You don't own your apartment, an apartment corporation does, so its clearly not a 4th amendment violation

    A man living modestly must be saving money and could
    therefore afford taxes, whereas if he was living
    extravagantly then he was obviously rich and could
    still afford them.

Let's sue for the violation of our company's 4th amendment rights.

I'm not really trying to be snide, but it really is an issue that's been sort of hanging around since the before I was born (1980s), who's going to control the internet and how, and whoever does is probably going to have a lot of power

Why make this disclaimer? To avoid being branded a fringe anarchist?

It seems to me that we should absolutely be building intercept-proof communication privacy to the best of our ability since A) there's no such thing as perfect security and B) anything of importance eventually comes into contact with the real world where governments have immense power and don't need backdoors to do their job.

Snowden has gotten a lot more international coverage.

When they regurgitate the content of a government press release or briefing without challenging both its basic premises and noteworthy claims, which they all do every single day, many times a day, the popular news media perfectly inhabits the role of "government mouthpiece". This includes the many instances of on-the-one-hand-on-the-other press-release ping-pong between the two allegedly opposed narratives provided by our two allegedly opposed political parties.

"to be the first to broadcast or distribute the story of an event."[1]

Snowden provided the information, the media absolutely broke the story.

[1] http://idioms.thefreedictionary.com/break+a+story

Aware and concerned tech-heads are trying to protect a drunken fool (the public) from a hungry bear (whoever it is that actually runs the intelligence networks). Either one is dangerous enough on its own, trying to save one from the other is like trying to settle a domestic dispute... not sure it can happen.

I don't have an answer, just an analysis.

What self-important, self-aggrandizing bullshit.

Of course if it was just to feel good about calling out idiocy then it's not necessary to put in much effort countering it.

Nobody is guilty.

Nobody did anything wrong.

And money to the program continues to flow.

>Nobody did anything wrong.

True and true. If I am not mistaken, What we've witnessed from James Clapper and General Alexander, it is legal for representatives from our federal surveillance agencies to openly lie in a Congressional oversight hearing.

This of course, if fact, is insane, and will only lead into extralegal catastrophe. Learn to read and reread `Clapperspeak'. When you look for it and know a little context, we see how entrenched and truthfully revealing it is:

"And Ye Shall Know the Truth, and the Truth Shall Make You Free"

- John 8:32, and the entrances of NSA, Fort Meade, Maryland, and the CIA HQ, Langley, VA

"Arbeit macht frei"

-Auschwitz, and the entrances of other Nazi slave labor camps during World War II

The law is now "in your face" optional, depending on how much money and/or power is involved. Power has always had undue influence, it is just flagrant now.

From what I read, this is fairly common among many countries, so I take it as part of the "human condition."

Tens of thousands of people called their congresspeople on a day's notice to express their support for the Amash Amendement. That amendment lost by only 12 votes. A large majority of people polled think that the NSA dragnet is infringing on privacy rights. I think that's pretty good for a notoriously apathetic populace. This issue is far from over.

The fact that Snowden may be a larger-than-normal individual news story doesn't change the fact that the story doesn't capture public attention in the face of the multitudes of other news stories continually cropping up and then going away again.

Look, if you hang with the hipsters who "consume" better media, then sure, you won't have any clue what the vast majority of the public cares about. It's not surveillance. It's whatever mass opiate has been focus-grouped out for the week.

In the meantime, though, that mass opiate is mainlined into every public space in the land on countless television monitors in essentially every place where a person has to spend more than 30 seconds. They've got no time to think about the future - they've got to be outraged about this week's 15-minute hate, or admire this week's baby, or fear this week's terrorist.

You may simply not visit those downscale places. Good on you. But Washington really doesn't care, except to the extent that you earn more money they can extract or possibly build more centralized data processing services they can mine.

Depending on what polls you read, a majority of Americans think the NSA policy is acceptable: http://www.washingtonpost.com/politics/most-americans-suppor.... ("Overall, 56 percent of Americans consider the NSA’s accessing of telephone call records of millions of Americans through secret court orders 'acceptable,' while 41 percent call the practice 'unacceptable.')

The real news here is that Congress reacted more strongly than the public!

In fact, people don't "do something" because they estimate, rightly or wrongly, that they can't do anything that would make a difference. Millions worldwide protested the current US wars when they were getting started, but they went ahead on schedule. What, exactly, can citizens do to effectively influence their government anymore? If people perceive that rule of law is gone, the rational reaction is to "lie low" and hope to get thru these times unnoticed. Those still contacting congress may be old enough to remember a different USA and naive enough to not realize it is gone.

The whole PRISM scheme worked because people supposed the government respected their privacy. Now that it's been proven false, I expect people to use local encryption schemes, were third parties can't give a key they don't have. I expect people to become careful about which certification authority signed their SSL key, and to use self-signed certificates whenever practical. Targeted spying will remain possible, but indiscriminate surveillance PRISM-style would become impractical.

Unless they know how to crack TLS, but we have no reason to believe this as of today.

I agree with you, but I think you have far too much faith in ordinary Americans. I invented some widely used anti-phishing technology, and I can tell you that spending a few months analyzing actual incidents where otherwise intelligent people did ridiculously unsafe things on the Internet will give you a new perspective on the tech savvy of the general population. Unless we (the tech community) make strong security both transparent to the user and enabled by default, the feds will be seeing everything they do. Sadly, most of them seem OK with that.

Moreover, even if only the 10% best informed people use PRISM-proof communications, it's a safe bet that NSA's alleged targets (whatever the current definition of "terrorist" might be) are among them, so the argument that they're doing that to catch "terrorists" doesn't hold water anymore.

I believe the tech community is concerned about this, because it threatens the robustness of Internet. Today, nobody in the business can pretend with a straight face that top-level certification authorities are trustworthy; so I expect the next generation of security protocols, the successors of the (transparent and enabled by default) SSL, to treat governments as opponents.

I also believe that companies will change their security patterns, e.g. stop trusting American third parties such as Microsoft if they have competitors with political connections in Washington.

Yes, please do alert users that self-signed certificates are potentially sourced by nefarious organizations. But in most cases, they are used by small companies and individuals to simply encrypted content from trusted servers. So allow them to be permanently trusted.

Perhaps we will see an increase in interest in web-of-trust alternatives?

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=435013

The point is, if what you do interest the US government, it can compel Verisign and the likes to betray your trust, so you shouldn't trust them. And what emerges progressively is that the threshold beyond which you're deemed "interesting" by US administrations is way lower than long believed.

If you're a company doing international business, you want to secure your strategic communications with your own root CA, not with that of a company who can't say no to the government.

I do think that the average joe, doesn't know what a certificate or CA is, should be protected from automatically trusting an unknown CA.

It is if you're targeted. But then, if the US government is after you, you're already screwed anyway.

The point is to impede generalized surveillance of everyone without probable cause. Even if MS-Windows and OSX are bugged, which is almost certain, the NSA can't siphon all your data through your routers inconspicuously. It can only grab selected data from the computers of high-value targets, at a considerable cost, which is fine.

It's not about preventing states from surveilling legitimate suspects, it's about forcing them to respect the privacy of average joes, and limiting their control on the Internet as a whole.

fixed that for you

My completely anecdotal experience is that when people want privacy, they're starting to avoid all manner of electronic communication.

Take me as an example. I am 8 years in US, married to US citizen. Green Card holder now and couple years ago our plan was for me to become a US Citizen and us to raise our kids on US soil. Not anymore.

With all the outcoming gov scandals, with government forcing you to vaccine your kids, with you or your children going to jail for drawing a gun, for swat team breaking into your house because you are selling raw milk, for all this growing nonsense and my personal disgust with president that calls death of 4 us officials in Bengazi a "phony scandal", I am genuinely sick and disgusted of this to my deeper core. And here comes important part: so you say to me in response: if you don't like it, move out! And you are damn right!

We made this decision recently and right now my wife is learning my native language while I am shifting more towards doing more remote programming gigs. Surprisingly after I moved here from the country of communism, now it seems safer and more sane back in Europe than here! Europe has its problems of course, but honestly I believe Europe will deteriorate much slower than US. Here everything is on fast forward and yes examples like Manning or Snowden revelations and lack of echo makes it hard to believe anything will change for better in the future.

I believe I am not the only one who draw this conclusion lately. I also think that many smart people coming to this country to live "american dream" are also smart enough to realize the economical situation become so unstable that its better to "wait and see" back home.

Anyhow, I'm in Canada right now, and am in the next few years probably looking to change careers. I have good contacts with several top-tier tech companies in the US, and also with the auto industry and big oil. I've never really had much of a desire to live in the US, but now more than ever I'm finding myself looking to other potentially less lucrative positions just because of my distaste, much like the post above.

It really doesn't feel like a good time to be living in the US as a foreigner with an engineering degree, a very foreign sounding name and very liberal views. :-/