Because we are technical people, it's very tempting to think of a technical solution to the problem. This author is right on the money though. Against a state level actor there is little hope of securing your own person and effects, and thus, your technical solution.
I agree that a political solution is strongly preferable, but I'm not sure if that's ever going to happen. The only reason that the NSA can listen in on your Facebook, Google, Skype (etc) activity is because:
1. These communication tools are operated by a company under American jurisdiction, that can therefore be strong-armed into cooperation
2. These communication tools store your data unencrypted
3. The world outside that company has no way of figuring out what is happening inside (i.e. no transparency)
I am therefore of the opinion that the only viable technical solution to Prism has to be
a. Completely decentralized
b. Fully (end-to-end) encrypted
c. Open source
If our communication tools were decentralized, encrypted and open source, then the NSA would have had a much harder job listening in. What needs to happen is that we need to build those systems, and basically divorce Facebook the company from Facebook the tool.
We need to change the playing field, and remove the capability to listen in on our communications. The internet is an amazing tool, but it's still in its infancy. It could very well be that, decades from now, we will look back at this period and wonder how it was even possible that the NSA was listening in on every single person in the world. We're not there yet, but it's not impossible.
That's mostly true - but in the Facebook example (and Twitter, and to a much lesser extent gmail and Skype) - the whole purpose of using the service for most people is to be at least partially "public". Facebook wouldn't work if every message was encrypted - at least not unless it was encrypted in such a way that a large number of nodes on your social graph can all decrypt them. If my ~250 Facebook friends or ~500 Twitter followers can't read what I write there, the services would be useless. I'd _prefer_ the marketers and the NSA didn't also have access to my personal and professional interactions on Twitter/Facebook, but they're fundamentally "public". (I know there's "privacy" control for both services, but they only cut things down from "everybody sees what I post" to "all or perhaps just some of my contacts see what I post", not actually "private")
And the fundamental problem is, out of those 500 or 600 "contacts" I've got on Twitter/Facebook, I've got maybe 2 dozen PGP keys matching them. By far the greatest portion of any email I send is going to have to arrive in friends/colleages/clients mailboxes as cleartext, and I strongly suspect there are people who's PGP keys I do have, who'll decrypt mail I send them and store the cleartext somewhere vulnerable to NSA snooping anyway. Same with just about every other "technical solution", until everybody has properly managed and secured keypairs - most communication is going to have weakest-link vulnerabilities that are trivially defeat-able to a "globally present network embedded adversary". Having said that, it's still worth doing, from the point of view of increasing the level of difficulty for a ubiquiously surveilling adversary. (with the probably downside of drawing attention to myself by asserting my ethical "right to privacy", which is no doubt interpreted as "doing something suspicious" by the opponent)
You make two good points, but only the first one is structural. How do you keep information secure if it's meant to be semi-public? That's a rather fundamental question, and I don't have an answer to it. There must be a better way than storing everything in plain text in a centralized database, though.
Just think about it: the current communication tools store all the world's communication in plain text databases on American soil. No wonder the NSA engineered access to it - it is a prize too good to be true. I think we can and should at least try to change that.
Regarding the availability and use of PGP key pairs and related technology: you're right. Almost no one uses them, save for security enthusiasts. They're difficult to use, overly technical, make you feel like a paranoid conspiracy theorist and are frankly a pain. Those are all issues that could be overcome, though. There are no real, actual, structural reasons why good security has to be difficult to use.
But what I'm really wondering about is the best way forward. Like I said, I would strongly prefer a political solution, but I'm skeptical if that will ever pan out. I've been mulling this for a while, and if we would really want decentralized, encrypted, open source means of communications, shouldn't we take a structural approach to this?
The Diaspora guys had some ideas – but they were either not good enough ideas or too difficult to execute on to gain much traction, from what I can see.
It's an interesting question – who's going to fund writing the software that effectively needs to replace Facebook while making it impossible to monetise in the ways Facebook can?
(Random half-baked ideas: what about something built on top of BitTorrentSync? A distributed encrypted file storage repo with sufficient storage/bandwidth on every users machine to store many encrypted blobs, some of which are encrypted using your public key. A client-side app that gives you a personal view of that data showing only the stuff meant for you. Work backwards from there to a Facebook or Twitter like service, with a whole bunch of strong crypto using PGP keypairs and self-signed TLS certs authenticated with your social graph's web of trust. It's almost certainly more difficult than that though - I feel like like this guy: http://xkcd.com/793/ – and we're now back at the "everyone just needs a PGP keypair" showstopper…)
If our communication tools were decentralized, encrypted and open source, then the NSA would have had a much harder job listening in.
It makes eavesdropping without a warrant harder. However, in some countries the refusal to turn over a private key to the police is already a crime [1]. I don't find it hard to imagine that governments would seek to require that private keys are handed to the government or that they would reintroduce a Clipper-like chip. Especially if it becomes harder to wiretap via Facebook et al.
I agree that a political solution is strongly preferable, but I'm not sure if that's ever going to happen.
I am not sure. I think that under sufficient political pressure, it could happen in Europe. Perhaps with the wrong motivation (weakening the position of US companies), but some influential politicians (e.g. Neelie Kroes) have been very critical of Prism. Of course, we don't know that much of the breadth of data collection of EU security agencies...
One of the author's points was that you can't even trust your hardware. To prevent this fundamental weakness, we would need a whole new infrastructure of open-source hardware designs along with manufacturers who could somehow be trusted not to insert backdoors.
Also, you can't live in modern society without doing communicating with entities who you don't necessarily trust with your privacy (i.e. businesses). If the other party is agnostic or malicious regarding your privacy then you need the state's help if you want protection.
Expecting "perfect solutions" is absurd. Technological solutions can mitigate some risk and politics can mitigate some danger. Someone sufficiently powerful CAN still remove your privacy, always, but the goal is to make it hard enough that no such entity exists who might want to do it. Its a lot easier to remove the privacy of a jail prisoner in a third world country who uses plaintext and no password. It is a lot harder to do that to someone if they have encryption, AND the power of a nation state and/or a society ready to defend their privacy with ample force.
But the real reason technologists focus on the tech is because it is their area of expertise.
