Disagree completely. Technological solutions are the only feasible ones because the majority of the population is absolutely fine with the status quo.
In a democracy, complacency guarantees that nothing will change and in fact will likely get worse.
For those of us to whom privacy actually matters, we need to recognize that we are in the vast minority, and as such, our voice will be completely incapable of effecting political change. Technological tools then become our only option.
Then there's the issue that even IF political action had a chance, it would still be ineffective. Case in point: voting for "the other guy" HAS ALREADY FAILED everyone who actually bought Obama's lies about reducing the police state.
> Cherished social theories have been discarded. Conservatives who insisted that the decline of the traditional nuclear family and growing ethnic diversity would unleash an unstoppable crime wave have been proved wrong. Young people are increasingly likely to have been brought up by one parent and to have played a lot of computer games. Yet they are far better behaved than previous generations. Left-wingers who argued that crime could never be curbed unless inequality was reduced look just as silly.
> The biggest factor may be simply that security measures have improved. Car immobilisers have killed joyriding; bulletproof screens, security guards and marked money have all but done for bank robbery. Alarms and DNA databases have increased the chance a burglar will be caught. At the same time, the rewards for burglary have fallen because electronic gizmos are so cheap.
It's not liberal politics or conservative politics or even socialist or libertarian politics that is responsible for the fall in crime. It's good old-fashioned technological solutionism.
Criminals and governments are fundamentally different adversaries, and it is a mistake to assume that techniques that help against the former are even semi-useful against the latter; if you build enough technology to try to keep them out (already hard: they not only have access to immense resources, but likely also are slightly ahead on technological advances) at best you can hope to rot in the system while they figure out what to do with you (or, if you are a provider, maybe you can get away with pulling a Lavabit).
> Technological tools then become our only option.
Your only option for what? Privacy? If that's all you are trying to achieve then maybe it's sufficient. Many people perceive this as part of a much larger threat to civil liberties though.
GPG isn't going to stop you getting detained and strip searched at the airport. TLS isn't going to stop you being questioned about that cousin coming to visit from Pakistan. Only giving political donations in Bitcoin isn't going to keep you off a list of dissidents forever.
And ultimately people do care if their government is keeping them safe or not. So far they have zero evidence of that. You don't think people care about the billions of dollars spent reading their email instead of actually protecting their lives?
If you feel truly passionate about this issue, your job isn't just to convince politicians it is important. It is also to convince the average Joe that it is important. The tech community has a tendency to be too insular. Part of the problem is that we aren't doing a good job of explaining an issue like this to people outside our community.
Linux and commodity scale-out hardware made this surveillance possible. The vast majority of politicos have near zero understanding of the technology, capabilities or even have the groundwork to ask the right question.
National Security types are simply exploiting what the technology allows. As are FB, Google, MS, Apple et al.
"majority of the population is absolutely fine with the status quo"
The majority isn't happy, they just aren't hungry enough to make changes. Plus what can the majority do when the political/economic/information system is totally rigged against them? Voting doesn't work in the national arena, protests don't work and revolutions/social disorder have a high chance of failure, death, destruction and worse government.
If everyone is fine with the status quo why would they adopt technologies that challenge the status quo? In general security systems will cause some amount of inconvenience and the perceived benefit must outweigh the cost of that inconvenience.
Except they're not. The profusion of even naive encryption amongst the general population is effectively zero, assuming you exclude transparently-used encryption like SSL.
When 50% of the membership of AARP is using GPG and having key signing parties, then we can talk.
Actually, 10% might be enough, if you believe some of the research on how society-wide changes happen. That doesn't really change the overall conclusion at the moment, but it's nice to stay optimistic...
I don't think privacy is that hard to maintain if you don't engage privacy invading devices, right? You can walk naked around your home privately, but it isn't really possible to walk naked around a public square privately.
The Internet is a social tool and is used to engage remote information, not local. I want to protect privacy as much as the next person, but I have a reasonable understanding of the context of privacy.
There's simply no way to legislate (socially guarantee) privacy for individuals on the largest piece of social infrastructure ever built.
- Technology solutions can't get very far. At some point they will be attacked by legislation at a level that renders them unusable. (e.g. encryption of such and such becomes illegal)
- Technology solutions inevitably create an arms-race so the surveillance state keeps growing bigger and bigger. And also creates the mindset that we can do nothing but to continue looking for better technical solutions. Eventually we forget why we are doing all of this in the first place, when politicians are supposed to be our employees who are supposed to serve us and act on our behalf.
- For as long as the majority of people don't understand the value and importance of privacy we're going to continue to see these issues. When people buy the "if you have nothing to hide" argument, it's not going to change.
- People only start to care when they feel sufficiently threatened, and in this case they don't understand the threat, until it's far too late, and then it suddenly clicks for the average Joe, years after many people have been warning them in advance but they dismissed them as crazy people
- You can see examples of the point above all throughout the history. A minority keep warning people about a certain point, the majority doesn't feel it's important and continues to ignore it until it's too late, now everyone understand the mess they are in and at this point usually revolution and civil wars start. Then after lots of suffering they all vow to never repeat what they did, and to do something to never end up in that situation again, then they forget, and rinse and repeat.
To the author of the article I say, "can't we have better legislation /and/ tech hacks?"
I don't think anyone would disagree with the idea that we can't solve the surveillance problems just through technology alone (apart from maybe some of the more naive HN members). But since we are partly in this mess because of technology, I don't think it's too radical to suggest that we can in part help get ourselves out of it using technology as well. To suggest that the tech community are a bunch of introverts, unconcerned with "the plight of the majority" sounds kinda dull to me, and certainly unoriginal.
It seems to me the article takes the same approach to prevent someone from stealing your car. You can take certain measures like locking your doors and installing a car alarm which will thwart most thieves who are looking for an easy mark. However, if a professional car thief wants to steal your car, guess what? They're going to steal your car.
In a sense, it makes it harder for government to eavesdrop on you, but if they really want to get your information, they can.
All your doing by using these tools is making your private information harder to get at. Which I don't think is a bad thing. Outside of the government, these tool will do wonders to thwart identity thieves and other malicious hackers from getting at your information so it's not completely worthless to use them.
But if you're trying to stop mass car theft by people simply opening the doors and driving off, taking the keys out and locking the door is pretty effective.
Sure, professionals could still target specific cars, but it would cut in to their potential for mass theft, by simply making each one take longer.
> It seems to me the article takes the same approach to prevent someone from stealing your car. You can take certain measures like locking your doors and installing a car alarm which will thwart most thieves who are looking for an easy mark. However, if a professional car thief wants to steal your car, guess what? They're going to steal your car.
You can make the same point about government laws. And, as it turns out, it seems like the government solutions actually fail faster than the technological ones:
The problem is that you can't effectively enforce legislation against it. Even if we were to crack down on the surveillance apparatus that we can see, unlike analogous physical action electronic interception is practical with a tiny amount of equipment. Until you're ready to hand inspect every foot of communication line (which are almost always underground or undersea), and evaluate every switch on them down to the silicon, there's no point in attacking the problem with laws. A law can stop a large government program, but every 18 months the problem gets twice as easy for a smaller group to tackle.
You can't legislate that people be nice to each other, and you can't legislate that people not copy bits.
Legislation isn't really the trick, IMO. The trick is to find NSA recruits before the NSA does and educate them on ethics and why it's wrong to do stuff like this.
But that's hard politics and most HNers don't have the stomach for it.
Or donate money to whatever -- so far that hasn't worked. I doubt EFF with a 10x increase in budget could accomplish 10x objectives. Even if they could, that wouldn't give us 10x freedom.
But I'm often wrong about these things.
Once, in the murky past, I used to tell people "changing the world" isn't the point of activism -- it's "changing ourselves."
Defeatism. Mass surveillance can be blinded. High-intensity efforts at cracking encrypted communications and storage don't scale up.
Mass surveillance is only worthwhile if you have comprehensive visibility into potential high-value targets. If the 20% of people who are actually doing something more meaningful than cat videos routinely use encryption, then mass surveillance only gets you cat videos.
Suppose the political climate creates incentives such that ordinary people are compelled to report on each other. Explain to me how technology blocks that?
Tech hacks are part of the solution. They are not the only part, of course, but tech solutions help to ensure that the other part of the solution, politics, does not fail. It is not hard for laws to change; it is hard for technology to be replaced, especially when it is standardized and widely used. If the law forbids the government from reading our emails without a warrant, then the email system should be designed to support the law -- e.g. by encrypting messages.
J. Edgar Hoover's surveillance mania was pretty low-tech by today's standards. As was the Stasi. These were clearly political problems first and foremost.
Maybe technology can help, but, it shouldn't be overvalued.
Technology supports the law. That swings in one direction with CALEA: telecom equipment is now designed to support on-demand eavesdropping. There is no reason that things could not swing in the other direction, so that technology is used to ensure that the government is not abusing its power. If the Internet had been designed to protect personal privacy, things like PRISM would have been much more difficult to implement. Laws can be changed easily when there are no real-world issues standing in the way.
I would really like to see a place where possible solutions are actually being discussed, voted on and worked out, like I tried to say here: https://news.ycombinator.com/item?id=6152935
It kind of really sucks that we're still discussing that we should be discussing solutions.
Northwest, I was going to comment that this article is full of complaints, but doesn't offer up a single, actionable solution. I wrote a post on Medium a while back (https://medium.com/surveillance-state/7d456a6a04df) trying to identify some of the root causes of our problems and offer up a fix. My ideas may not be the best course of action, but at least it's putting something out there.
I'd love to work on building a community that can evaluate, develop, and test out different ideas (although my time is somewhat limited right now). I'm pretty experienced developing in Python/Django, and have plans to teach myself Meteor this fall.
I've been saying this forever. This is a political problem.
Tech hacks aren't necessarily bad, but they can only go so far and all have major problems. There tends to be a trade-off between security and usability, which turns most users off from using things like darkets and meshnets. In addition, I'm not familiar with any meshnet that could stand up to a determined assault from a well-equipped foe. Any Internet-based meshnet is vulnerable to filtering at the ISP level, and any truly wireless decentralized meshnet is vulnerable to jamming, detection and confiscation, etc. All meshnet protocols I'm familiar with have denial of service vulnerabilities as well.
Ultimately I think only a two-pronged approach can work. Tech hacks can make it a little harder to implement a universal total surveillance state, but only political action can solve the political problems that lead to its creation.
> Any Internet-based meshnet is vulnerable to filtering at the ISP level
Theoretically - yes, ISPs are in full control of what's passing through them. But, if we're not considering a whitelisting only explicitly allowed sorts of non-encrypted communications, filtering with reasonably good success should be quite a costly task.
I think the only way to effectively prevent anyone from picking their nose into your letters is protecting the letter by various means, not telling others that they must behave so and really not read what you wrote there. Sure, protecting against powerful TLAs is not easy, but certainly not impossible (always keeping in mind there's no absolutely perfect solutions and everything could eventually wear out). If the otherwise would be the case, many countries won't be so upset with strong crypto.
I also believe that laws that try to "protect" privacy are actually worsening the situation, not improving it. That's because they make false beliefs with general population that one's communications are secure, even though in practice they're frequently as secure as an unsealed postcard.
Even if democracy seem that lost its meaning in US (either by power grabbing or media controlling population) the political way must kept to be tried.
But while that is in the works (and will take time, is not that they will admit that they are wrong, they know they are, they must be forced to change their ways by international and national pressure), some technical hacks could help. And at the very least, if popular enough, is another way to tell the government that the country don't like what they are doing.
Yes, it bothers me that so much of the outrage is about spying on Americans, and concerns me that a "political solution" is fairly likely to maintain our second class status.
I only trust the mathematical proof that I am not spied on and here is why: There is always something missing in those articles.
It is always about American gov spying on American people !
What about allies spying on americans and american gov on allies ? It is a world wide problem with intricacies of local laws and loopholes.
The political solution is impossible to obtain, it can at best mitigate one of those.
The drive to try to solve the problem with tech is simply more emblematic of the actual problem: nobody's willing to do the hard and undesirable work of pushing for policy change, or even becoming policy makers themselves.
It's a pity that even while we watch our grandest creation crumble at the hands of overeager, underqualified career politicians, we can't be persuaded to kill the beast from the inside.
Any of us is educated enough and capable of working in congress. I mean, Christ, Michelle Bachmann was a running mate for president.
I don't think so. Laws change all the time, and a society's fears and priorities change over time too. Technology both gives us the ability to archive and analyze communications forever, and to provably protect (encrypt) them forever. Laws only give us the ability to protect our communication as long as the complex web of human desires and emotions allows it.
I'm with the spirit of this argument. This won't be won by some subset of very smart people fighting the powers that be. The governments of the world are hiring very smart people too. I hate to say it, but this needs a political solution.
In a democracy, complacency guarantees that nothing will change and in fact will likely get worse.
For those of us to whom privacy actually matters, we need to recognize that we are in the vast minority, and as such, our voice will be completely incapable of effecting political change. Technological tools then become our only option.
Then there's the issue that even IF political action had a chance, it would still be ineffective. Case in point: voting for "the other guy" HAS ALREADY FAILED everyone who actually bought Obama's lies about reducing the police state.