Misdirection
While everyone is arguing over encryption backdoors, the Signals Intelligence Agencies are successfully misdirecting people, as you would expect.
Snowden made it quite clear in the Q&A session hosted by The Guardian in 2013 that:
Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.
My emphasis on 'properly implemented'. While the algorithms used by various applications may well be theoretically secure, many implementations are flawed. Good luck in finding a cpu that doesn't have a built in back door ( Intel ME, AMD Secure Technology, VIA C3 "God Mode", ARM TrustZone*) , and, if on a mobile phone, doesn't have a baseband modem with proprietary 'binary blob' firmware which can be updated over the air by service providers that also has access to main memory (and therefore decryption keys). In addition, there are poor random number implementations, and overly bloated libraries with an indefinite number of flaws (OpenSSL) that have multifarious leaky side-channels. It is very strongly suspected the SigInt agencies actively try and influence standards setting committees to subvert and/or make implementations complex and prone to bugs so that groups like the NSA's Tailored Access Operations (TAO) have a range of implementation flaws to work with (See also BULLRUN. Easily obtainable secure end-points for communications do not exist. While everybody argues about the security of data in transit, little attention is paid to the security of end-points, which is a situation I expect the SigInt agencies are very happy with.
It should not be necessary for me to point out I am against terrorism and/or child abuse. That said, as a society we appear to have a hard choice to make: gain the ability for select groups of people in authority to intercept communications between terrorist and/or child abuse conspirators (that ability also subject to abuse and subversion) ; or retain the ability for innocent people to have private conversations. It appears we cannot have both. I suspect that in the long run we will lose privacy. If you look at the use of social media, the cultural norms around privacy have changed hugely in a short period of time, and I would not be surprised for people in the future to make the explicit choice of living in a panopticon, partly justified on the basis of security and for the sake of the children, but mainly simply because it becomes normal to do so, and anyone desiring privacy would be regarded as a misfit.
*Note that a lot of this technology is justified by its use in DRM for media use. Secure channels for playing digital media, etc; and also its use in easing management of large organisations' IT estate. Trusted Computing is about third parties being able to place what they regard as their content on 'your' computer and control it such that you can't do with it what you like - that is they trust 'your' computer to do what they want. Great for Hollywoood and corporate IT departments; and coincidentally great for SigInt agencies.
Biting the hand that feeds IT
