[adrtessier]

Yes, cryptographers should take on the surveillance state.

So should developers, and entrepreneurs, and politicians, and the common citizen that thinks AES is some foreign sports conference or IND-CCA is a new trade agreement.

I'm growing tired of watching journos try to point the fingers of "encryption is good, says cryptographers" and "encryption is bad, says this guy in a federal law enforcement position" and completely miss the greater point that unless everyone takes on the surveillance state, everyone will lose. The intelligence community is made up of humans. Some of them are there idealistically; others are there solely for power, just like in any megapolitical organization.

Should <x> take on the surveillance state is a shit clickbait title. It can always be reduced to:

Should you take on the surveillance state?

If you care at all about a semblance of privacy and the expression of individual ideas, the answer is always yes. Of course, there's a whole lot less to write about there to generate ad revenue.

Any approach in which a single subculture, whether it is thought leaders or soccer moms, tries to enact meaningful change in a system that at least pretends to be a representative democracy, will not be enough to reach a critical mass to actually do something. Cultures correct negative behavior through consistent reinforcement of a norm. Until people want privacy as a norm, and fight for privacy as a norm, the flames fueling a surveillance state are simply being retarded, not extinguished.

[nickpsecurity]

" tries to enact meaningful change in a system that at least pretends to be a representative democracy, will not be enough to reach a critical mass to actually do something. Cultures correct negative behavior through consistent reinforcement of a norm. Until people want privacy as a norm, and fight for privacy as a norm, the flames fueling a surveillance state are simply being retarded, not extinguished."

That's my exact point. The laws need to change to reduce what they can do, punish offenses, and optionally encourage the better approaches. To get that, a huge amount of people have to lean on Congress. That will only happen if they start valuing their privacy or at least have common sense that scumbags + unlimited power/knowledge + immunity is a bad idea. Cryptographers, past speaking out, can't solve that problem and hence are just irritating to opponents who continue to win while laws enable them to.

[api]

It's hard to take on the surveillance state when you have to make a living and all the money and jobs are in surveillance and surveillance based business models.

[adrtessier]

I think there is a distinction to be made between surveillance and data, and I do not necessarily think you need to go full cypherpunk to make a meaningful difference. The cat is well out of the bag on data collection and analytics and it will be that way forever.

However, people working within institutions that contain sensitive data can help affect positive change from the inside as well as the outside. Be a voice for the security of user data within your organization, and do what you can to meaningfully contribute to methods that increase user anonymity and business models that do not require being excessively intrusive into the personal details of others. There is something you can do everywhere, and it is far better to have people privacy-minded even inside of the classical "surveillance" companies than having these companies run recklessly without a voice for the user. In fact, it may even have more impact than yet another frontend for yet another OTR implementation.

[ljw1001]

I hear you, but whether or not something is difficult is orthogonal to whether or not it's morally right. You don't get off the hook because doing the right thing is hard.