[tristor]

> The EU already has robust digital privacy laws and is likely to continue passing laws to protect their citizens. I think it's much better to take control away from Apple and place it in the hands of regulators that represent the people directly.

Laws don't protect privacy. What protects privacy is technical mechanisms for people to do so.

[tsimionescu]

The very opposite is true. Technical means can't ever protect privacy from a determined attacker.

There is even a country that intercepts and MITMs all TLS traffic (one of the stans, forget which one). Of course, browsers don't recognize their certificate. So, you have a choice: you either trust the government MITM cert yourself, or you don't access the web. Laws trump technology every time.

[tristor]

My most charitable response would be that /both/ are required, but your example is one where law is taking away privacy, not one where law is granting privacy. The law cannot grant privacy, because the law is slow to act. We have recently had cases where the government and private actors/companies have violated privacy rights in western democracies and it took multiple years to see any semblance of justice done, and the victims were not made whole.

Laws that prevent technical mechanisms effectively prevent the enforcement of laws that protect privacy, because bad actors can still break the law. The law provides some means to get justice, in theory, after a bad actor has already violated your privacy. Technical means provide you a mechanism /you control/ to actually enforce that you have privacy. You need both, but the law alone is woefully insufficient.