[tsimionescu]

The very opposite is true. Technical means can't ever protect privacy from a determined attacker.

There is even a country that intercepts and MITMs all TLS traffic (one of the stans, forget which one). Of course, browsers don't recognize their certificate. So, you have a choice: you either trust the government MITM cert yourself, or you don't access the web. Laws trump technology every time.

[tristor]

My most charitable response would be that /both/ are required, but your example is one where law is taking away privacy, not one where law is granting privacy. The law cannot grant privacy, because the law is slow to act. We have recently had cases where the government and private actors/companies have violated privacy rights in western democracies and it took multiple years to see any semblance of justice done, and the victims were not made whole.

Laws that prevent technical mechanisms effectively prevent the enforcement of laws that protect privacy, because bad actors can still break the law. The law provides some means to get justice, in theory, after a bad actor has already violated your privacy. Technical means provide you a mechanism /you control/ to actually enforce that you have privacy. You need both, but the law alone is woefully insufficient.