| >In case you didn't get the news, the NSA already does not bother to approach Google... I got the news. They approach Google AND they plug into private lines. The latter case is what I referred to when I mentioned "backbone" providers. Again, I want any private entity to have legal standing to refuse NSA requests. >The NSA is a rogue agency that does not respect laws (or reinterprets them as they see fit) I agree that if an agency goes rogue, then laws are only retroactive. That is, laws provide a penalty that is triggered only after an offense has occurred. But, clear (i.e. not ambiguous) laws with clear penalties can be a powerful deterrent. Whistle-blowers like Snowden are then empowered to stop abuses and illegal activity. They are automatically branded as heroes instead of traitors who must flee the country or worry for their safety. As it is, the good guys like Snowden are being put on the wrong side of the law and vice-versa. This must change. >However, the reality is that a rogue agency can evolve in the dark corners of the government, and that therefore it is likely that it will happen again. That's true and always has been. But, we don't just say "well, laws will be broken, so let's not bother having them". It's really the entire point: to prescribe what is acceptable behavior and provide penalties for violations. >A strong technological solution that makes large-scale snooping impractical is a sine-qua-non no matter what happens on the legal side. We actually agree to some extent. I don't advocate that we not implement technical measures. Where we depart is on priority. The wording of your last sentence signals this departure. I would flip "technical solution" with "legal side". Ultimately, if the emphasis is on technical solutions, then we will all be pwned with impunity. Period. Are you going to write your own firmware? Manufacture your own chips? Are you going to personally write all of the security and other endpoint software in your stack, including the OS? Even if you did, would you be able to guarantee zero vulnerabilities in your own code? Checking rogue agencies, providing more oversight and enforcing clear laws are the only way out. Technological solutions are but a backstop that we hope will provide us with some defense in the event that a rogue agency goes undetected for some period. |
> I got the news. They approach Google AND they plug into private lines. The latter case is what I referred to when I mentioned "backbone" providers.
As far as I understand, these were not lines provided by "backbone providers". These were private lines laid and paid for and owned by Google. There was no third party who bent - Google got pwned directly, in secret, with impunity.