Great point. While you still could be spied on, for instance with a bug stuck onto your back or classified nano-drone (if it exists yet)... that would be extremely expensive. If they wanted you that bad, it's like, fine. Listen to me talk about my motorcycle.
The issue with computers is they are so, so, so cost effective to tap & data mine. And storage just keeps getting cheaper. Hence, illegal mass surveillance.
Probably the best idea would be to go swimming in the ocean with whomever you'd like to contact, since salt water and mechanical agitation probably diminish the reliability and functionality of most listening devices. But there's a continuum of practicality here. It's hard to imagine the Soviet commissars hopping in the water for an afternoon meeting.
By providing ready access to a stream of digital data and metadata about yourself, you're making their job easier.
Even if you use crypto, the mere fact that you use crypto is interesting enough to draw attention.
The point is to blend into the background. Do you think that crossing a border using the Blackphone isn't going to raise eyebrows? In denied areas the idea is to use equipment that looks ordinary and boring: a wristwatch or a calculator.
If for no other reason than an adversary might not know who you are, you reveal yourself to them by using a special-purpose tool.
It seems like you're saying "we should all use encryption as much as possible so it becomes the background". It also seems like you don't think you're saying that.
What I'm saying is that this technology is a small piece of a solution set to a big, hard problem.
Technology and crypto are the easy parts. Infrastructure, legislation, and user behavior are the bigger pieces and a much harder problem.
We have had secure email systems for better than two decades. They are VERY poorly deployed. Why? We have had secure voice systems for even longer. Why is the encryption on these systems so poorly designed?
I don't trust machines to keep my secrets for these very reasons. I have little faith that more crypto will fix anything. That's what I'm saying.
Voice encryption was available with the STU-III for a long long time.
When was the last time you saw a STU-III in an office? Ever? It's because the security capability isn't worth the trade off and friction it creates for business.
The dirty little secret is that the whole process of doing key exchange and verifying that you have a solid connection between two trusted parties is NOT a widely solved problem.
TRUST between two parties that have never met is NOT a solved problem at scale unless you consider SSL a solution and there are a lot of people who think that SSL is broken in many regards.
Think of all the features that a modern enterprise phone system has:
Call waiting
Three way calling
Conference bridges
Voicemail
CallerID
Call Parking
Assistant Mode
...et al.
Regulatory archiving
You don't get ANY of those with ANY commercially available secure phone system. The same problems you have with using secure email at scale you have with secure voice.
yes, and while that's all good the scenario is quite different. they were protecting from an external threat.
we're protecting from an internal one. the moment you go out the door, we're in the public. law enforcement doesn't really need an excuse to follow you around while you are in public.
on the other hand imho you can safely assume that all crypto will eventually be broken. the question is when, and will your adversaries still care at that point. not quite the same, but still kinda related: https://en.wikipedia.org/wiki/Venona_project
The issue with computers is they are so, so, so cost effective to tap & data mine. And storage just keeps getting cheaper. Hence, illegal mass surveillance.
Also, I had to make a meme: http://i.imgur.com/bk16CyB.jpg