[TheSpiceIsLife]

Are we to believe that passing laws will prevent intelligence agencies from doing certain things? It would seem to me the passing of laws just enables someone in government to say "fixed" and then the intelligence agencies continue doing whatever it is they do.

I'm not suggesting we shouldn't push for new / changing of laws, but does it really alter the trajectory?

[x1798DE]

Given that none of the people involved in these clearly illegal programs ever gets punished in any way, I highly doubt that passing new laws will prevent government agencies from trying to do this kind of thing. However, making it explicitly illegal could have a beneficial effect in that it would empower corporations to not comply.

There are probably a lot of companies that find backdoor type requirements burdensome, and are only complying because the law is secret, uncertain or unfavorable to freedom. If you passed a law that said, "Complying with any request, including those issued by government agencies, to insert a backdoor into or otherwise weaken the security of a cryptographic protocol is illegal" and imposed some steep fines for violators, then companies would be in the opposite position from the one they are now, and they cautious position would be one where they say, "Sorry, government, if anyone found out we did that we could get shut down or lose a ton of money."

That said, an engineering solution is a much more attractive one to me than a social/administrative solution. Hopefully end-to-end encryption will become widespread and there won't be much that anyone can do about it. Still, the problem is that security is really hard, so having engineering and administrative controls is probably better than just one of the two (i.e. you're always encrypting your traffic end-to-end, but if something leaks out of a side-channel it's illegal for the NSA to be looking for it anyway, so both controls have to fail in order for the NSA to snoop on you).

[zachrose]

What other courses of action do you have in mind?

[verbin217]

Lets assume he has none. Is it not appropriate to note the inadequacy of our present actions?

[pjmlp]

No, but normal citizens have this strange belief security agencies follow laws.

[thenmar]

Can you elaborate on who is normal and who is not? Thank you for clarification.

[pjmlp]

People that never experienced what dealing with state security agency means.

I am a child of the Portuguese revolution. My family lived under the Salazar dictatorship.

My Spanish, Greek, East Germany, Eastern Europe friends "enjoyed" similar experiences.

Whatever the law says are dead letters. The security agencies are the law.

So for us Europeans it is very hard to understand how the common American thinks such agencies follow any law.