I am a big fan of what Bruce Schneier has written over the years including a recent piece on our Newfound Fear of Risk. But I disagree fundamentally with him on the implications of the latest disclosures around the NSA’s extensive work to weaken, break or circumvent cryptography. Schneier essentially encourages people to try to outrun the NSA in a piece titled How to remain secure against NSA surveillance that ends as follows:
Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.
This is completely the wrong direction for us to take. We cannot and should not be living in digital fortresses any more than we are living in physical fortresses at home. Our homes are safe from thieves and from government not because they couldn’t get in if they wanted to but because the law and its enforcement prevents them from doing so. All we have to do is minimal physical security (lock the doors when you are out).
Please repeat after me: Surveillance is a political and legal problem, not a technical problem. We have to all become outraged and start a big and public online and offline campaign to take back the law into the hands of the people and their representatives and away from secret organizations “overseen” by secret courts in a system that goes beyond Kafka’s worst nightmares.
Anything else is completely and utterly futile and the sooner we stop believing in a technological solution the better. Many of the disclosures just made drive home the very point of very spy-versus-spy arms race that I have been writing about on Continuations for some time. What we need to get back to is a political and legal system where when you use reasonable effort to secure your communications (and that should include using the mobile and cloud systems of companies such as Google, Yahoo, Microsoft, Apple) you have a reliable protection of your civil rights.