Many people in spheres of cryptography and digital rights activism have long assumed (or—frankly—known about) pervasive government surveillance of the Internet and other communications networks. So it's unsurprising that there is something of an undertone in PRISM discussions of "meh, it's terrible but it's not really news" or even "so far, this is less bad than I was assuming".
It would be nice to think that we could go back to business as usual, quietly fighting (or tolerating) these intrusions—but I don't believe we can. The recent revelations come with a radical increase in the risk of harm from these programs, even to those who were already assuming they existed. To understand why, it might be helpful for me to share how I answer this unrelated question: "Why would you use AES/RSA/etc. when the NSA employs more mathematicians than anyone else and may well have cracked them?" The answer: if the popular cryptographic constructs have been cracked, the knowledge that they were cracked—even without the "how"—would be insanely valuable. So much so that unless you presented an existential threat to the cracking party, they would be very hesitant to use that ability against you if even a tiny risk existed that doing so could reveal their capability and thereby make it less valuable. In the case of mass surveillance programs not only is there a risk that people would change behavior—switching to SSL with PFS for all communications, making more use of high-delay mixing networks, decentralized services, non-cloud open source software, etc.—but since these programs are obviously illegal to many outside of the incestuous world of intelligence, by revealing the capability they risk it being simply taken away by the rule of law. (Even those who have convinced themselves that these programs are lawful and righteous must recognize that they are on thin ice and public opinion may go another way). And so—before the capability was made public, it _likely_ wouldn't have been used against mere political nuisances, at least not without the additional cost of creating a solid pretext for the resulting intelligence. But now this deterrent is gone: the burden of utter secrecy is reduced. And if these programs are not eliminated, greatly curtailed, or made moot, we can expect them to be employed much more freely. -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
