I am unclear on what you mean by technical choice. Are you talking about a technical solution to keep the government from seeing your traffic? That will not work for two main reasons. 1. The government has a lot more resources and motivation than the average company when it comes to security systems. They do not have to be profitable, just effective. Most companies only invest in the security that they are required to provide. As a private entity they will be unlikely to want to get in a technological arms race with the NSA. Remember these are the guys that also design some of the most sophisticated encryption systems in the world and have nearly limitless computing power to break such systems. They attract some of the most brilliant mathematical minds in the world and actively pursue these employees. You are really unlikely to out "security engineer" the NSA especially since the USG can control legally what technology you are allowed to use and export. Who designed your encryption algorithm and which one of your employees is a qualified cryptographer that can assure you that it is secure enough. Is he qualified to tell you what backdoors or capability NSA has to break that encryption method? Do you have the technical experts to assure you that no US intelligence service has penetrated your human or technical resources? Do you think no one in your organization would plug something into your network if it comes with a bag of cash or a threat attached to it. If so, I think the NSA might offer you a lucrative job. Remember these are the same guys who are supposed to break the communications of foreign governments and by all accounts are fairly good at it. I don't want to bet my job on defeating them. 2. If the political environment allows, they will simply pass laws along the lines of CALEA to give them the legal right to tap your traffic. Even if you won the technological battle they can instantly trump you with key escrow and other such legal force means to defeat you. If the political will exists they can pass a law requiring you to pass them all information in plain text. Game over, you lose. Just try to defy a FISA court order or refuse a CALEA tap and see how long you are in business. There is always a debate of privacy vs security and there always has been in one form or the other. This is expressed by the people of this country in their political and economic choices. I know it does not seem like it sometimes but the government will only do what the majority of the people will accept most of the time. Every decision a politician makes is a balance between what he wants and what he thinks he can get away with. He want the information but it is only useful if he maintains his access to power. As you see, the ONLY solution is the political will to limit the governments powers. The only way that is done is to threaten the power structure or financial structure. The history of the best technical solution winning inside the US Government structure is pretty weak. POSIX compliance, ADA programming, need I say more? I say this as a former network engineer in the United States Air Force. As far as both parties being responsible for this, I agree completely. Everyone knows that information is power and everyone wants as much information as they can get. The only way to influence that is to make the cost of illegal information collection too high a price to pay for the politicians. The NSA will only use the technology they are allowed to use by whomever is in power. No one over there wants to go to jail and most government employees do not want to put their neck on the line if they know there is no safety net. The Director of NSA answers to the President. His job is to get the information the USG wants and not get anyone fired doing it. Everything he does is about that balance. If he does not do it, the President will appoint someone who does. Historically the NSA is directed by a General officer from the military. They generally follow the orders they are given by the President and that is where the power really lies. It is the job of the Congress to oversee that and ensure the limitations are being followed. If that is not happening, it is up to the citizens to replace the President or Congress with someone who will follow the will of the people. Steve -----Original Message----- From: Royce Williams [mailto:royce@techsolvency.com] Sent: Friday, September 06, 2013 9:56 AM To: NANOG Subject: Re: The US government has betrayed the Internet. We need to take it back [snip] http://www.motherjones.com/kevin-drum/2010/02/daniel-ellsberg-limitations-kn... I think that Schneier's got it right. The solution has to be both technical and political, and must optimize for two functions: catch the bad guys, while protecting the rights of the good guys. When the time comes for the political choices to be made, the good technical choices must be the only ones available. Security engineering must pave the way to the high road -- so that it's the only road to get there. Royce [snip]