This is something I have often wondered: if cryptography didn’t work the way it does, would we still believe we are owed the privacy it bestows upon us?
In other words, there’s a conflation of “what cryptography enables” with “what governments shouldn’t do”.
That seems, from a policy POV, bad!
@_dm @robryk
I don't see this cryptography debate where I am (it may be a specific US thing).
But there is also the aspect that we reasonably only ask for rights that have a chance of working.
For a silly example, nobody asks for a general right to remain unknown - that nobody anywhere can mention you or your existence without your permission. Not because it wouldn't possibly be a useful privacy right, but because enforcement would be impossible.
@jannem @_dm @robryk I do think it’s somewhat US-centric. American privacy arguments often center on a 1st Amendment right to use cryptography, whereas many European rights center on the right to privacy itself (which is less well anchored in US law or tradition). So it may be, as you say, just about what works.
@robryk @_dm Maybe. I don’t know.
Insofar as we’re talking about security mandates, what you say makes sense: we mandate what’s feasible. But I think there’s also a more moralistic tenor to privacy advocates’ arguments—like, “governments should not monitor their citizens”. But for the most part, I think, we don’t make those arguments in terms of, you know, “steaming open envelopes would be wrong.”
Rather, we say “citizens should be allowed to possess strong cryptography.”
(In the American context, perhaps this reflects the explicit First Amendment guarantee of speech, for which there is no analogous explicit guarantee for privacy.)