Despite the business of VeriSign showing that effective security requires a mix of technology and social policy, its amazing how little folks really understand security models for the internet. Perhaps it’s the attitude that prevents understanding (based on on wanting absolute control).
I don’t have that attitude, recognize that of course – eventually – I want cooercive (spying) power in the hands of governments. That is the public trust concept. (Surely if you accept that the FBI’s Hoover had every right to murder state enemies (as he saw them) in his electric chair , you can surely accept he can spy on a few documents! (Of course I would also want the federal government deciding whether a gun can go between states (and a township might decide to outlaw them from all licensed buildings… or “congested areas”).
But, I also want a quid pro quo, in which there has to be pain point(s) to be passed before the different levels of coercion can be performed. And those pain points are not stooge judges, in secret courts (which is pointless). In the internet security world, this means that the cooercing entity has to have and to gain increasingly difficult to obtain action power, against me – in order to have the power to make my commodity device now act against me – thus ever increasing my legal jeopardy before their (proper) investigation. Of course that means the crypto within it now must not, eventually, do what the vendor implied (keep things confidential). And, it may means that the device starts lying about who is doing a logon with “your” credentials to gmail (with the passive but enabling consent of the vendor, such as Google).
I learned long ago that the cost of compromising an offline ROM’ed device without being see to do so is MUCH harder than when one similarly attacks ANY networked device, with a flash chip. So I expect to use an offline “calculator” to know if my PC or phone or tablet – or any online device such as your internet-enabled DVD player – has been tampered with. While it should be possible to also compromise the offline device, recognize that it is – and has to be – MUCH harder to do it, and even harder to do it covertly. Essentially, it comes down to break and entry (which the UK is great at).
This gives a certain amount of balance, back – which is what you want. Neither party has too much power, and its not TOO easy to either assert or deny privacy. At the same time, at the end of the day, all devices have to be compromizable – unless design for regulated military purposes.