It feels like we are collectively missing the point.
The problem isn't so much that governments are spying on their citizens so intrusively: It is that they are able to spy so intrusively.
Another thing: Anything the NSA can do the mafia can do also, albeit on a smaller scale. Regulating the NSA will do nothing to stop other actors, including some decidedly unpleasant ones.
This is a far bigger problem for technology than it is for government.
Why are we making technology with so many gaping vulnerabilities?
Surely there is something wrong with the way we develop software and hardware if it is so easy for us to ship vulnerable systems and so hard for us to secure the systems that we have already shipped.
This is a hard problem to solve, but until we put our man-pants on and face up to it, then we remain stuck.
Everything else solves only a tiny fraction of the problem, and mostly serves only as a distraction from the central issue: The technical challenge of making systems and software that we can trust.
While it would be nice to have utterly fireproof houses, it still makes sense to disband the government agency of mentally ill firebugs who run around lighting everything aflame they can find while chasing shadows.
Being smart about security is all good and well, but it doesn't mean bad actors should be tolerated. It's like saying the real problem in a war-zone is not the aggressors, but the lack of bullet proof vests, helmets, and gas masks, and the civilians caught up in it should put their "man-pants" on.
I take your point, but the phrase 'being smart about security' trivializes a task of monumental proportions.
We need to rethink how we design software / hardware systems.
We need to rethink what we mean when we talk about software engineering professionalism.
We need to rethink how we approach quality and liability issues.
All of these things go so much further than just 'being smart about security': They go to the very core of our profession and how we organize ourselves.
True, we need to contain bad actors, starting with the ones who are actually criminal and hostile, but that comes a distant second to the imperative need to get our own house in order.
The security services are literally the least of our worries, and (almost) the last thing we need to worry about.
The government is able to do an unimaginably large number of things against the public: foremost, in this case, is their ability (so far unused) to ban unbackdoored systems outright. Unfortunately for us techies, the proper approach is to get the people who are doing this to stop trying.
The problem isn't so much that governments are spying on their citizens so intrusively: It is that they are able to spy so intrusively.
Another thing: Anything the NSA can do the mafia can do also, albeit on a smaller scale. Regulating the NSA will do nothing to stop other actors, including some decidedly unpleasant ones.
This is a far bigger problem for technology than it is for government.
Why are we making technology with so many gaping vulnerabilities?
Surely there is something wrong with the way we develop software and hardware if it is so easy for us to ship vulnerable systems and so hard for us to secure the systems that we have already shipped.
This is a hard problem to solve, but until we put our man-pants on and face up to it, then we remain stuck.
Everything else solves only a tiny fraction of the problem, and mostly serves only as a distraction from the central issue: The technical challenge of making systems and software that we can trust.