This is bound to do some serious damage to the wallets of large US tech companies.
Also casts severe doubts on the claims of innocence by other tech giants.
I know tptacek will be on my ass for this one, since clearly he has good connections with security people at Google, people that he respects, and it seems they've assured him that no such thing is going on. But perhaps Thomas should consider the possibility that those good connections were either unaware of this program because they didn't have the right level of access, or were not allowed to tell him about this due to his own lack of security clearance.
I'm actually secretly hoping Google (and the rest) gets found out doing the same, too (that PRISM slide seemed to imply all on the list gave direct access, not just some, I think). Because if they do that, and they get exposed, they might actually be forced to offer end-to-end encryption for their services to regain their users and their customers' trust.
My trust for all of these companies is lost anyway. I can't trust them anymore until they remove the need to trust them, by offering end to end encryption. Because even if they are "good guys", who knows what kind of stuff they are "compelled" to give and how much. And for that reason I can't trust any of them anymore, until they make it so I don't have to trust them, and remove any doubt that they can be involved in it.
You may say, but if it's such a big deal to you, why not just use an alternative solution for that? Yeah, sure, but what about the other hundreds of millions of people not doing that? That's why we need the big guys to be our allies on this, so not just me or even everyone on HN gets really secure communications, but every one of their users. Plus, these e2e encrypted services don't work or aren't practical unless you have all of your friends using them, so there's that issue, too.
My trust for all of these companies is lost anyway. I can't trust them anymore until they remove the need to trust them
I'm not sure that is at all achievable as long as they have the ability to hold any significant data centrally...
So that makes services like Gmail and Google itself... all impossible. Even GDocs and GDrive (potentially achievable with some client-side encryption) would require trusting Google that it does not transmit anything to the backend.
There is no way Google will do that, so the only alternative is: replace the Google behemoth with a million alternatives. Reverse the trend of centralisation and instead offer a myriad services that all do more or less the same thing, but in different jurisdictions, with different security protocols, etc.
Any industry player that can store a significant fraction of the world's information in one place is a danger to freedom, since eventually they will be secretly requested to hand it all over by a secret court.
A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication.
So, if the carrier provides the encryption he will be responsible for "decrypting, or ensuring the government’s ability to decrypt" that encryption.
Conclusion: securing communication (in US) can only be done with external tools/plugins
Why would they need customers, whose email they won't be bale to read? There is a reason these services don't have end-to-end encryption, without a man in the middle there is no way to monetize on peoples data.
Also casts severe doubts on the claims of innocence by other tech giants.
I know tptacek will be on my ass for this one, since clearly he has good connections with security people at Google, people that he respects, and it seems they've assured him that no such thing is going on. But perhaps Thomas should consider the possibility that those good connections were either unaware of this program because they didn't have the right level of access, or were not allowed to tell him about this due to his own lack of security clearance.