What you're asking for is to go another step: to be able to spew unencrypted bits all over the internet for any of hundreds of sysadmins and network engineers to see, then turn around and claim its private. You want to broadcast your location in real time to Google and ATT, who sells it to advertisers, then claim its private.
Maybe you should be able to do that. But its disingenuous to claim that what you're asking for is basic human private communication. What you're asking for is for the government to treat the internet as something other than what it is: a public network designed with almost no thought to keeping information private. At the most basic level, being a routed network with no built in encryption IP leaks your data out to every intermediate router on the way to the destination. SMTP passes your clear text email through multiple servers on the way to someone's inbox. Its a vast system designed with no thought to leaking your private data out into the world.
Maybe its because nobody teaches low level networking in school anymore, but I'm amazed at how many technologists indulge what is a technical fiction: that the two ends of a socket are connected by a private link.
For most of history, the way people communicated at all was to speak to someone face to face. Luckily for us, modern technology provides other options. Surely you're not seriously suggesting that the principle of privacy and the arguments for why it is a good thing do not apply in any new context?
What you're asking for is to go another step: to be able to spew unencrypted bits all over the internet for any of hundreds of sysadmins and network engineers to see, then turn around and claim its private.
I don't see anyone here claiming that. It seems to me more often in this general debate people are asking for rather more reasonable things, like:
1. If you send data you intend to be private over the Internet, for example by encrypting it and sending it to a specific recipient, you shouldn't have to worry about crackers, communication services, or governments that don't have a good reason expending significant resources to infringe your privacy anyway.
2. If you choose to share some personal information with a modern service like Facebook, and choose to use the provided options to restrict who else gets to see it, you shouldn't log onto Facebook one day and find it's all been shared with other people anyway.
3. If you do want to visit someone to communicate in person the old-fashioned way, you shouldn't have to forfeit all of your normal rights and be subject to arbitrary invasions of your person and possessions just to travel.
None of these things matter if you live in a quiet countryside village and the only people you ever want to communicate with privately are your neighbours, but for most people in the western world, these activities are a normal part of modern life, and it is not unreasonable to expect governments and laws to protect everyone's privacy while they do them.
No, I'm not suggesting that. What I'm suggesting is that you have to be honest about the argument you're making: we should take some of the principles that applied in the old context and apply it in the new context, based on sociological evidence about the parallels.
> I don't see anyone here claiming that.
But that's what it boils down to. You want to take something that is not, as a matter of fact, private, and have the government treat it as being private. You're begging the question, which is: can you reasonably expect internet communication to be private? At the purely technical level, there are good reasons for answering that question in the negative: how can you reasonably expect communication to be private when you expose it to so many people over a network that's totally not designed to keep it private? Surely mere intention can't be controlling.
When you send an e-mail in plain text over the internet, more people have access to the contents of that message than if you had posted it in a bulletin board in your office. That's the technical reality of how the internet works as a routed system.
Maybe it's the case that you want to accept that technical reality, but for sociological reasons nonetheless indulge the fiction that internet communication is indeed private. That's a perfectly fine argument to make. But you have to acknowledge that this is the argument you're making, not get outraged that the government doesn't take that premise for granted and doesn't automatically indulge that fiction.
You keep coming back to the idea of sending unencrypted data over the general Internet. Of course it's not realistic to secure that.
I am more concerned with privacy violations where people do make reasonable efforts to keep their data/communications private, for example using encryption, but where those methods are then thwarted through abnormal means: untrustworthy infrastructure providers who give up root certificates, organisations with data centres the size of a small town having both access to vast quantities of data and the power to brute-force the decryption, government agencies holding you at an airport for hours under anti-terrorism laws and demanding all your passwords or very unpleasant things that would be illegal under normal conditions will be done to you, that kind of thing. (The last example is not intended to be a political statement, just an obvious topical example of how powerful organisations can circumvent otherwise competent encryption and thus breach otherwise private communications.)
[Edited to add:] The other big issue, IMHO, is whether people using services might think them to be reasonably private when in fact they are not. There's not much value in debating points like the ones I made above if the reality is that when Joe sends Jane an e-mail he erroneously believes it is already reasonably secure and private. This is, of course, primarily an issue of education and in particular of "honesty in advertising", rather than a technical failure, but it's still a big part of the problem today: why would people look for better solutions to a problem they don't realise exists?
If you ignore cell phones and cars that constantly broadcast their positions, surveillance cameras everywhere, and that there are no sidewalks and no commons anymore, so where would you meet these people and how would you meet with them without the information being observed and stored?
The only possible goal of a system intended to flawlessly prevent 'terrorist' conspiracy is to create a system that flawlessly prevents unrecorded association and communication. The Stasi managed it with technology that was available in 1789.
This has nothing to do with computers, other than the terrible fact that they make doing this a lot cheaper.
Privacy means, in part, freedom to be yourself.
That's foolish. Ever since it was introduced people knew that email was not private. You should expect that everything you put anywhere is going to be read by spies. That's why spies exist; to gather information.
You use that as part of your risk assessment.
"Will I be sentenced to death or torture if this document is discovered?"
"Will I go to jail if this document is discovered?"
"Will my company lose business if this document is discovered?"
"Will I be embarrassed if my terrible teen-angst poetry is found?"
Then you decide how much effort you're going to use to hide the information, or the source of the information, or both.
While it's right that governments shouldn't be wasting money slurping the data of everyone it's unlikely to be an argument that the public will win any time. And even when there are laws "They" will find a lawyer to tell them that what they're doing is legal, and no-one ever gets to take them through court to show that it isn't. Oversight fails. You should assume a well-funded government is reading everything all the time. I suspect that makes more of a difference if you're in $Oppressive_Regime than in the US or UK.
And if people really did care why would they dump so much stuff onto Facebook?
 see the mistakes that people make with creating encryption products, and using those products, it's probably a good idea to assume you've made a mistake and this government can read everything even if you encrypt it.
I assume this is hyperbole, but even if it is, the whole point is that we shouldn't have to live in a world where this assumption is anywhere close to valid. The spies, after all, are paid for by taxpayer dollars.
> "You should assume a well-funded government is reading everything all the time. I suspect that makes more of a difference if you're in $Oppressive_Regime than in the US or UK."
The latter sentence might be reassuring today, but since both countries are building the infrastructure of a surveillance state today, who's to say that years from now living in the US or the UK will be any different than living in Myanmar or Saudi Arabia? Better to prevent the infrastructure from being built in the first place than to trust that it will be used responsibly by a government which fundamentally has no incentive to do so.
> "And if people really did care why would they dump so much stuff onto Facebook?"
Maybe they just don't understand how their shared info can be used against them by governments, advertisers, etc? People were up in arms when some employers started demanding passwords to their FB accounts. That indicates that people understand on some level that their FB data can be used against them.
The closest analogy in the physical world is a letter. We have an expectation that won't be opened. Unless educated otherwise, a lot of people transfer that expectation directly.
Cf. mark zuckerberg's early amazement that people would enter all kinds of information into facebook
For as much as folks half my age are purported to understand technology, I think we may have received better general instruction in using the internet in years gone by... or maybe we were just more wary of it, knowing that we didn't understand all of the implications.
Now, people treat e-mail as a default. Most people my age and younger (28) never bother to inquire how it works. They just sign up.
Younger people may be fluent in the use of technology, but understanding is a much rarer beast.
The closest analogy is a postcard, and that's the analogy that is often used.
> We have an expectation that won't be opened.
But you don't send cash through the mail, because you know that even though there are strict laws in place people do steal cash from mail. We expect that valuable stuff is vulnerable. We send it by courier, with insurance, with tamper-evident seals. Or we put it in a locked case and give it to an employee to take. Or we put it in a diplomatic bag.
People just don't think their letter to Auntie Flo is as valuable as a $10 bill. It's a shame they need to start protecting all their information, but they can't really say they weren't warned.
Yes, the closest analogy is a post card. No, I do not believe it was the one used most often. Perhaps now it is, but not in the early days. Sending letters is the most common analogy I've come across and every icon, graphic, etc related to email has reinforced that view (it's even called mail). It's reasonable to assume that non-tech people using email today have based their assumption on a false analogy.
> "People just don't think their letter to Auntie Flo is as valuable as a $10 bill."
Following on from my point above, people have a reasonable expectation that their mail isn't being opened and scanned by default. That's why it's ok to send letter to Auntie Flo complaining about your boss etc. No-one is making value judgements the way you describe every time they hit 'send'.
"Whoever takes any letter, postal card, or package out of any post office or any authorized depository for mail matter, or from any letter or mail carrier, or which has been in any post office or authorized depository, or in the custody of any letter or mail carrier, before it has been delivered to the person to whom it was directed, with design to obstruct the correspondence, or to pry into the business or secrets of another, or opens, secretes, embezzles, or destroys the same, shall be fined under this title or imprisoned not more than five years, or both." 
> "... but they can't really say they weren't warned."
When were they warned and how? By all those people from the past? Weren't those folks lumped in the same category as alien abductees and conspiracy theorists?
That's ridiculous. It seems like you're condoning mass-surveillance by saying "It's their job". Doesn't the government get to tell them what their job is and don't we get to tell our government what we think?
Why is it called "mail"? Why use passwords? Both connotate very specific degrees of privacy. Social signals and technical hackability are not per-se comparable benchmarks for 'privacy expectations'.
I did not expect that every single one was slurped and stored by my own government, particularly in cases where it doesn't even cross any national boundaries.
I'm still struggling to understand why GHCQ having a 3 day cache is so much worse than all the other privacy violating stuff that goes on. (I am annoyed by the failure of oversight; by the weird wriggling around laws; and if anything I'm more annoyed that they have all this information and don't appear to be using it to lock up criminals.)
But I'm not that* worried about GCHQ. I wouldn't be able to afford the steel blast door if I was worried about a well funded government agency getting my stuff, and I know that merely saying "it's illegal" isn't a strong protection against bad actors.
I'm a lot more worried about my local council. GCHQ hasn't done anything to me. (And is unlikely to, unless I marry a journalist working with government secrets.) But my local council will invade my privacy - they used to sell CCTV camera footage to tv shows; they spy on homes to assess school entry or parking permit validity; they do a bunch of unsavoury stuff.
I'm worried about the records my doctor holds, because there are risks of people losing memory sticks or giving information out to other people over the phone or not destroying hard drives correctly, or of staff gossiping (or being corrupted with bribes).
I'm worried about the data my phone company holds, because people do misuse access. (http://www.independent.co.uk/news/revealed-how-to-hack-into-...)
> In an astonishing breach of security BT Cellnet has handed out, over the telephone, a confidential pin number allowing the recipient to listen in to the confidential messages of any of the five million customers on their network.
> The Independent on Sunday has that pin number and yesterday was able to hack into the message systems of 15 people. Their permission was obtained in advance.
I'm just saying that while I knew it was trivially easy to read email just by sniffing the wire, while I knew that they could do this and probably were, that doesn't mean that I expect that sort of behaviour from a democratic government or that that expectation amounts to a sort of implicit permission to treat the data as public.
For a counterpoint - email from government departments comes with footer text claiming it private and confidential!
I think we are probably using expect in slightly different, nuanced ways. I may expect that they do it (in the sense I think it's likely) because I'm a realist and also a cynic. But in other ways I don't expect it (in the sense I don't think it's reasonable behaviour).
Of course this is a "probably" type of thing, but just worth noting. Assume it's plaintext, but it probably isn't.
The fact that one now has to ask themselves this question is disturbing. Torture is now a part of the american thinking.
Typewriters were licenced equipment in some places; "They" would take a sample of type so they could link documents back to the licence holder.
Luckily, for the vast majority of people and the vast majority of documents the answer to "will I be killed or tortured if this document is discovered" is "no", even in the US.
I do not intend to use a privacy service from someone who claims it is easy (it isn't) while confusing privacy with authentication.
I may not wish to give up my password because I don't want actions to be taken in my name: this is irrelevant to privacy concerns.
Or a read-only access to whatever online service you're currently using?
I believe that privacy and free (as free beer) is an utopia.
Economist George Akerlof pointed this out in his 1970 paper "The Market for Lemons: Quality Uncertainty and the Market Mechanism.". The way society fixed it with cars, was to introduce Lemon laws. If they hadn't introduced those laws, people would likely sit here and argue that nobody values what material the car chassis is made of, or if gas fumes leaked into the compartment. Nobody would value safety people would say, as everyone would rather buy the cheap car over the expensive (and more secure) ones.
Far more interesting to note that paid services (yes, people used to pay for e-mail) have largely been elbowed out by services that look as though they are free, but actually extract their payments by guile and deceit. Now that the general public is starting to appreciate the value of their personal data, perhaps we'll see a rebalancing of the market.
Computers are just a black box to them with something magical happening underneath (I'm not kidding here). If they don't understand what they are using, how can they understand the tradeoff between something free vs something they pay for?
So your point is basically that you think "most people" are stupid? Good luck with that.
The issue is that of education--many people haven't made the connection that to get a lot of the neat features they like (geolocation, frictionless sharing, etc.) they need to allow some fairly invasive personal data mining. They don't understand that sharing certain things and using certain apps also causes the data of other people to be exposed.
I think (hope) that if people new more about this, then we'd see the social mores change a bit. Unfortunately, that sort of education and public service announcement takes money, and none of the players in the Valley or elsewhere want to do it, because it would negatively impact their viral coefficients and user engagement.
You got me at news, I like free news. The problem with news is that my news doesn't come from a single source, so I'd feel a little foolish paying for the New York Times (which I read often, and subscribe to their free headline service), since there's so much other good news sources in addition. NYT doesn't seem special enough to pay for, when there are legal ways to read it free and when the same news is often reported elsewhere, and usually reported just as well.
News is tough.
That meme is grossly outdated.
It's entirely possible (and happens) that you can be both paying for a product and be the product that is sold on (by having your data aggregated, analysed, fed into other systems etc).
Isn't this part of what Big Data actually means? It's essentially a way for a company to get paid at both ends (which I don't have a problem with), but it can create competing incentives between users and companies (which I do have a problem with).
This debate is far more complex than just 'free vs paid'.
"Paradoxically" you say. I don't think there's a paradox here. I think it's far too rare that people use these tools to protect themselves, and therefore the surveillance community sees it as a potential flag worth investigating.
Therefore, we should all use these tools, make them common place, and force them to learn to be efficient at their jobs tracking down actual risks.
Pointing to the status quo and saying that's all there is doesn't help us much.
(And yes, I'm being lazy here in not justifying my assertion that we should all be able to have that expectation of privacy; I haven't had my morning coffee yet, so just take it as a lemma.)
Not to say that we shouldn't _demand_ privacy.
I agree nonetheless. apart from the 'give me your passwords' example, that's not what privacy is about. 'automatically cc me all your incoming and outgoing email' might be a better analogy.
if you take steps to ensure privacy you should probably realise that they are all futile in the face of someone making a targetted effort to break it...
eavesdropping, espionage, noseyness - these are nothing new... see most of recorded history for examples.