All this ignores the contradiction between the privacy invasion business model and privacy needs. As long as you have major tech companies (most obviously Facebook and Google) reliant on being able to read the communication of their users then you're going to by consequence enable an NSA or similar to intercept all the messages.
There isn't a legislative answer to this problem, yet there are theoretical technical answers, but these do not fit with the business models in use today. To fix the problem the market dynamics will have to change.
It's not just the "privacy invasion business model" (which sounds a bit tinfoil-haty), it's the fact that protecting privacy is really hard. I work for Silent Circle, and the MO is to store the absolute minimum data possible, which makes it hard to use services most companies take for granted, such as analytics, error reporting, error logs, etc.
Doing your job is really hard when you can't use things like analytics services, or detailed logging, or proper feedback. Everything has to be open source, self-hosted and some things other businesses can easily use are just flat-out impossible to do. Any business that does something you want but that requires that data be sent to it will just not be used.
Few companies that don't explicitly have the word "private" in the description of their core product will be very inclined to jump through all these expensive hoops. Hopefully changing the legal situation so the NSA can't just jump in and grab whatever it wants will help this a lot.
Like everything else in security, there's a clear cost/benefit curve. It's actually dubious to make a distinction -- privacy is a form of security and its absence is a lack of security.
To get what I call hard privacy online, you must use full isolation and onion routing. There is no other way as far as I know. But we could go a long way toward making mass surveillance harder, less accurate, and more expensive by just deploying encryption, low or zero knowledge services, and by educating users to change their buying habits to favor more secure products. It would still be possible for a determined well-funded attacker to track you when using these tools, but it would raise the bar and that's a start.
While Facebook & Google get a marginal benefit from being able to read user-to-user communications, I doubt they're "reliant" on that. They have plenty of other explicitly-public, or intentionally-shared, signals to target their ads. For example, for now the only thing Google is absolutely 'reliant' on is seeing the queries you send their search engine.
Wait, so the standard by which we're deciding whether or not we're cool with unaccountable private entities reading our personal communications for their own (again, unaccountable) ends is whether or not they're "reliant" on it?
It's not that we're cool with it, it's that they don't need it. They can stop if customers decide it's sufficiently important. If all Google had to target ads with was the search terms for an individual search, and they otherwise had no idea who you are or any history on you, they would still be making megabucks. Progressive and All State are still going to pay a ton of money to show ads to anyone who types "car insurance" into the search box.
They might make less money than if they can target more accurately, but not so much less that their business model isn't viable. Which means the issue isn't the business model, it's how to actually design systems that preserve privacy.
People can and do sue Google all the time for violating laws and their own policies for Gmail. Turns out they rarely have a legitimate case, but the point is that Google is not unaccountable except in the imaginations of cynical paranoiacs who, by painting an exceptionally well-behaved company with the same brush as admitted adversaries, undermine incentives for companies to behave well.
No, but the idea advanced by ~fidotron, in the comment to which I was specifically replying, was that big companies like Google and Facebook will fight secure communications because they're dependent on viewing users' communications to make money.
They're not; other more-public or inherently-shared signals are far more important drivers of profit for them. Their businesses leave them plenty of room to be allies in a drive for secure communication.
(Pressure from their governments is of course another matter. But their business models are not a major problem.)
More precisely -- it focuses only on public sector mass surveillance. Private sector is in some ways more insidious since they are not bound by any laws, and are also in some ways even less transparent than the NSA.
Actually, it might be easier to simply treat them (NSA and Google) as the same entity, given that Google was created by the TLAs[1]. It seems the surveillance business model isn't really separate.
As for technical solutions - I seriously doubt that will stop much when you're facing what is effectively a new version of COINTELPRO. Especially when your enemy has access to not only the government purse, but also the giant pile of money at Goldman Sachs[2].
I fully agree there is a lot that needs to be fixed in terms of technical solutions - encryption must happen - but this is of government agencies going rogue and they need to be reined in if we want to keep what's left of this country.
--
Serious question for everybody:
Many high-level people in the government seem to be explicitly violating the constitution while generally acting like know the law can't touch them, and the NSA and CIA seem to be very successful controlling the situation (CIA: avoiding prosecution for torture when it should have been easy to at least get a trial, NSA: forcing bill amendments like the recent Section 309 mess, not to mention the blatant 4th amendment violation of most of their recent activities). These kinds of activities should be solved by legal prosecution and regulation, but those solutions seem to be growing less and less likely.
If the intelligence community has replaced some or all of the Constitution... at what point can w4e start calling this a coup? Also, at what point does actively trying to subvert the constitution - the thing most of these people should have taken an oath to defend - does this not meet the very definition of "making war" against the country?
Pretty much every piece of IR research at US universities is funded in part by programs that take money from defense programs. That article goes a long, long way from anything supported by the facts the author claims.
There isn't a legislative answer to this problem, yet there are theoretical technical answers, but these do not fit with the business models in use today. To fix the problem the market dynamics will have to change.