So who the F can we trust? All those denials from everyone and now we see this, which I kinda suspected since Verizon was ordered to hand over the same for phone calls.
I am channeling grugq here. The answer is clearly stated in Biggie's 3rd Commandment of OPSEC:
Number 3: Never trust nobody
Your moms'll set that ass up, properly gassed up
Hoodied and masked up, shit, for that fast buck
She be laying in the bushes to light that ass up
I think that line pales in comparison, and that is being generous. Anyway, Carl Malamud was already using it for a different purpose: https://yeswescan.org/
That's pretty restrictive. I know a large number of scientists and computer programmers who believe the only thing you can trust are protocols and math, and they're usually completely unable to function outside of the narrow domain of their work.
I think a better philosophy is to trust that people will behave according to the incentives and information available to them. So if there is an organization out there, you can bet that it will act to expand the scope of the organizations' actions, because organizations that don't do this eventually get replaced by ones that do. If the organization is tasked with keeping tabs on all of America's adversaries, you can bet that they will see adversaries wherever possible to preserve a purpose for the organization.
> I would bet good money they already have working quantum computers, in which case current crypto may have quite a few problems.
Both statements in that sentence are ridiculous. Do you also wear a tin foil hat while having such thoughts?
First, quantum computing is one of those fields for which you need the brightest minds to solve it. Government jobs may still be attractive for researchers, but if they need to keep such developments a secret, it means they have to limit themselves to the people they can actually hire. This means their talent pool will be more limited than that of a company like Google, or a university like MIT, organizations that can always collaborate with whomever they want in the open, including foreign companies and universities. For building a practical quantum computer, they can have big budgets too, given that companies like Google are interested in machine learning, not to mention the pool of investors that would be dying to be a part of the next revolution. Some of the brightest minds we have worked on quantum computing already, in the open. The idea that a single country's government would be able to do a better job, in secret, is preposterous.
Second, quantum computing doesn't solve P = NP. The difficulty of brute-forcing AES-256 is only reduced to that of AES-128. It is something, but not much and that's only speaking about asymptotic complexity. Going from a feeble experiment in building a quantum computer to building farms of such computers to run distributed algorithms on them - well, I can assure you that farms of commodity hardware with capable GPUs will be used instead for a really long time.
It's not that unrealistic. Correct, it does not solve P = NP. It does, as another commenter pointed out, make it much faster (feasible) to reverse RSA by factorization.
Re: Recruiting. There are a _lot_ of very bright minds working for the government. Don't forget that the government is willing to pay literally any price to get the talent they need, and say "we will give you unlimited resources to all materials, any budget, anything".
Investors look like a joke if you get paid a large sum and have unlimited resources. Often with TS technologies you can still declassify parts of your research for the public and co-author papers. This is the same thing we do when say, the M1 Abrams Tank. We will export everything except still-classified parts to foreign countries for sale.
There are 5 Nobel prize winners at NIST alone, 4 in physics and 1 in chemistry.
It may be true that you can't trust anyone in the abstract but practically speaking we need to be able to trust our government, to a point, with all sorts of powers and abilities.
Consensus mistrust of the government should worry us more than any particular capabilities it has.
Consensus mistrust? Did you just coin a new phrase or is that some new lingo the kids are saying these days? I have never heard it before and google was no help.
I think the issue here is not so much "trust" but "trust and verify." With a proper level of effective oversight it seems that things would be much different.
