Why would a terrorist use a bomb? Why not simply turn on your iPhone?
Even if the phones pose a risk, the reason a terrorist (rather than a mere murderer-suicider) wouldn't do that, is that it wouldn't terrify anyone.
Here's the reaction a terrorist bomber gets: "Damn, we lost another plane. Did you see that explosion? Wow! I don't want that to happen to me. I'm scared! I'm going to stop flying and write my congressman to pass laws to give into that terrorist's cause."
Here's the reaction a terrorist phone-power-upper gets: "Damn, we lost another plane. It was supposed to turn left, but didn't. Pilot error, I guess. Oh well."
Now you might think that the terrorist's buddies could just issue a statement after the crash: "No, it wasn't pilot error. We had a guy onboard who turned on his cellphone. Muahahah! Fear us! Write your congressman to get US forces out of the middle east!" But if that works to terrify people, then they don't even need to crash a plane. Just wait for the next unexplained accident and take false blame for it.
Is it really that difficult to stop using your cell phone during takeoff and landing?
This is a completely irrelevant point.
Imagine someone in authority made up a rule: "If you have gum in your mouth, you have to stop chewing whenever you're within ten feet of anyone who is wearing a red and white striped shirt."
I almost never chew gum, and I almost never happen to be near (or even see at a distance) people wearing such striped shirts. This rule would not be onerous, and if I complained about the rule, you would just as right to chide me: "Is it really that difficult to stop chewing your gum when you're near someone with a red and white striped shirt?"
No, it wouldn't be difficult. But if you did happen to be chewing gum and suddenly found yourself within ten feet of a stripe wearer, what would you do? You would keep on chewing and think, "fuck that stupid arbitrary rule!"
Ease of compliance isn't what matters. The only important thing is whether or not the rule has reason to exist. If a rule doesn't have sufficient justification, then it should be ignored no matter how easily obeyed. (Note, though, that sometimes the existence of enforcement is the immediate reason to obey the rule rather than ignoring it. This is why you don't even try to bring your harmless pocket knife onto a plane.)
Beyond the irrelevance of the point, I also think it is harmful.
There is already a trend of "overcriminalization" where we are subject to a great many rules, laws, and conditions that don't make sense. So we disobey them whenever we think we can get away with it. We are also subject to some rules, laws, and conditions that don't make sense to us as laymen, but actually do have justifications that we're unaware of. But 90% of the time that The Man tells us to do something that we don't understand, he just happens to be fucking with us rather than actually having a good reason. So we disobey these rules too. Stupid shit undermines respect, so the last thing anyone should say to justify a rule is, "but it's easy to comply." No, you've gotta explain why. Saying anything else just reinforces peoples' belief that there is no "why."
A phone is roughly about as likely as a laptop, to be stolen or lost. Just ask the Apple employees who bring their prototypes to bars. With portable things, shit happens to a greater degree than with desktops and their tangle of cables that have 'em effectively anchored to your desk (at least losing that requires malice).
So if you have sensitive stuff on it, then you already knew your phone was a risk. You dealt with this question before you even had a "smart" phone.
The cops and lack of warrants stuff is interesting, but doesn't change the scenario. Even if SCOTUS reverses the warrantless search decision, not everyone who steals or finds your phone is subject to constitutional limits on government. And even if you think that government is the only threat (there are no common criminals or nosy people, the world is full of 100% good people from 1950s TV shows) then imagine someone finds your phone. Obvously they're going to hand it over to the cops for 30 days so that you can go get it back. So now the cops have a reasonable expectation to go poking through the phone anyway just to try to figure out who to give it back to, so there ya go. Ignore all the legal issues here; none of them end up mattering, from a security standpoint.
I found it strange they left out the N900 when talking about how to deal with the problem, since that phone is probably the most capable thing on the market, being able to use the tried and true solutions that people have been coming up with over the last few decades. People shouldn't talk about this tech only in terms of the toylike stuff that throws away all our experience, while ignoring the state of the art. If your phone can't encrypt, don't worry, your next one will.
My main worry about phones is that the usage scenario demands (?) convenience but having a user enter a reasonably high-entropy key is usually going to be inconvenient. I don't mind entering a passphrase when I turn on a laptop, but I'm used to being able to dial a phone without going through bullshit. Maybe we'll end up with some kind of partitioning, where lots of capability is available to "guests" but people sometimes login to do a little bit more (mount certain encrypted volumes), so people have to decide when to cross the inconvenience barrier or not.
The "virtual combination lock" picture looks silly; if there's enough entropy in that, then it's either going to be hard to reliably reproduce, or the users are going to be going through a very amusing performance. Long term, the key will probably have to be biometric. Or maybe a physical key (but I don't think so). These won't protect you from law enforcement or violent criminals, but that's not an interesting threat model anyway -- once someone has you then your throat is the topic rather than your phone.
Refusal by Google & Opera to pay MPEG's 10 cent/browser license fee is equivalent to me saying, "I am barred from watching SyFy Channel, because I have to pay the $60 fee to access it."
I think this bad analogy pretty clearly illustrates what the unwitting proprietary stooges don't understand. Refusal by software makers to pay licensing fees or agree to other terms in order to get permission to implement something, is equivalent to you saying, "Since people have to pay the $60 fee to do business with a single source, requiring the people to watch SyFy in order to get tax instructions isn't appropriate."
The problem isn't that you're barred from SyFy. The problem is that neutral entities shouldn't be making you do business with SyFy instead of letting you choose who to do business with, from all the choices that arise in a free market. A "standard" with licensing dependencies is like a government endorsing -- no wait, requiring -- a particular company.
You are allowed to implement WebM. You're allowed to implement Theora. You have to get on your knees and beg permission (and pay) to implement H.264. That (not just the money itself) is what makes H.264 inappropriate.
Think about all the non-proprietary stuff that browsers do, and what it would have been like if people hadn't been allowed to do all that stuff back in the 1990s. Now you want this one little part of the browser, to have a stranglehold? What's so special about video that we put up new barriers that we're used to not having, pretty much everywhere else?
One pundit predicts the battle will lead to yet another 'years-long standards format war.'"
Yeah, but this time, we the people will have someone on our side for a change. Unlike PNG in the mid 1990s and Vorbis around the turn of the century, the implementations we have will be big'n'mainstream. It's nice to not be a marginalized weirdo hermit for a change.
Adobe claims it is a DMCA violation to make software that is interoperable with Flash video. There might be some parts of Flash that are open, but playing video sure isn't one of them.
And as for the other parts, haven't you ever wondered why there is still only one full implementation of this supposedly open "standard"? Either the Gnash guys are incompetent (they aren't), Adobe's implementation is fucking awesome in everyone's opinion and all users are delighted with how great it works and the wide variety of platforms it has been ported to (they aren't), or the claim that it's open is bullshit.
So how do I convince the BMV and banks to offer this service?
You write a letter to Congress and the president, telling them that since they're already threatening to force the public to use a modern computer-y authentication system, then it might as well be built upon an established standard.
Whatever they propose, at some point it's going to involve someone looking at you and your credentials, and saying, "Yep, you're tepples," just like what you went through at BMV and the bank. And we already have a great system for how to handle that, under the hood.
OpenPGP's tech doesn't require airplanes; it's the currently-sparse group of users that (often) require airplanes. If were to become mainstream (which is what this story is about) and if government idiots don't screw it up (I can dream), then your next keysigning meeting could be at a neighborhood block party, rather than a nerd conference in some far-away city.
Saying "don't be a television and a web browser" is like pointing at a PDP11 running Unix and saying, "Don't be a document editor and also a formatter and also a C compiler." You're trying to apply the Unix philosophy at the wrong level. Look inside and then you'll see it. There's a codec library (and/or hardware) that does one thing well, and is used as part of many applications, just like "sed" is.
It's in your head. Obama (especially his DoJ) gets flamed and the flames modded up all the time. It happened before he even became president, when he voted for retroactive telecom immunity, and picked up again in his very first month in office when the bastard had his AG continue with Bush's "state secrets" arguments for why all the NSA cases should be stopped. People talk about all that stuff here, and not at negative moderation. He's hardly untouchable.
Who signs your license-to-do-whatever? Do you drive a car? If so, instead of MVD giving you a piece of plastic, just give them your key fingerprint and they can upload their signature to all the keyservers.
Did you personally visit your bank branch when you opened an account? (Yes, you did. You have to.) At that point, they can cert your key and that should be enough for them to believe that identity when used to access that account.
This all ignores the idea that people don't secure their computers so eventually the Bad Guys will get ahold of Joe Average's secret, but getting signed isn't really a problem.
Getting signed might be a problem for you and right now but that's because you're looking at it from a cypherpunk nerd perspective, where only computer dorks sign each others keys, so they only get it done when they travel and meet other dorks.
It'll be run by companies but we're hearing the idea from the government. I'm reminded of when Frank Zappa was at a Senate hearing getting grilled by the Mothers Against The Arts (MATA) -- no, wait, they went by the initials PMRC -- and a senator explained that they just wanted "private action" by the music labels to keep naughty music out of the hands of kids. Frank, sitting in a senate hearing building, looking around at a group of senators and their wives, having his words recorded on the senate record, said, "This is private action?" Hilarious.
Um, yeah, that's why we were all complaining about the Nanny State when Bush had Ashcroft go after the state of California over medical mariju-- wait, were we talking about Democrats?
And people decided not to use it. Raise your hand if you have an OpenPGP key and it's been signed by a lot of people (i.e. an identity, certified by multiple parties such that non-distributed systems seem like a joke in comparison). Ok, put down your hands; I was asking in the wrong place. Most people don't put up their hand here, so nobody builds upon the system.
Why would your customer do that? Buying from your website: no middleman. Buying your competitor's product from Apple: middleman. Assuming you and competitor's other costs are equal, you can offer your product at a lower price than your competitor's Apple Store price, with the same margin. You win.
Aha, so that's why we all use FAT file system on our Linux computers, none of which, of course, have multi-core CPUs, use X for anything more complicated than an xterm, fit in your pocket, or do anything more complicated on a network than talk gopher and NFS.
This is a mature industry now.
Wait, did you write that, or are you (mis)quoting Charles H. Duell?
Remember in Aliens when they had Alien-proof welding on the door?
Since putting alien-proof welding everywhere involves some significant time and materials, I won't talk shit about the space marines and their failure to establish an alien-proof perimeter. But we just have to click a mouse button. What's our excuse for not putting alien-proof welding on the ceiling?
And if it weren't for that damn crawlspace, the welding on the doors would have been a good use of resources. Don't let their failure convince you to stop welding your doors shut. I'm telling you, the door is going to be the first thing they try. Shut the door and maybe the aliens will go look for someone else to bother.
This story isn't really about drunk driving; it's about judges issuing warrants in situations where neither the judge nor the cops asking him, have any reason to even vaguely suspect that a crime may have happened. The drunk driving angle is just there to get the sympathy and support of people like you.
Given the extent to which we've allowed the government to invade our privacy in ineffective ways in the name of protecting us from terrorism..
Do you realize that the "anti-terrorism" crap was justified as being merely an extension of non-terrorism laws? PATRIOT was sold as letting the cops do to suspected terrorists, what they get to do to suspect drug traffickers or mobsters. There was a time when going after drug traffickers was popular too (like going after drunk driving is) which is why people allowed that. Except this time we're paving the way for something even more radical, getting rid of the "suspected" part.
"I don't understand why you're resisting the idea immediately issuing warrants for randomly-selected people who don't disclose their SSD contents; we've been doing the same thing in the hopes of possibly catching drunk drivers for years; this just brings anti-piracy sweeps in line with the rest of long-established laws." That's what they're going to say when you complain about PATRIOT3.
For situations where you don't want to "bother setting it up" (and let's be realistic about the UI: all that can mean, is meeting in person and pressing a button or connecting a cable; if it's harder than that, it's too hard) like your phone-number-in-an-unencryped-email example, you fall back to the WoT and use PK. But that's the second-worse case scenario; I was talking about something else, where people realistically do meet each other sometimes, in addition to talking on phones.
BTW, it doesn't matter what Joe Average needs. Make "reasonably secure" be the default, normal situation. Joe Average doesn't need to use envelopes for his snail mail instead of postcards, but we typically use envelopes anyway, and that's ok! Even if they're overkill, envelopes are just too easy to use, to be worth thinking about when you need one and when you don't.
A lot of security pros get caught up in worrying about what is needed and threat models, but sometimes god-proof crypto can be so easy to deploy that it's faster and easier to just use it, than to even think about what you're securing against. People who live together so that their phones could routinely and trivially exchange shared secrets, are a good example of that.
Let's do our thinking when we make the tools, so that most users usually won't have to. Assume Joe Average's "rofl" response to someone sending him a picture of a cat in a Santa hat, needs to be safe from the transcendent intelligences existing in the High Beyond portion of the galaxy. Then only relax that assumption when it's inconvenient. I think we'll find there are many scenarios where it's not inconvenient.
Networks are insecure, period. That should be the underlying assumption of any communications system.
Then you put endpoint-to-endpoint crypto into the application. If some other layer also encrypts, like the crypto in CDMA or GSM or WPA2 or OpenVPN, that's ok, but it's not something your application should assume is useful, or even needs to be aware of.
Look at it that way, and GSM and CDMA have identical security: none. Security is the application's problem. We're looking at it all wrong: legacy phones are insecure, because they're an application that is designed to be compatible with.. what, late 1800s tech? Let's stop worrying about the networking tech itself, and fix the app. Fix the app, and the network won't matter.
That's actually a reasonably good idea. I love PK, but in real life, 99% of my phone calls are to people that I already know, where there's just no reason (other than the fact that current devices suck) one can't establish a shared secret in advance. In a sense, even AES is underkill; not that anyone needs more, but even syncing up a few gigabytes of OTP is totally feasible. "Feasible" even understates it; technically it would be trivial.
We walk around with devices that contain microphones and antennas, and many have CCDs, accelerometers and other crap. They have awesome potential as random number generators. Get two of 'em in the same room for a little while, or spend a few hours charging on the nightstand a few inches away from the spouse's device, and there's the chance to set up a pad with virtually no possibility of eavesdropping unless the room is bugged (and and if you're worried about that, use a cable -- unfortunately, if things have gone that far, you have already lost so it doesn 't matter whether or not you have good crypto).
Most of our phone calls could be secure, if we wanted that.
Retarding democracy -- reducing the choices that will be available on the real ballot a few months later -- is the spirit of primaries. What's so bad about violating that spirit? The more the primary system is abused, the sooner we can get rid of it.
Slashdot Mirror
Even if the phones pose a risk, the reason a terrorist (rather than a mere murderer-suicider) wouldn't do that, is that it wouldn't terrify anyone.
Here's the reaction a terrorist bomber gets: "Damn, we lost another plane. Did you see that explosion? Wow! I don't want that to happen to me. I'm scared! I'm going to stop flying and write my congressman to pass laws to give into that terrorist's cause."
Here's the reaction a terrorist phone-power-upper gets: "Damn, we lost another plane. It was supposed to turn left, but didn't. Pilot error, I guess. Oh well."
Now you might think that the terrorist's buddies could just issue a statement after the crash: "No, it wasn't pilot error. We had a guy onboard who turned on his cellphone. Muahahah! Fear us! Write your congressman to get US forces out of the middle east!" But if that works to terrify people, then they don't even need to crash a plane. Just wait for the next unexplained accident and take false blame for it.
This is a completely irrelevant point.
Imagine someone in authority made up a rule: "If you have gum in your mouth, you have to stop chewing whenever you're within ten feet of anyone who is wearing a red and white striped shirt."
I almost never chew gum, and I almost never happen to be near (or even see at a distance) people wearing such striped shirts. This rule would not be onerous, and if I complained about the rule, you would just as right to chide me: "Is it really that difficult to stop chewing your gum when you're near someone with a red and white striped shirt?"
No, it wouldn't be difficult. But if you did happen to be chewing gum and suddenly found yourself within ten feet of a stripe wearer, what would you do? You would keep on chewing and think, "fuck that stupid arbitrary rule!"
Ease of compliance isn't what matters. The only important thing is whether or not the rule has reason to exist. If a rule doesn't have sufficient justification, then it should be ignored no matter how easily obeyed. (Note, though, that sometimes the existence of enforcement is the immediate reason to obey the rule rather than ignoring it. This is why you don't even try to bring your harmless pocket knife onto a plane.)
Beyond the irrelevance of the point, I also think it is harmful.
There is already a trend of "overcriminalization" where we are subject to a great many rules, laws, and conditions that don't make sense. So we disobey them whenever we think we can get away with it. We are also subject to some rules, laws, and conditions that don't make sense to us as laymen, but actually do have justifications that we're unaware of. But 90% of the time that The Man tells us to do something that we don't understand, he just happens to be fucking with us rather than actually having a good reason. So we disobey these rules too. Stupid shit undermines respect, so the last thing anyone should say to justify a rule is, "but it's easy to comply." No, you've gotta explain why. Saying anything else just reinforces peoples' belief that there is no "why."
A phone is roughly about as likely as a laptop, to be stolen or lost. Just ask the Apple employees who bring their prototypes to bars. With portable things, shit happens to a greater degree than with desktops and their tangle of cables that have 'em effectively anchored to your desk (at least losing that requires malice).
So if you have sensitive stuff on it, then you already knew your phone was a risk. You dealt with this question before you even had a "smart" phone.
The cops and lack of warrants stuff is interesting, but doesn't change the scenario. Even if SCOTUS reverses the warrantless search decision, not everyone who steals or finds your phone is subject to constitutional limits on government. And even if you think that government is the only threat (there are no common criminals or nosy people, the world is full of 100% good people from 1950s TV shows) then imagine someone finds your phone. Obvously they're going to hand it over to the cops for 30 days so that you can go get it back. So now the cops have a reasonable expectation to go poking through the phone anyway just to try to figure out who to give it back to, so there ya go. Ignore all the legal issues here; none of them end up mattering, from a security standpoint.
I found it strange they left out the N900 when talking about how to deal with the problem, since that phone is probably the most capable thing on the market, being able to use the tried and true solutions that people have been coming up with over the last few decades. People shouldn't talk about this tech only in terms of the toylike stuff that throws away all our experience, while ignoring the state of the art. If your phone can't encrypt, don't worry, your next one will.
My main worry about phones is that the usage scenario demands (?) convenience but having a user enter a reasonably high-entropy key is usually going to be inconvenient. I don't mind entering a passphrase when I turn on a laptop, but I'm used to being able to dial a phone without going through bullshit. Maybe we'll end up with some kind of partitioning, where lots of capability is available to "guests" but people sometimes login to do a little bit more (mount certain encrypted volumes), so people have to decide when to cross the inconvenience barrier or not.
The "virtual combination lock" picture looks silly; if there's enough entropy in that, then it's either going to be hard to reliably reproduce, or the users are going to be going through a very amusing performance. Long term, the key will probably have to be biometric. Or maybe a physical key (but I don't think so). These won't protect you from law enforcement or violent criminals, but that's not an interesting threat model anyway -- once someone has you then your throat is the topic rather than your phone.
These marketing geniuses are telling me that if I'm worried that people might not buy my product, I ought to offer my product for sale?
Damn! Why didn't I think of that?!?
How would you know? Are you one of their paying customers?
Cars come to mind right off. Start car -> no music for next 2 minutes -> this computer is lame.
I think this bad analogy pretty clearly illustrates what the unwitting proprietary stooges don't understand. Refusal by software makers to pay licensing fees or agree to other terms in order to get permission to implement something, is equivalent to you saying, "Since people have to pay the $60 fee to do business with a single source, requiring the people to watch SyFy in order to get tax instructions isn't appropriate."
The problem isn't that you're barred from SyFy. The problem is that neutral entities shouldn't be making you do business with SyFy instead of letting you choose who to do business with, from all the choices that arise in a free market. A "standard" with licensing dependencies is like a government endorsing -- no wait, requiring -- a particular company.
You are allowed to implement WebM. You're allowed to implement Theora. You have to get on your knees and beg permission (and pay) to implement H.264. That (not just the money itself) is what makes H.264 inappropriate.
Think about all the non-proprietary stuff that browsers do, and what it would have been like if people hadn't been allowed to do all that stuff back in the 1990s. Now you want this one little part of the browser, to have a stranglehold? What's so special about video that we put up new barriers that we're used to not having, pretty much everywhere else?
Yeah, but this time, we the people will have someone on our side for a change. Unlike PNG in the mid 1990s and Vorbis around the turn of the century, the implementations we have will be big'n'mainstream. It's nice to not be a marginalized weirdo hermit for a change.
Adobe claims it is a DMCA violation to make software that is interoperable with Flash video. There might be some parts of Flash that are open, but playing video sure isn't one of them.
And as for the other parts, haven't you ever wondered why there is still only one full implementation of this supposedly open "standard"? Either the Gnash guys are incompetent (they aren't), Adobe's implementation is fucking awesome in everyone's opinion and all users are delighted with how great it works and the wide variety of platforms it has been ported to (they aren't), or the claim that it's open is bullshit.
You write a letter to Congress and the president, telling them that since they're already threatening to force the public to use a modern computer-y authentication system, then it might as well be built upon an established standard.
Whatever they propose, at some point it's going to involve someone looking at you and your credentials, and saying, "Yep, you're tepples," just like what you went through at BMV and the bank. And we already have a great system for how to handle that, under the hood.
OpenPGP's tech doesn't require airplanes; it's the currently-sparse group of users that (often) require airplanes. If were to become mainstream (which is what this story is about) and if government idiots don't screw it up (I can dream), then your next keysigning meeting could be at a neighborhood block party, rather than a nerd conference in some far-away city.
Saying "don't be a television and a web browser" is like pointing at a PDP11 running Unix and saying, "Don't be a document editor and also a formatter and also a C compiler." You're trying to apply the Unix philosophy at the wrong level. Look inside and then you'll see it. There's a codec library (and/or hardware) that does one thing well, and is used as part of many applications, just like "sed" is.
People are selling personal computers that come preloaded with insecure software? I'm shocked!
Oh, the personal computer is called something else, "internet TV," so that makes this news.
It's in your head. Obama (especially his DoJ) gets flamed and the flames modded up all the time. It happened before he even became president, when he voted for retroactive telecom immunity, and picked up again in his very first month in office when the bastard had his AG continue with Bush's "state secrets" arguments for why all the NSA cases should be stopped. People talk about all that stuff here, and not at negative moderation. He's hardly untouchable.
Who signs your license-to-do-whatever? Do you drive a car? If so, instead of MVD giving you a piece of plastic, just give them your key fingerprint and they can upload their signature to all the keyservers.
Did you personally visit your bank branch when you opened an account? (Yes, you did. You have to.) At that point, they can cert your key and that should be enough for them to believe that identity when used to access that account.
This all ignores the idea that people don't secure their computers so eventually the Bad Guys will get ahold of Joe Average's secret, but getting signed isn't really a problem.
Getting signed might be a problem for you and right now but that's because you're looking at it from a cypherpunk nerd perspective, where only computer dorks sign each others keys, so they only get it done when they travel and meet other dorks.
It'll be run by companies but we're hearing the idea from the government. I'm reminded of when Frank Zappa was at a Senate hearing getting grilled by the Mothers Against The Arts (MATA) -- no, wait, they went by the initials PMRC -- and a senator explained that they just wanted "private action" by the music labels to keep naughty music out of the hands of kids. Frank, sitting in a senate hearing building, looking around at a group of senators and their wives, having his words recorded on the senate record, said, "This is private action?" Hilarious.
Um, yeah, that's why we were all complaining about the Nanny State when Bush had Ashcroft go after the state of California over medical mariju-- wait, were we talking about Democrats?
And people decided not to use it. Raise your hand if you have an OpenPGP key and it's been signed by a lot of people (i.e. an identity, certified by multiple parties such that non-distributed systems seem like a joke in comparison). Ok, put down your hands; I was asking in the wrong place. Most people don't put up their hand here, so nobody builds upon the system.
Why would your customer do that? Buying from your website: no middleman. Buying your competitor's product from Apple: middleman. Assuming you and competitor's other costs are equal, you can offer your product at a lower price than your competitor's Apple Store price, with the same margin. You win.
Aha, so that's why we all use FAT file system on our Linux computers, none of which, of course, have multi-core CPUs, use X for anything more complicated than an xterm, fit in your pocket, or do anything more complicated on a network than talk gopher and NFS.
Wait, did you write that, or are you (mis)quoting Charles H. Duell?
This story isn't really about drunk driving; it's about judges issuing warrants in situations where neither the judge nor the cops asking him, have any reason to even vaguely suspect that a crime may have happened. The drunk driving angle is just there to get the sympathy and support of people like you.
Do you realize that the "anti-terrorism" crap was justified as being merely an extension of non-terrorism laws? PATRIOT was sold as letting the cops do to suspected terrorists, what they get to do to suspect drug traffickers or mobsters. There was a time when going after drug traffickers was popular too (like going after drunk driving is) which is why people allowed that. Except this time we're paving the way for something even more radical, getting rid of the "suspected" part.
"I don't understand why you're resisting the idea immediately issuing warrants for randomly-selected people who don't disclose their SSD contents; we've been doing the same thing in the hopes of possibly catching drunk drivers for years; this just brings anti-piracy sweeps in line with the rest of long-established laws." That's what they're going to say when you complain about PATRIOT3.
For situations where you don't want to "bother setting it up" (and let's be realistic about the UI: all that can mean, is meeting in person and pressing a button or connecting a cable; if it's harder than that, it's too hard) like your phone-number-in-an-unencryped-email example, you fall back to the WoT and use PK. But that's the second-worse case scenario; I was talking about something else, where people realistically do meet each other sometimes, in addition to talking on phones.
BTW, it doesn't matter what Joe Average needs. Make "reasonably secure" be the default, normal situation. Joe Average doesn't need to use envelopes for his snail mail instead of postcards, but we typically use envelopes anyway, and that's ok! Even if they're overkill, envelopes are just too easy to use, to be worth thinking about when you need one and when you don't.
A lot of security pros get caught up in worrying about what is needed and threat models, but sometimes god-proof crypto can be so easy to deploy that it's faster and easier to just use it, than to even think about what you're securing against. People who live together so that their phones could routinely and trivially exchange shared secrets, are a good example of that.
Let's do our thinking when we make the tools, so that most users usually won't have to. Assume Joe Average's "rofl" response to someone sending him a picture of a cat in a Santa hat, needs to be safe from the transcendent intelligences existing in the High Beyond portion of the galaxy. Then only relax that assumption when it's inconvenient. I think we'll find there are many scenarios where it's not inconvenient.
Networks are insecure, period. That should be the underlying assumption of any communications system.
Then you put endpoint-to-endpoint crypto into the application. If some other layer also encrypts, like the crypto in CDMA or GSM or WPA2 or OpenVPN, that's ok, but it's not something your application should assume is useful, or even needs to be aware of.
Look at it that way, and GSM and CDMA have identical security: none. Security is the application's problem. We're looking at it all wrong: legacy phones are insecure, because they're an application that is designed to be compatible with .. what, late 1800s tech? Let's stop worrying about the networking tech itself, and fix the app. Fix the app, and the network won't matter.
That's actually a reasonably good idea. I love PK, but in real life, 99% of my phone calls are to people that I already know, where there's just no reason (other than the fact that current devices suck) one can't establish a shared secret in advance. In a sense, even AES is underkill; not that anyone needs more, but even syncing up a few gigabytes of OTP is totally feasible. "Feasible" even understates it; technically it would be trivial.
We walk around with devices that contain microphones and antennas, and many have CCDs, accelerometers and other crap. They have awesome potential as random number generators. Get two of 'em in the same room for a little while, or spend a few hours charging on the nightstand a few inches away from the spouse's device, and there's the chance to set up a pad with virtually no possibility of eavesdropping unless the room is bugged (and and if you're worried about that, use a cable -- unfortunately, if things have gone that far, you have already lost so it doesn 't matter whether or not you have good crypto).
Most of our phone calls could be secure, if we wanted that.
Retarding democracy -- reducing the choices that will be available on the real ballot a few months later -- is the spirit of primaries. What's so bad about violating that spirit? The more the primary system is abused, the sooner we can get rid of it.