What Reuters revealed is that their involvement doesn't come out in open court, because the police make up some alternative explanation of how they got the evidence. So they wouldn't have to reveal anything.
Also, the hack was somewhat sophisticated. If not the NSA then who?
Well, one interesting thing we learned lately is that some element of what can only be US law enforcement felt the need to exploit a Firefox bug in order to deanonymize some Tor users. Given that we know (thanks to Reuters) that the NSA works with other LE agencies, it therefore stands to reason that they are at this time NOT capable of entirely deanonymizing Tor via network traffic analysis, either because they don't have a global view of traffic, or their tools aren't capable of it, or the problem is a lot harder than it sounds (it's all encrypted so you have to rely on correlation attacks).
So for now at least it's the best that is available.
Ah yes. They claim he had the password on him, which directly contradicts statements by Greenwald that Miranda didn't have any passwords. They also claim that out of tens of thousands of documents they so far recovered less than 100, which implies to me that there may have been many passwords and they don't know the important ones. Also, these people have a track record of lying, constantly, whereas the journalists don't. So we'll see. Regardless, the assumption that intelligence agencies have better security than the Guardian seems unwarranted. The files were down successfully without the owners noticing, and the journalists have been reading them on clean machines that were never connected to the internet. Sounds to me like they have better procedures than the spies do.
A few years ago I developed a state of the art obfuscation system for JavaScript. It goes far beyond what you might normally see (renaming variables, etc) and is used for anti-spam purposes. I expected the obfuscation to get cracked by spammers eventually as anyone who had succeeded could have directly profited off that success, but in fact although there were many attempts over the years none were successful. When done well, software obfuscation is a powerful tool. It has a bad rap because so many people do it badly - there is precious little information out there about how to build really good obfuscations, so you get a lot of wheel reinvention.
And how valuable is that, really? Valuable enough to enrage and piss off all kinds of countries who could be allies? See the mess that resulted after it came out GCHQ had been spying on foreign delegations to banking reform talks of all things. Who gives a shit about that? It's much more important that other countries diplomats feel secure and professionally treated when on British soil.
GCHQ is a relic, a holdover from the cold war that was never wound up properly. The vast majority of its spying is just cynical perversion of public infrastructure to give Britain an unfair legup over countries that don't do it. It's right there in the article - the spying is anything that enhances "British interests". That's gotta suck if you're founding a company in Turkey or the Ukraine that's trying to compete with a big company in the 5-eyes governments domains.
So we have a case of sour grapes, then? Unless one of the NSA requests was "we want a backdoor" then this by itself doesn't mean much because the NSA is a weird creation that not only spies on everyone, but has an "information assurance" department that tries to design secure systems for US usage. They're behind the creation of SELinux which is both highly sophisticated and well reviewed by independent third parties. It does not have back doors. Also, many important constructions in cryptography were designed by the NSA. For example SHA2 was designed by the NSA and it is extensively studied. It has never been found to contain even a hint of a back door.
This crap about how the TPM allows Microsoft to remotely control computers for DRM purposes came up over a decade ago when trusted computing extensions were first designed. It was FUD back then with no connection to reality, and it's certainly FUD today too. If you want to learn about the actual next-gen TC technologies, go and read up on Intel SGX. Then go and read this post on bcflick, a use of the TPM and trusted computing designed to make Bitcoin wallets more secure. That's the kind of thing the tech is designed for. The TPM isn't even electrically capable of controlling the CPU.
And who is going to prosecute him? Doesn't that kind of thing usually require a firebrand government prosecutor who doesn't give a shit about the fallout? Does America have such a thing?
There is/was a Google Update Service on old versions of Windows to, I think, work around bugs in the Windows task scheduler. The latest Windows versions have those bugs fixed and on those versions it uses the task scheduler to do update checks.
Hmm? I'm pretty sure the Milgram experiment was exactly an investigation into the limits to the power of authority. The fact that if joe random tells people to administer a high voltage to someone, they don't do it - well that's not really a surprise. The surprising thing and the reason the experiment is famous is that simply dressing the guy in a lab coat and changing how the instructions are given resulted in people do it at way higher rates than anyone would have expected.
Many years ago I was in the process of joining QinetiQ which at that point had just been privatised, it was formerly DERA, the UK military research agency. Of course I had heard the "best and brightest" story from various people. Once I was somewhat far through the process and it was clear that I was well above their hiring bar I was taken to one side, and some guy evasively asked me a bunch of questions about how well I knew Python. At that time it was more of an obscure language than it is today. Eventually the guy, who was clearly desperate to impress me how cool all this "spy stuff" was, let on that his team worked on a component of ECHELON and they were looking for people with a good understanding of Python to work on it. I politely declined, continued with the regular process, and ended up in a different part of the organisation doing (mostly) non-military work.
I can tell you now that the people working there were very far from the best and brightest. Some of them were paid to be programmers but could barely write hello world. One guy actually used Notepad the moment he couldn't use the Visual Basic IDE anymore (e.g. different language). Entire months dribbled by without them producing any working code at all.
I have no doubt that during times when the nation was seriously under threat, the military and intelligence agencies had their pick as there was a clear "good vs evil" delineation and many people would love to fight for their side. Since the end of the cold war no such clear dividing line has existed. I seriously doubt GCHQ or MI5/6 is able to compete with major international firms for the best tech talent these days, their role is just far more ambiguous than in the past, the private sector much better at wooing people and the projects in the private sector far more interesting.
One thing the NSA learned the hard way is that some of the best technical workers these days also have a strongly libertarian streak. It can't have been easy to go up against recruiters at places like Google at the best of times, but these ongoing revelations are probably the worst thing that ever happened to their hiring pipeline. I expect GCHQ to enter a difficult-to-spot talent death spiral now, and because the best people want to work with the best people, it'll be hard for them to pull out of that (barring another major war that seriously threatens the nation).
He also leaked documents about GCHQ, including some quite embarrassing ones (or hopefully quite embarrassing ones) that showed GCHQ was basically being partially funded by the NSA and acted almost as a subcontractor to them. The fact that one countries signals intelligence agency might be paid for by a different one is quite amazing and their attitude of "we've gotta make sure we deliver the Americans the goods" absolutely scandalous.
No, the British government has plenty of reasons of its own to try and kick Greenwald. Unfortunately Parliament has been much sleepier than Congress when it comes to GCHQ abuses. Hague lied in front of MPs and the entire country, and just like Clapper nothing has been done about it. Unfortunately the British Parliament doesn't seem to have an equivalent of Amash right now, so it may well be that the issue simply dies there in deafening silence. MP's are all too intimidated by the intelligence agencies to do anything about it, and sadly they have a long track record of illegal surveillance that started long before 9/11 (dating from the time of the battles against the IRA). Although Congress routinely wipes its ass with the constitution, at least it gives Americans a rallying point and something concrete to get upset over. The lack of one in the UK means it's easier for the government to walk over basic principles.
Funny, I can't. It does not mention citizens vs. not. It simply says "The right of the People". Weird.
It's not weird, it's by design. The constitution does not contain such language because then all the government would have to do is revoke your citizenship and they could do whatever they wanted without it being unconstitutional. It'd be a loophole large enough to drive a spy satellite through.
We don't have any evidence (yet) of malicious intent
How often do you think abuse is required to maintain the status quo of those in power? Hardly ever, and when it does happen it won't leave much of a paper trail, if any.
Here's something for NSA employees to think about. The Snowden leaks have made that entire org collectively shit its pants in fear. So who do you think that vast spying apparatus is now being turned on? I bet every single NSA employee that has clearance to so much as make a cup of coffee is having their data gone over with a fine tooth comb. They now have to deal with the fact that every move they make, every hotel they check in to, every email they send or phone conversation they have, every purchase of groceries with their credit card is going to be looked at by an analyst. Is this guy going to leak? Is he a Snowden sympathiser? How can we find leakers before they get away? That's going to be the big questions on their mind. And god forbid an NSA employee starts up Tor, sends something using PGP or books a flight to Hong Kong.
They know that there are limits to how tight they can make internal security. So monitoring their own staff as closely as they do terrorists is the logical next step. Perhaps they were already doing so. Snowden was pretty damn paranoid so it obviously wasn't out of the question even before what he did.
If you're a part of the US national security apparatus, you can pretty much kiss your personal privacy goodbye right now.
Has anyone NOT read 1984 by now? I'm pretty sure it was required reading at high school in the UK for a while.
If anyone hasn't read it, they should do so. Right now. It is the book most relevant to the times in which we live. Spoilers follow. The parallels are just terrifying:
We have total surveillance of all people. Heck, think about laptops and smart TVs. Are you sure the NSA can't turn on their webcams and microphones remotely, a la telescreens?
We have a Winston equivalent breaking down and saying how much he loves the government and how amazed he is that he could have ever doubted their greatness.
We have the government torturing or executing anyone who disagrees with them.
We are in a state of perpetual war against regions of the world that somehow suddenly shift yet somehow stay the same (one day Afghanistan, the next day Iraq, then Iran, etc).
Until recently bin Laden was the target of the "5 minutes hate". Though I guess these days there's no equivalent. The analogy is a little rough because in the book Emmanuel Goldstein (?) was a terrorist figure entirely manufactured by Big Brother to attract and flush out rebels. In reality no such person existed. bin Laden surely existed, although he did once work for the CIA itself until the US no longer needed him. So in a rough sense he was "made" by US policies.
Of course, there are things that don't apply too. In 1984 the government exercised absolute control over information, as the Soviet Union did (which is what inspired the book). Goldstein could be manufactured out of nothing because Big Brother controlled all access to information and had perfect propaganda in place. I am very skeptical such a thing does or could exist today. Our Big Brother equivalents hide information obsessively but they know they can't actually control it once out, nor can they rewrite history. If the internet had not happened or had evolved in a different way (like in China) then this part might also have come true, but so far in the west I believe we have a pretty good idea of what's truth vs fiction - we might be missing information but we are not widely believing propaganda. Well, except for idiots who have an instinctive need to "belong to a team" in which case they choose to believe propaganda even though disproving it is trivial. But that's a different problem than the people in 1984 had.
You see, NGO's are also all CIA organizations acting to overthrow governments. Thus attacking NGO's is a patriot's duty.
Well, the problem is that some NGO's have been found to be fronts for the CIA. Remember how bin Laden was found? Some doctors that pretended to be distributing vaccines turned out to be CIA agents.
I really doubt any Russians would claim "all" NGO's are penetrated by the CIA, that's something you yourself just made up right now. But some of them? That's reality, not propaganda.
Well, yes. There's actually something to that position, isn't there.
Let's ignore that such a policy would break all kinds of random non-ad stuff that requires third party cookies, like, say, their own Persona service. Perhaps Mozilla think that doing this will simply make advertising go away entirely and the web will suddenly become a utopia of clean, modern web design with no annoying ads. Er, no. Fail. What will happen is advertising on the web will look like it did some years ago when every ad was for annoying crappy web games because those happen to monetize consistency well across all audiences, and I'll never see any ads for stuff that might actually be useful. There won't suddenly be less ads, if anything you'd expect there to be more because each ad will give a lower return.
Firefox already provides a setting to disable third party cookies. They're welcome to help people understand what this setting does and what the effects of enabling it would be. But killing this part of the HTTP specification for everyone by default won't help users. It will make a bad situation worse.
No, he can't. He can try and race your broadcast, but miners do not accept double spends against the mempool. You can't just arbitrarily replace transactions like that. If you receive an unconfirmed transaction, unless your opponent has a ton of mining power and can choose the exact moment he purchases from you, and the good he's buying is immediately and irreversibly deliverable, it's not typically an issue.
Piracy has killed things off. You don't think it has because it's so difficult to measure what would have been created but now wasn't. But take a look at the rise and fall of the music industry in terms of sales. They plummet right around the time broadband internet and MP3 became widespread after rising for many years. The rise in digital sales did not nearly offset the fall in other kinds of sales. You think that's a giant co-incidence?
It isn't and that's so obvious that even the Economist has said "the internet sank the music business". See the article for a graph of sales broken down by physical/digital. Digital sales rose but overall sales are still just over half what they were in 1999. Did people somehow lose interest in music and halve their consumption? No, of course not. People still listen to just as much music as they did back then, probably much more. The difference now is they don't pay for it.
This is such a fail argument. Why does it even come up?
It is not societies job to stop artists and producers from signing stupid contracts. That's their job, and their job alone. For every writer or actor who signed a stupid contract I can show you one that was smarter and did incredibly well out of their success.
However it IS societies job to ensure that once they've created something and decided what to do with it, that they can then benefit from that work in some way. It's our job because basically every modern society has decided that creative works are good, and professional creatives are even better, and that we need to have a framework in place that lets people focus on making creative works full time. The alternative funding models out there have not been shown to be anywhere near competitive. How many people watch movies funded by Kickstarter?
Some chips have the ability to generate key material inside themselves that never leaves and requires destroying the chip to obtain. If the cards were using such a chip then even the government would not necessarily have the private key. Whether Estonia does that or not I don't know, but of all the governments I fear in the world, the government of Estonia is not one of them. I mean, please name one other government that actually encourages and makes it easy for its citizens to use strong end to end encryption?
Slashdot Mirror
What Reuters revealed is that their involvement doesn't come out in open court, because the police make up some alternative explanation of how they got the evidence. So they wouldn't have to reveal anything.
Also, the hack was somewhat sophisticated. If not the NSA then who?
Good question - what good is Tor?
Well, one interesting thing we learned lately is that some element of what can only be US law enforcement felt the need to exploit a Firefox bug in order to deanonymize some Tor users. Given that we know (thanks to Reuters) that the NSA works with other LE agencies, it therefore stands to reason that they are at this time NOT capable of entirely deanonymizing Tor via network traffic analysis, either because they don't have a global view of traffic, or their tools aren't capable of it, or the problem is a lot harder than it sounds (it's all encrypted so you have to rely on correlation attacks).
So for now at least it's the best that is available.
Ah yes. They claim he had the password on him, which directly contradicts statements by Greenwald that Miranda didn't have any passwords. They also claim that out of tens of thousands of documents they so far recovered less than 100, which implies to me that there may have been many passwords and they don't know the important ones. Also, these people have a track record of lying, constantly, whereas the journalists don't. So we'll see. Regardless, the assumption that intelligence agencies have better security than the Guardian seems unwarranted. The files were down successfully without the owners noticing, and the journalists have been reading them on clean machines that were never connected to the internet. Sounds to me like they have better procedures than the spies do.
Yep. You got it.
A few years ago I developed a state of the art obfuscation system for JavaScript. It goes far beyond what you might normally see (renaming variables, etc) and is used for anti-spam purposes. I expected the obfuscation to get cracked by spammers eventually as anyone who had succeeded could have directly profited off that success, but in fact although there were many attempts over the years none were successful. When done well, software obfuscation is a powerful tool. It has a bad rap because so many people do it badly - there is precious little information out there about how to build really good obfuscations, so you get a lot of wheel reinvention.
And how valuable is that, really? Valuable enough to enrage and piss off all kinds of countries who could be allies? See the mess that resulted after it came out GCHQ had been spying on foreign delegations to banking reform talks of all things. Who gives a shit about that? It's much more important that other countries diplomats feel secure and professionally treated when on British soil.
GCHQ is a relic, a holdover from the cold war that was never wound up properly. The vast majority of its spying is just cynical perversion of public infrastructure to give Britain an unfair legup over countries that don't do it. It's right there in the article - the spying is anything that enhances "British interests". That's gotta suck if you're founding a company in Turkey or the Ukraine that's trying to compete with a big company in the 5-eyes governments domains.
So we have a case of sour grapes, then? Unless one of the NSA requests was "we want a backdoor" then this by itself doesn't mean much because the NSA is a weird creation that not only spies on everyone, but has an "information assurance" department that tries to design secure systems for US usage. They're behind the creation of SELinux which is both highly sophisticated and well reviewed by independent third parties. It does not have back doors. Also, many important constructions in cryptography were designed by the NSA. For example SHA2 was designed by the NSA and it is extensively studied. It has never been found to contain even a hint of a back door.
This crap about how the TPM allows Microsoft to remotely control computers for DRM purposes came up over a decade ago when trusted computing extensions were first designed. It was FUD back then with no connection to reality, and it's certainly FUD today too. If you want to learn about the actual next-gen TC technologies, go and read up on Intel SGX. Then go and read this post on bcflick, a use of the TPM and trusted computing designed to make Bitcoin wallets more secure. That's the kind of thing the tech is designed for. The TPM isn't even electrically capable of controlling the CPU.
And who is going to prosecute him? Doesn't that kind of thing usually require a firebrand government prosecutor who doesn't give a shit about the fallout? Does America have such a thing?
There is/was a Google Update Service on old versions of Windows to, I think, work around bugs in the Windows task scheduler. The latest Windows versions have those bugs fixed and on those versions it uses the task scheduler to do update checks.
The cold war has been over for more than 20 years?
But why exclude the military from those figures?
Hmm? I'm pretty sure the Milgram experiment was exactly an investigation into the limits to the power of authority. The fact that if joe random tells people to administer a high voltage to someone, they don't do it - well that's not really a surprise. The surprising thing and the reason the experiment is famous is that simply dressing the guy in a lab coat and changing how the instructions are given resulted in people do it at way higher rates than anyone would have expected.
Many years ago I was in the process of joining QinetiQ which at that point had just been privatised, it was formerly DERA, the UK military research agency. Of course I had heard the "best and brightest" story from various people. Once I was somewhat far through the process and it was clear that I was well above their hiring bar I was taken to one side, and some guy evasively asked me a bunch of questions about how well I knew Python. At that time it was more of an obscure language than it is today. Eventually the guy, who was clearly desperate to impress me how cool all this "spy stuff" was, let on that his team worked on a component of ECHELON and they were looking for people with a good understanding of Python to work on it. I politely declined, continued with the regular process, and ended up in a different part of the organisation doing (mostly) non-military work.
I can tell you now that the people working there were very far from the best and brightest. Some of them were paid to be programmers but could barely write hello world. One guy actually used Notepad the moment he couldn't use the Visual Basic IDE anymore (e.g. different language). Entire months dribbled by without them producing any working code at all.
I have no doubt that during times when the nation was seriously under threat, the military and intelligence agencies had their pick as there was a clear "good vs evil" delineation and many people would love to fight for their side. Since the end of the cold war no such clear dividing line has existed. I seriously doubt GCHQ or MI5/6 is able to compete with major international firms for the best tech talent these days, their role is just far more ambiguous than in the past, the private sector much better at wooing people and the projects in the private sector far more interesting.
One thing the NSA learned the hard way is that some of the best technical workers these days also have a strongly libertarian streak. It can't have been easy to go up against recruiters at places like Google at the best of times, but these ongoing revelations are probably the worst thing that ever happened to their hiring pipeline. I expect GCHQ to enter a difficult-to-spot talent death spiral now, and because the best people want to work with the best people, it'll be hard for them to pull out of that (barring another major war that seriously threatens the nation).
CC purchases are false positive declined so often that I doubt that any cashier would ever "stall until the cops come".
He also leaked documents about GCHQ, including some quite embarrassing ones (or hopefully quite embarrassing ones) that showed GCHQ was basically being partially funded by the NSA and acted almost as a subcontractor to them. The fact that one countries signals intelligence agency might be paid for by a different one is quite amazing and their attitude of "we've gotta make sure we deliver the Americans the goods" absolutely scandalous.
No, the British government has plenty of reasons of its own to try and kick Greenwald. Unfortunately Parliament has been much sleepier than Congress when it comes to GCHQ abuses. Hague lied in front of MPs and the entire country, and just like Clapper nothing has been done about it. Unfortunately the British Parliament doesn't seem to have an equivalent of Amash right now, so it may well be that the issue simply dies there in deafening silence. MP's are all too intimidated by the intelligence agencies to do anything about it, and sadly they have a long track record of illegal surveillance that started long before 9/11 (dating from the time of the battles against the IRA). Although Congress routinely wipes its ass with the constitution, at least it gives Americans a rallying point and something concrete to get upset over. The lack of one in the UK means it's easier for the government to walk over basic principles.
Yes indeed ..... sounds a lot like LavaBit doesn't it?
It's not weird, it's by design. The constitution does not contain such language because then all the government would have to do is revoke your citizenship and they could do whatever they wanted without it being unconstitutional. It'd be a loophole large enough to drive a spy satellite through.
How often do you think abuse is required to maintain the status quo of those in power? Hardly ever, and when it does happen it won't leave much of a paper trail, if any.
Here's something for NSA employees to think about. The Snowden leaks have made that entire org collectively shit its pants in fear. So who do you think that vast spying apparatus is now being turned on? I bet every single NSA employee that has clearance to so much as make a cup of coffee is having their data gone over with a fine tooth comb. They now have to deal with the fact that every move they make, every hotel they check in to, every email they send or phone conversation they have, every purchase of groceries with their credit card is going to be looked at by an analyst. Is this guy going to leak? Is he a Snowden sympathiser? How can we find leakers before they get away? That's going to be the big questions on their mind. And god forbid an NSA employee starts up Tor, sends something using PGP or books a flight to Hong Kong.
They know that there are limits to how tight they can make internal security. So monitoring their own staff as closely as they do terrorists is the logical next step. Perhaps they were already doing so. Snowden was pretty damn paranoid so it obviously wasn't out of the question even before what he did.
If you're a part of the US national security apparatus, you can pretty much kiss your personal privacy goodbye right now.
Has anyone NOT read 1984 by now? I'm pretty sure it was required reading at high school in the UK for a while.
If anyone hasn't read it, they should do so. Right now. It is the book most relevant to the times in which we live. Spoilers follow. The parallels are just terrifying:
Of course, there are things that don't apply too. In 1984 the government exercised absolute control over information, as the Soviet Union did (which is what inspired the book). Goldstein could be manufactured out of nothing because Big Brother controlled all access to information and had perfect propaganda in place. I am very skeptical such a thing does or could exist today. Our Big Brother equivalents hide information obsessively but they know they can't actually control it once out, nor can they rewrite history. If the internet had not happened or had evolved in a different way (like in China) then this part might also have come true, but so far in the west I believe we have a pretty good idea of what's truth vs fiction - we might be missing information but we are not widely believing propaganda. Well, except for idiots who have an instinctive need to "belong to a team" in which case they choose to believe propaganda even though disproving it is trivial. But that's a different problem than the people in 1984 had.
Well, the problem is that some NGO's have been found to be fronts for the CIA. Remember how bin Laden was found? Some doctors that pretended to be distributing vaccines turned out to be CIA agents.
I really doubt any Russians would claim "all" NGO's are penetrated by the CIA, that's something you yourself just made up right now. But some of them? That's reality, not propaganda.
Well, yes. There's actually something to that position, isn't there.
Let's ignore that such a policy would break all kinds of random non-ad stuff that requires third party cookies, like, say, their own Persona service. Perhaps Mozilla think that doing this will simply make advertising go away entirely and the web will suddenly become a utopia of clean, modern web design with no annoying ads. Er, no. Fail. What will happen is advertising on the web will look like it did some years ago when every ad was for annoying crappy web games because those happen to monetize consistency well across all audiences, and I'll never see any ads for stuff that might actually be useful. There won't suddenly be less ads, if anything you'd expect there to be more because each ad will give a lower return.
Firefox already provides a setting to disable third party cookies. They're welcome to help people understand what this setting does and what the effects of enabling it would be. But killing this part of the HTTP specification for everyone by default won't help users. It will make a bad situation worse.
Er, no. That's now how Bitcoin works, nor is it how it is intended to work. I suggest you review the codebase and try again.
No, he can't. He can try and race your broadcast, but miners do not accept double spends against the mempool. You can't just arbitrarily replace transactions like that. If you receive an unconfirmed transaction, unless your opponent has a ton of mining power and can choose the exact moment he purchases from you, and the good he's buying is immediately and irreversibly deliverable, it's not typically an issue.
Piracy has killed things off. You don't think it has because it's so difficult to measure what would have been created but now wasn't. But take a look at the rise and fall of the music industry in terms of sales. They plummet right around the time broadband internet and MP3 became widespread after rising for many years. The rise in digital sales did not nearly offset the fall in other kinds of sales. You think that's a giant co-incidence?
It isn't and that's so obvious that even the Economist has said "the internet sank the music business". See the article for a graph of sales broken down by physical/digital. Digital sales rose but overall sales are still just over half what they were in 1999. Did people somehow lose interest in music and halve their consumption? No, of course not. People still listen to just as much music as they did back then, probably much more. The difference now is they don't pay for it.
This is such a fail argument. Why does it even come up?
It is not societies job to stop artists and producers from signing stupid contracts. That's their job, and their job alone. For every writer or actor who signed a stupid contract I can show you one that was smarter and did incredibly well out of their success.
However it IS societies job to ensure that once they've created something and decided what to do with it, that they can then benefit from that work in some way. It's our job because basically every modern society has decided that creative works are good, and professional creatives are even better, and that we need to have a framework in place that lets people focus on making creative works full time. The alternative funding models out there have not been shown to be anywhere near competitive. How many people watch movies funded by Kickstarter?
Some chips have the ability to generate key material inside themselves that never leaves and requires destroying the chip to obtain. If the cards were using such a chip then even the government would not necessarily have the private key. Whether Estonia does that or not I don't know, but of all the governments I fear in the world, the government of Estonia is not one of them. I mean, please name one other government that actually encourages and makes it easy for its citizens to use strong end to end encryption?