> having verified switches can give you confidence from first principles that it it has no way of observing you
Right, but this is what I meant to ask: how does one verify a switch that has been manufactured by someone else? I suppose that an electrical engineer could check the schematics, but how do you verify that the actual hardware in your device matches the schematics?
Switches are very simple devices. If the switch mechanism is not enclosed, it is easy to look one and see that the input leads are separated by the output leads by an air gap. Of course, a sufficiently motivated attacker could still work around this (by eg, by finding a side channel, or having the plastic of the switch be somewhat conductive). However, these attacks are far more difficult, and far less plausibly deniable.
> Switches are very simple devices. If the switch mechanism is not enclosed, ...
Sarcasm, I hope? I spent an hour this weekend replacing some micro switches in some decrepit robots. These are about 5mm^3, which is pretty tiny, but huge on the scale of a modern phone. They are basically hunks of plastic with a button on one side and six or so leads coming out the other side. No, you can't open them up and see the air gap without destroying them. And yes, they are small enough to easily contain a full CPU, some flash memory, and a few sensors, even though they only really need a few sliding metal and plastic bits.
Sorry if I wasn't being clear. My point is that it is possibly to have switches that are easily verifiable. Most switches that exists are not because there is no motivation to make them so.
Right, but this is what I meant to ask: how does one verify a switch that has been manufactured by someone else? I suppose that an electrical engineer could check the schematics, but how do you verify that the actual hardware in your device matches the schematics?