Yes, you can design an encryption tool that's both trivial to adopt, and resist judicial power at the same time. And this is exactly what I'm doing now:
It's an end-to-end voice encryption device using Diffie-Hellman protocol for completely-distributed key exchange, so the keys never leave the box and there's no way we can hand over any key, or traffic, to the authorities.
The user interface of JackPair is minimal; it's connected with any phone and headset through standard 3.5 mm audio jack. All you need to do is to press the button on it to set up secure line over established phone calls. It's zero configuration with no software to install, no service subscription, and it works with any phone you already have.
Levison d e l i b e r a t e l y chose a model that amounted to key escrow because the alternatives all involved users installing software, and thus killing user adoption. He deliberately escrowed keys to his users, providing the illusion of security in exchange for market penetration.
Nerds are great at baring their fangs when someone overtly suggests escrow keys. But they're terrible at spotting designs where key escrow is an emergent property rather than a goal.
FYI, based on previous discussion, by "trivial to adopt" he means "you can use it in your current browser and in a new browser if you remember your password." Which is reasonable, but I totally see why you think your own solution fits your own definition of "trivial to adopt." Domains are a bit different.
I see you plan to publish the source -- do you have a way that someone can verify what is running on their device, such as using common components so they can load the code themselves, or maybe a version that runs as installed software on a desktop computer? (This wouldn't be as convenient, but it could provide safety to the ecosystem if it could detect hostile clients.)
EDIT I wonder how much computational power it would take for an attacker to do a man-in-the-middle attack that recognizes each side saying "the code is 123" and change the voice to say "the code is 456."
Got your point on "trivial to adopt". I didn't see discussions w.r.t. browser here.
It's a good idea to find ways for users to verify what's running on the device. Right now, the USB port on JackPair is only for user to re-charge battery. We can open it up for user to load the code themselves, but this will also make it vulnerable for USB hacks. Any suggestions here?
The encryption software of JackPair can be run on PC, except for the assembly optimization for our ARM cortex M3 based DSP core. It's ok to verify software this way; it'll be open sourced anyway. But I'm not convinced that average users can make sure their PC or smart phone secure enough to run JackPair as pure software solution.
For MitM human voice mimicking, in additional to computing power, it'll take a large database with perfect voice samples, and manual adjustment & training so far:
There's just too many backdoors in smart phones. That's why I choose to use standalone hardware that can work with any phone for my voice encryption project:
I don't think I see the relevance. This article isn't about spying on you, it is about disabling your phone remotely ("kill switch," etc). How does encrypting your voice before it enters your phone mitigate that?
Plus if you're paranoid enough to use that then frankly you're too paranoid to own a cellphone at all. They can still use it to track your location and to remotely turn on the microphone and eavesdrop on the background sounds.
My point is that it's too easy to create backdoor on smart phones. There're many ways to track and disable your phones, no matter whether it's a smart phone or not. For example, your carrier operator can do a lot of bad things on your phone. The difference with smart phone is that it can be hacked without accountability from the operator side.
Given than you are aware of such risks and still has the need to communicate, your next best options is to encrypt your conversations through non-smart phones, and that's where my project, JackPair, can be helpful.
And yes, I'm trying to promote the awareness of my project JackPair, and the technologies behind it. In fact, I'm running a kickstarter campaign now for JackPair (http://bit.ly/jkpair). I think its relevant here because people need to be more aware that they don't really own their smart phone these days.
The relevance, as I see it, is that the same capabilities used to spy on mobile devices (0-day vulnerabilities/backdoors, or just leverage over telcos) could be used as a de-facto "kill switch".
That said, a law that explicitly gives the state authority to shut down all cell phones in a situation "they perceive" as a risk is an order of magnitude worse.
(The "kill switch" counterpart to JackPair would be systems like mesh networks, ham radio / APRS, etc. GoTenna is one recent commercial product: http://gotenna.com/ Of course it can probably be easily jammed)
This is exactly how the curriculum is designed in a Waldorf school; each main subject is taught for a few weeks intensively, then left aside for a month or so before next re-visit.
In that article, Snowden said that "We have the means and we have the technology to end mass surveillance without any legislative action at all, without any policy changes.” The answer, he says, is robust encryption.
And that's exactly what I'm doing through JackPair, a low-cost voice encryption device that empower every citizen to protect their privacy over the phone:
It uses Diffie-Hellman key exchange and stream cipher with keystream from pseudo random number generator seeded from DH. It's similar to one-time key pad with no key management and zero-configuration.
As Snowden mentioned in the article, by adopting end-to-end encryption technologies like this, we can collectively end mass surveillance not just in the United States but around the world.
Most politicians in Taiwan are either threaten or bribed by China. The ruling party is heavily corrupted, and large enterprise highly influenced, by the huge economic power of China, while most average citizens are worried, but powerless of the situation. This is why the majority of Taiwanese sympathize with the students' action of Occupying the Congress.
https://www.kickstarter.com/projects/620001568/jackpair-safe...
It's an end-to-end voice encryption device using Diffie-Hellman protocol for completely-distributed key exchange, so the keys never leave the box and there's no way we can hand over any key, or traffic, to the authorities.
The user interface of JackPair is minimal; it's connected with any phone and headset through standard 3.5 mm audio jack. All you need to do is to press the button on it to set up secure line over established phone calls. It's zero configuration with no software to install, no service subscription, and it works with any phone you already have.