Everyone mocked the Australian PM when he said that the laws of Australia applied in Australia, and not the laws of mathematics, but he was correct.
This is peak nerd-delusion to think that the state will somehow be stopped by your cypherpunk schemes. It was already a delusion 20 years ago, and now to make things worse, all those guys that used to hang out in those hacker spaces promoting those attractive but silly ideas work for big corporations and governments.
The state will be stopped by widespread use of anonymous strong encryption.
It's the widespread part that confounds cypherpunks, and why PGP, Signal, Let's Encrypt are important despite the bikeshedding they attract from purists.
In a fight between law and maths, maths can't be arrested up, can't be put on trial, can't be detained at the border. It is intangible, and can be anywhere, even inside the unreadable mind of a traveller.
The only way for any state to prevent the use of crypto they can't break is to wind back all the things that can perform it, meaning all computers, not just all internet banking and other things that are everywhere now and can't be used safely without it.
States are free to do so, because a state can outlaw physical devices, seize them at the border, etc. — but that is what it would take to do this. I doubt they will, but that's the only option.
Unfortunately, we also have the problem that political factions both native and foreign regularly try to undermine states; doing so in secret is a necessary but not sufficient part of this, and thus getting past crypto is IMO absolutely necessary[0] to keep any state from being usurped.
Fortunately (from the POV of a state) "getting past crypto" can also be Van Eck phreaking, not just weak crypto.
Unfortunately for everyone, just as any crypto backdoor is almost certain to be exploited by criminals gangs to get valuable information, so so are the non-crypto surveillance possibilities: not just Van Eck, there's more than one way to use wifi as a wall penetrating radar to violate your privacy; laser microphones can listen on you remotely for pennies; smart dust is just about starting to be a serious possibility rather than a tech demo.
My current vibe here is that each new invention creates a power vacuum that takes 15 years to properly fill, and we're currently creating new tech too fast for either states or organised crime to fill the gaps.
> States are free to do so, because a state can outlaw physical devices, seize them at the border, etc. — but that is what it would take to do this. I doubt they will, but that's the only option.
Another alternative is forcing these devices to be designed in such a way that installing unauthorized crypto tools isn't possible.
We're already very close to this point. PCs have Secure Boot, which prevents installing non-approved operating systems. Windows 11 won't boot unless it is enabled. It also requires TPM, which can prevent modification of system and user files by putting the hard drive in an unencumbered computer. Windows Smart screen really doesn't want you to run apps not certified by Microsoft, although it is still possible. Web browsers are doing more and more to prevent you from visiting websites not secured by TLS, outright blocking some APIs if HTTPS isn't enabled.
The tech is here, all it takes is a regulator to tighten up the screws. It's not unimaginable for the EU to ban all motherboards with Secure Boot that can be disabled, to force Microsoft to refuse uncertified apps, to force Microsoft-certified browsers to require TLS with a specific set of root CAs, and to require those root CAs to only issue certificates to those the EU deems worthy. The EU isn't terribly likely to do these specific things out of right-to-repair concerns, though those concerns could probably be assuaged if the certification was done in a fair way by a third party, possibly the government itself, instead of tech companies.
This way, you can have perfectly secure crypto with your bank while still giving the EU the ability to access your messages at need.
> Another alternative is forcing these devices to be designed in such a way that installing unauthorized crypto tools isn't possible.
On the plus side, this does mean no more JavaScript and no more Excel spreadsheets. Unfortunately we'd have to ban nice things too, as those are only two of the things you'd have to ban to make this happen.
Don't get me wrong, the government behaviour you describe is plausible — turning those screws to make it harder is highly likely IMO — I'm just saying such limited things will never actually allow them to achieve their goals, and that unless they want to outlaw possession of computers at least as advanced as the Z1 from 87 years ago[0], they need to do their surveillance in a different way that doesn't break crypto.
(And that everyone else being able to do that surveillance necessitates substantial social change, but that's a different topic).
> On the plus side, this does mean no more JavaScript and no more Excel spreadsheets
Probably true about Excel (or at least non-cloud Excel), but not JS.
You can apply the App Store model but for websites. Require ID to get a TLS certificate, block anything which doesn't do TLS, allow certified websites to execute arbitrary code with a few technical restrictions. If somebody violates the law and is discovered, through either manual or automated means, they can be blocked via TLS revocation lists.
> to wind back all the things that can perform it, meaning all computers
Beware, they are attempting this.
It's a big project; UEFI, secure boot, and the end of General Purpose Computing. But they will throw absolutely everything they have into this Hail Mary plan, and the chip fabs are a chokepoint...
When I said "all computers" I wasn't being metaphorical.
Do you have something that can XOR two blob of data? Doesn't matter how, if this is JavaScript on a web page, or an app: if it can XOR, it can do a one-time-pad, which is unbreakable encryption.
The hard part of that way of encrypting things has always been sharing the key, but if you're in a criminal gang, or if you're actually trying to undermine a government, you can share the key in person.
None of the things you've listed are even remotely sufficient to prevent unbreakable cryptography. Strictly speaking you don't even need computers: even a handful of transistors soldered up right would do this.
This is peak nerd-delusion to think that the state will somehow be stopped by your cypherpunk schemes. It was already a delusion 20 years ago, and now to make things worse, all those guys that used to hang out in those hacker spaces promoting those attractive but silly ideas work for big corporations and governments.