Without authentication, how do you know it's *me* doing the DH negotiation on the other end? That's the root of trust problem that certificates (and webs of trust) try to solve (and don't do a very good job of).
To have a truly reliable system, we need something that "square's Zooki's triangle": https://en.wikipedia.org/wiki/...
There is promise in newer systems that use Bitcoin-like blockchains (like Namecoin).
Typically you just verify that the sourcecode you build from matches the published source through the use of checksums and/or gpg signatures...
And how do you know that *your compiler* can be trusted? http://cm.bell-labs.com/who/ke... (Reflections on Trusting Trust). Any way you slice it, this is a *hard* problem.
That's all circumstantial, until or unless he walks into the diner with a bomb.
I'm not willing to sacrifice the privacy of the whole country over a movie plot threat.
Stated another way...
Your relationship with your ISP: You are the customer.
Your relationship with Facebook: You are the product.
It's easy to come up with BAD examples, that's the default for movies. What's your vote for the BEST portrayal?
The computer stuff wasn't particularly great in this movie, but I thought this move captured the technology development process very nicely:
I wholeheartedly agree. If we can't get rid of zero-tolerance or "THE RULES", perhaps the "bright guys" at the top could try to codify common sense. Something like:
Here are "THE RULES" 1-N...
Rule N+1 is: You must make a good faith attempt to understand the context of and apply common sense to each individual situation. If you do not, these rules hold you to be just as accountable (or more at fault?) as if you had completely disregarded them.
Then perhaps they could write in to the official HR description of all administrative jobs: #1 required job qualification: Common Sense.
...might work. Uh, never mind...
This essay from Bruce Schneier goes directly to this issue:
Government has a lot of power over you. Whereas you as an individual have very little power over the government. To balance things out, large/powerful entities should be transparent. Smaller entities and individuals get to have secrets (privacy).
It is masked but always present. I don't know who built to it. It came before the first kernel.