It sounds like you assume that if offline access was a fundamental right, the government would not only respect it, but the offline access would also be private by default.

For the former: we enshrine rights to assert protections. Otherwise what’s the point of governance? Like it or not we don’t have anarchy. It’s somewhat weird to talk about whether we assume the gov follows its own law as a criteria for reform. A gov may or may not respect our rights but the absence of respect for human rights would not be just cause to not create rights. Even if the gov disrespects a human right, there is still merit to being able to name & shame; to declare & publicise violations of rights. It gives transparency and exposes tyranny. Indeed human rights are disrespected plenty, but it would be foolish to sign up to scrap the rights. I would rather scrap the actors who fail to uphold rights.

Human rights were originally just symbolic. But they are increasingly upheld. In France, women won the right to abortion in 1975 when a court recognised that the human right to autonomy was valid.

The important question is: how is the presumption of disrespected rights used? Perhaps you are concerned that a presumption of respect of rights leads to inaction. However, I think the contrary. Assuming your rights are not respected leaves you with not even trying to exercise your rights. I.e. being a pushover out of hopelessness. I know quite well my rights are not always respected. I have experienced my rights being trampled 1st hand. I do not accept it. By not accepting it I continue to make demands. I insist on justice. I appeal bad decisions. Escalating the fight without quitting is the most effective approach to justice.

As for the latter, I think I explained that digital access can give privacy and it can cost privacy. Both at the same time. Privacy is multifaceted. It is senseless to speak of it as a single vague factor. Privacy is a collection of factors. Different ppl care about different privacy factors. I might be more violated if MS sees my email. You may feel more violated if your postal worker sees who you receive envelopes from. To each his own.

I just know that society tends towards efficiency, and offline methods are simply inefficient, so I expect it to go away in the future, unless there was some fundamental reason why offline access was necessary (and not indirect reasons, like the right to privacy).

To see fundamental human rights as “indirect” is to give a low priority to them. Offline access is essential to several human rights (self determinism, autonomy, dignity, and privacy, to name a few). Efficiency is not directly a human right. You could perhaps argue that efficiency is indirectly a human right if you try to argue that ineffeciency leads to fewer people getting public service. But that’s going to be a hard case to make when an exclusively digital service inherently excludes offline people.

What is the reason you want offline access to government services? Surely it’s not privacy, since you usually have to provide your government ID to interact with the service.

This touches on the idea that “privacy” is some kind of 1-dimensional concept. A public svc may need my ID for some task. That’s fair enough to the extent that it is true. But it’s unlikely that they need my IP address & realtime location. Of course such discussion could use the context of a specific situation. The abuses I frequently encounter is a gov blocking tor (thus forcing IP exposure) or pushing a precondition to service by demanding information that may not exist (phone number or email address).

My guess is that you want to avoid giving data to commercial entities, and also avoid interaction with commercial entities, like Microsoft.

You need not guess. I mentioned my boycott against MS which inherently entails not feeding data to MS. And indeed I generally demand that I minimise data supplied to commercial entities. Not only out of distrust, but I have 1st hand experience with being burnt by sloppy infosec practices. Cybercriminals have exfiltrated my personal data from commercial entities who had no just reason for having the data to begin with.

So it sounds like you don’t necessarily want offline access, you want to be able to interact with government services without any other dependencies.

In a hypothetical world, cybercriminals would not exist and data would not be abused. But we don’t live in a hypothetical world.

I’m positive most governments use Microsoft Word.

Fair assumption. Interesting as well to note that the Dutch gov financed an investigation of MS Word which revealed that MS was surreptitiously sending sensitive info to MS telemetry servers in the US. No other government in the world demonstrated that level of responsibility.

Despite the GDPR violations they discovered, I have little confidence that the leaks were fixed in MS Word. Nonetheless, the MS Word leaks are far less abusive than email passing in-the-clear via MS’s mail servers.

They’ll be using it to draft the paperwork that they send to you. They probably scan and OCR your letters for archival, and their scanning software is probably commercial and collects data. If your goal is elimination of external dependencies, then offline access is just the tip of the iceberg. And just because these dependencies are hidden, doesn’t mean one can ignore them. If that was the case you could just send your documents to a friend and ask them to send it to the government for you, and ask them not to tell you how they did it. That way you wouldn’t know if a commercial service was involved!

I know for certain that some gov agencies scan postal mail and email it. OCR is not certain but it’s a fair assumption. I prefer internal data abuses because it removes me from being at fault. If I send e-mail to a gov agency whose MX lookup leads to a Microsoft server and MS abuses the data, I have a hand in the abuse of my own data. A well-lawyered opponent would rightfully argue: “you handed your message to MS; you reap what you sow. If you did not trust MS with your message then you should not have handed your message to them.”

Real-life story: someone spotted CSAM on a Cloudflare site and reported it to CF. CF forced the whistle blower to reveal their identity as a precondition to treating the complaint. So they did. Then CF gave the whistle blower’s identity to the website owner without taking the site offline. The website owner doxxed the whistle blower publicly so their users would retaliate against the whistle blower. When the CEO (Matthew Prince) was confronted about this, he said the whistle blower “should have used a fake name”. Effectively, the whistle blower was held responsible for the trust they extended.

OK and as for offline methods to use commercial services, like games, I think in this case your goal is privacy. However I think this demand is fairly unreasonable as well. Obviously there are certain services that require online access, like real-time chat applications.

It depends on the game. If Tetris were to fail to install because the binary blob could not gather your personal details and a ton of hardware serial numbers to then send back to the mothership despite the game play not even having an online element, the connectivity requirement is unreasonable – abusively so.

The problem is that any company can construct artificial reasons for why they need online access, or even data collection. Youtube can say that they require personal data to curate your feed. You already mentioned that data minimization laws were ineffective. I don’t see how you can reasonable expect companies bend over backwards to provide offline access, when it’s far simpler for them to just make up a reason for why they need online access, or why they need your personal data.

You seem to be suggesting “it’s hopeless to expect corporations to comply with laws, so why bother?” Europe has decided for its people that data minimisation is a good idea; enough to warrant enshrining it into law. Enforcement is lax and sloppy but this is likely down to the law having quick dramatic effect. I believe enforcement diligence will gradually improve.

Of course corps will present their best excuses for why they process data abusively. The EDPB produces guidelines about what excuses are acceptable and which are not. And courts weigh-in on it and determine proportionality. If you are a company in Europe and want to avoid trouble, try not to fuck around with trying to process data in some compromising and unnecessary way.

I just want to make sure the government can’t ban encryption and anonymizing services like Tor.

That’s a low standard of privacy. Note that “ban” is vague here. I assume you mean that you merely oppose the gov legislating a prohibition on tor. But the reality is that the IT dude in the gov server room decides: “I’m tired of reviewing all these false intrusion alarms… I want my worktime to be easier going, so I’ll just block Tor at the firewall so I have more time to hang out at the coffee machine”. And just like that by someone’s off-the-cuff whim the whole public loses their privacy in the course of trying to get public service online, as there is no law explicitly stating that public services cannot block Tor.

W.r.t encryption, I don’t think any gov agencies outside of Germany even publish PGP keys for encrypted email. So the protection of encryption is effectively denied by all govs in most situations as a consequence of mere passive inaction.

I’m not forcing companies to perform certain actions, I’m preventing certain consumer actions from being criminalized.

Yet IIUC you are apparently okay with govs forcing people to engage with private companies that make reckless choices. It’s not a live-and-let-live stance. If it’s okay for companies to be reckless, then what gives? A right to avoid such companies (to boycott) is even more paramount.