I think it's interesting because the 1990s ended with the government pretty much giving up. There was a recognition that encryption was important. In 2000, the government considerably loosened the export controls on encryption technology and really went about actively encouraging the use of encryption rather than discouraging it.

If it were possible to hold onto this sort of database and really be assured that only good guys get access to it, we might have a different discussion. Unfortunately, we don't know how to build systems that work that way. We don't know how to do this without creating a big target and a big vulnerability.

From a policymaker's point of view, [the back door] must look like a perfect solution. "We'll hold onto a separate copy of the keys, and we'll try to keep them really, really safe so that only in an emergency and if it's authorized by a court will we bring out those keys and use them." And, from a policy point of view, when you describe it that way, who could be against that?

It's only after you get down into the technical weeds - and they are admittedly rather weedy - that it becomes clear that this is much harder than it seems and not something we're going to be able to solve.

When the September 11th attacks happened, only about a year later, the crypto community was holding its breath because here was a time when we just had an absolutely horrific terrorist attack on U.S. soil, and if the NSA and the FBI were unhappy with anything, Congress was ready to pass any law they wanted. The PATRIOT Act got pushed through very, very quickly with bipartisan support and very, very little debate, yet it didn't include anything about encryption.

We basically have only two real tried and true techniques that can help counter this. One of them is to make systems as simple as we can, and there are limits to that because we can only simplify things so much. The other is the use of encryption.

As the local police department might want to decrypt a phone of a criminal suspect, so would the Chinese or the Russian or the Iranian intelligence agencies like to be able to do exactly the same thing.